Australia's privacy laws are stuck in the 1980s, when consumer data collected by businesses was often limited to home phone numbers and home addresses. Now with highly advanced digital technology becoming more common, businesses are collecting more data – from email addresses and IP addresses to shopping behaviour, browsing history, and even biometric datalike facial features and genetic code.
The Privacy Act Review is a chance to reset this power imbalance to create a fairer and safer system. Modernising Australia's privacy laws will make them more fit-for-purpose in an increasingly digital world, and create an even playing field between consumers and businesses. In this Review, CHOICE has identified three key priority areas to make a fairer market possible:
- Establish a "fair and reasonable" test for data collection. This strengthened definition will require businesses to only collect and use data for the purpose of providing consumers with a good or service, and remove unneeded data in a timely manner.
- A broader definition of "personal information". A broader definition of personal information which includes information that "relates to" an individual will ensure the privacy framework is relevant in today's digital environment.
- Ensure people have stronger consumer protections from all businesses and harmful emerging practices. Urgent regulation of emerging harms including automated decision-making ('ADM') and facial recognition is needed to protect people from harm. The small business exemption should also be removed to ensure people have consistent protections.
Download submission (PDF)
- Submission to the Attorney-General's Department on the Review of the Privacy Act
- Submission to the Legal and Constitutional Affairs Committee on Privacy Legislation Amendments
- What are loyalty schemes like Flybuys and Everyday Rewards doing with your data?
- What to do if you've been caught up in the Optus data breach
Stock images: Getty, unless otherwise stated.