Australia's proposed new Privacy Principles have been released in draft form. Submissions to government regarding the draft legislation are due by 27 July 2010.

Key changes to the law in the draft legislation are:

  • cross border disclosures: an increase in the potential liability of an Australian entity (to Australian individuals) for acts of an offshore entity that are inconsistent with the new Australian Privacy Principles (APPs);
  • direct marketing: the use and disclosure of personal information for the purpose of direct marketing is restricted; and
  • privacy policies and notices: additional information will need to be included in privacy policies and notices.

The draft principles will apply to all private sector organisations conducting business in Australia and all Commonwealth government agencies that handle personal information. All organisations will need to review their privacy policies, notices and practices to ensure that they can comply with the APPs.

What you need to do

The Government has invited submissions from interested parties.

Should you wish to make a submission and require assistance, please do not hesitate to contact us. Submissions are due by 27 July 2010.

Background

The federal government has released draft legislation for Australia's proposed new 'Australian Privacy Principles'. The APPs merge and change previously different principles that applied to organisations in the private sector, on one hand, and the public sector, on the other hand.

Key changes to the existing requirements are set out below (assuming that the draft legislation is not changed by the Senate committee reviewing it).

Cross border disclosures

The draft legislation deems an act done by an overseas recipient of personal information, to be an act done by the Australian disclosing entity, subject to some exceptions. This means that generally, any interference by the overseas recipient will be deemed to be an interference by the Australian entity. This will be the case even if the Australian entity takes reasonable steps to safeguard the privacy of individuals in relation to the cross border disclosures.

This new regime will have significant implications for Australian entities that disclose information to offshore entities and means that contractual mechanisms for monitoring compliance by offshore entities and remedies for failing to do so, will need to be rigorous.

Direct marketing

The draft legislation represents a more restrictive regime. Essentially, direct marketing will only be permitted:

  • in the case of direct collection of the recipient's information, where the recipient would reasonably expect direct marketing as a result; and
  • in the case of indirect collection of the recipient's information (or where the recipient does not reasonably expect direct marketing as a result of a direct collection):
    • if the individual has consented to direct marketing; or
    • if it is impractical to obtain consent.

In any case, an easy and prominent opt-out mechanism must be provided.

This aligns direct marketing requirements more closely with the more stringent requirements related to spam and the Do Not Call Register.

Privacy policies and notices

The APPs contain increased disclosure requirements related to the collection, use and disclosure of personal information. This means that the following information will need to be included:

  • in privacy policies:
    • how individuals can complain about interferences with privacy and how the entity will deal with it; and
    • whether the entity is likely to disclose personal information to an overseas recipient and, if so, the countries in which such recipients are likely to be located; and
  • in privacy notices:
    • if the individual may not be aware of the collection of his or her personal information, the fact of collection;
    • that the entity's privacy policy contains information about how individuals can complain about interferences with privacy and how the entity will deal with it; and
    • whether the entity is likely to disclose personal information to an overseas recipient and, if so, the countries in which such recipients are likely to be located.

© DLA Phillips Fox

DLA Phillips Fox is one of the largest legal firms in Australasia and a member of DLA Piper Group, an alliance of independent legal practices. It is a separate and distinct legal entity. For more information visit www.dlaphillipsfox.com

This publication is intended as a first point of reference and should not be relied on as a substitute for professional advice. Specialist legal advice should always be sought in relation to any particular circumstances.