On the 16th of February 2023 the Australian Attorney-General’s Department released the much anticipated, Privacy Act Review Report. The proposed reforms aim to strengthen privacy protections to support technological advancements and digital innovations. The report follows the publication of an Issues Paper released in October 2020 and a Discussion Paper, released in October 2021, forming an extensive review of the Privacy Act 1988.

Australian Information Commissioner and Privacy Commissioner, Angelene Falk, noted, “As the world has become increasingly connected and information flows more complex, our privacy laws need to adapt to ensure that personal information is protected and handled fairly.”

In recent years we have become all too aware of the risk of data breaches and the potential loss of highly sensitive personal information. Hence, the Review aptly focuses on the vulnerability of people’s information.

Key proposals to be aware of

Increased control over personal information

The Review highlights the need to give individuals more control over their personal information. Individuals want greater transparency on how personal and sensitive information is being collected and used. The Review proposes a number of individual rights, such as the right to object, to request erasure of information (in limited circumstances), and to have search results de-indexed.

Stronger privacy policies and collection notices

It is proposed that an express requirement should be introduced in the Australian Privacy Principles (APP 5) that requires collection notices to be clear, up-to-date, concise, and understandable.

The definition of consent would also be amended to provide that it must be voluntary, informed, current, specific, and unambiguous. The Review also proposes the right to opt-out of receiving targeted advertising and content.

Additional protection for children

The Review proposes several protections specifically in relation to children. These include the introduction of a Children’s Online Privacy Code that applies to online services that are ‘likely to be accessed by children’.

Stricter notification requirements

The Review outlines a proposal for organisations to be required to notify individuals in the event of a data breach that is likely to result in serious harm. Individuals have a right to opt-out of receiving targeted advertising and content. The Review goes on to note any permitted targeting must be ‘fair and reasonable’ and come with transparency requirements about the use of algorithms and profiling to recommend content to individuals. 

Improved regulation and enforcement

Significant reforms are proposed to bolster the enforcement of the Privacy Act including new civil penalties, such as the introduction of a statutory tort for serious invasions of privacy. Under the new proposal, the Office of the Australian Information Commissioner would have more regulatory response options in line with a tier of civil penalty provisions.

Removal of Small Business Exemptions

The Review proposes that small businesses should, in the future, be covered by the Privacy Act. Businesses with an annual turnover less than $3 million are currently exempt from the Privacy Act. Though it is recommended that an impact analysis would be needed to better understand the implications of removing the exemption on small businesses, to then outline an appropriate support package for small businesses.

What you can do

Share your feedback

The Government are gathering feedback from the public and private entities, based on the 116 recommendations outlined in the report. The deadline to share feedback on the proposed reforms until March 31.

Share your feedback: https://consultations.ag.gov.au/integrity/privacy-act-review-report/

Focus on security and privacy

Regardless of changes to the Privacy Act, all businesses should be aware of potential risks from data breaches, cyber attacks, and more. Run an audit of your current cyber security measures and online presence to better understand areas of concern. Outline best practice cyber security and privacy controls for your business.

Update your privacy policy and business guidelines

Take time to read through the complete report to learn more about the recommendations outlined and how they could impact your business. Review and update your organisation’s current privacy policy and guidelines to ensure you are prepared for the upcoming changes to the law.

It is important that you ensure you have a clear and comprehensive privacy policy in place, we can assist you in updating your privacy policy. At FAL Lawyers, we are committed to making sure that you receive the right advice tailored to suit your needs. Contact us to book a free consultation today.  


If you have any queries on this topic or need assistance updating your privacy policy, please do not hesitate to contact our team.


The contents of this article does not constitute legal advice and should not be relied upon as such. If this article pertains to any matters you or your organisation may have, it is essential that you seek legal and relevant professional advice. 

Interested to find out more? Feel free to contact us today.