Don’t underestimate Australia’s new privacy protection laws

The privacy regime imposed by the PAA is easily as strict as any in the EU, and has the potential to be even stricter

Sweeping changes to Australia’s privacy laws that took effect on March 12, 2014, make the country a global standard-setter in protecting its citizens’ personal data. A comprehensive update of Australian privacy laws, the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (PAA), imposes specific requirements regarding the collection, storage and use of consumers’ personal information on companies that do business in Australia and have revenue of over $3 million. The Office of the Australian Information Commissioner (AIC) is empowered to enforce the PAA’s mandates by imposing fines of up to $1.7 million for serious or repeated invasions of privacy.

At first blush, the requirements imposed by the PAA may seem of a piece with those imposed by the European Union and other privacy-centric jurisdictions, and with the privacy principles promulgated by the Obama Administration. Indeed, the thirteen new Australian Privacy Principles (APPs) established by the PAA (which replace the existing National Privacy Principles and Information Privacy Principles) strike many of the same notes as the Consumer Privacy Bill of Rights proposed by the White House in February 2012: transparency, access, accuracy, security, and so forth, the “usual suspects” in privacy regulation.

Contributing Author

author image

Kit Winter

Kit Winter is a member at law firm Dykema Gossett in Los Angeles and focuses on internet, intellectual property and business litigation. He can be...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.