Menu Search through site content What are you looking for?

Shaping privacy law reform

  • Legal Development 27 October 2021 27 October 2021
  • Asia Pacific

On Monday 25 October 2021 the Australian Attorney-General’s Department (AGD) released its further Privacy Act Review Discussion Paper October 2021 (DP) as part of its review of the Privacy Act 1988 (Cth) (Privacy Act). The AGD is now inviting the public to provide feedback submissions to these proposals to later inform its Final Report.

The proposals set out in the DP are made in response to the submissions to the Privacy Act Review Issues Paper - October 2020 and its terms of reference (Issues Paper). Unless significant negative feedback is received we believe these proposals are what will be put forward in the Final Report.

Key themes of the DP

The DP contains substantial proposals, questions and requests for further feedback focusing on the three key themes of:

  • Part 1: Scope and Application of the Privacy Act
  • Part 2: Notice and consent and additional protection in the use, collection and disclosure of personal information
  • Part 3: Regulation and enforcement

Part 1: Scope and Application of the Privacy Act: making it clearer

These proposals suggest clarifying the scope, application and removing any current ambiguity in relation to such in the Privacy Act by a series of definition changes, amending the objects in Section 2A and introducing flexibility into the Australian Privacy Principles (APPs).

Part 2: Notice and consent and additional protections in the use, collection and disclosure of personal information: transparent and consistent

These proposals highlight improvements in the collection, use and disclosure of personal information, introducing specific “spelt out” requirements for APP 5 notices, fairness and accountability, consent requirements with additional protections, privacy default settings, increased protection in children’s privacy and suggestions of international harmonisation with privacy regimes overseas to better facilitate cross-border transfers of information.

Part 3: Enforcement – stronger direct mechanisms

Of note, feedback is being sought on a raft of proposals in the DP for a more proactive enforcement of privacy law such as defining additional enforcement mechanisms (for example, tiered civil penalties, an infringement notice regime, Federal Court orders and allowing the Information Commissioner to undertake public inquiries). In addition, a direct right of action for individuals and alternative regulatory models such as the use of an external dispute resolution process or a Federal Privacy Ombudsman have been raised for feedback. Also, generalised options for a statutory tort for invasions of privacy have been raised again.

Current exemptions: ‘to be continued’

While many submissions to the Issues Paper challenged the current exemptions under the Privacy Act, the DP doesn’t provide for reform proposals in this area. Instead the DP provides a variety of options per exemption with questions seeking further feedback. The intent here is to consider this feedback with anticipated future regulatory review on the adaption and/or removal of the current exemptions in the Privacy Act in addition to the feedback received in Part 2.

Give your feedback

Whether you are an individual consumer wanting to better protect and control your information online or a private sector organisation looking to manage personal information and carry out your functions or one of the many stakeholder representative organisations, academics, research centers, industry peak bodies, consumer and privacy advocates, Commonwealth and State, Territory public sector agencies, there are substantial measured proposals in the DP for you to address and affect privacy law in Australia. Otherwise, we expect that any proposals not vigorously objected to will ‘get through’ to the Final Report and will likely become law.

To make a submission in response to the proposals and questions in the DP or any matter in the terms of reference, submissions should be made by 10 January 2022 via the Attorney- General’s Department’s website Privacy Act Review – Discussion paper - Questions about you - Attorney-General's Department - Citizen Space ( or by email

How can we help?

Clyde & Co has the largest dedicated cyber incident response and privacy advisory practice in Australia and New Zealand and has more 5-Star Cyber Lawyers than any other firm. Our experienced team has dealt with thousands of data breach and technology-related disputes in recent times, privacy reviews, assessments and solutions advices, including a number of the largest and most complex incidents in Asia-Pacific to date.

From pre-incident readiness reviews, solutions and advice, breach response, through to defence of regulatory investigations and proceedings, as well as recovery actions against wrongdoers, we assist clients globally across the full cyber lifecycle. Our team is also highly regarded for their expertise and experience in financial services information technology prudential requirements and managing all forms of disputes across sectors including advising on some of the most newsworthy class actions commenced in Australia.

Our 24-hour cyber incident response hotline or email allows you to access our team directly around the clock. For more information, contact us on:

Australia: +61 2 9210 4464

New Zealand: +64 800 527 508


Stay up to date with Clyde & Co

Sign up to receive email updates straight to your inbox!