Privacy Laws: Australia Reforms a Long Time Coming

We're 15 months out from the changes becoming law. What impact will the overhaul have?

On 29 November 2012 the Australian Parliament passed changes to the Privacy Act. These changes have been a long time in the making and involve a substantial increase in the power of the Australian Information Commissioner and penalties of up to $1.1 million for serious breaches.

According to the Attorney-General's Department, "Australia's privacy laws have been brought into the digital age" and that the changes are in response to social media and the increasing role that the internet plays in our lives. The Attorney General says the reforms "give consumers more power to opt out of direct marketing." So how will they reforms impact you and your business?


The Privacy Act was first introduced in 1988. The Information Privacy Principles (IPPs) of the act govern the use and storage of personal information, not only by companies but also by government agencies. The act also obliges those storing personal information to ensure data is neither lost, leaked or exploited. It also provides every Australian with the right to know which personal information is being stored and used as well as who will be viewing it.

In 2006 the Attorney-General authorised an inquiry into the act and related laws as to what extent they still provided an effective framework for the protection of privacy in Australia. The resulting document, a three volume report containing 74 chapters and more than 295 recommendations for reform, took 18 months to complete. The document called for major changes to the act.


A number of changes to the Privacy Act will take effect in March 2014. The act introduces 13 Australian Privacy Principles (APPs) with which Australian government agencies and the private sector must comply, a handful of which deal directly with marketing.

The Association for Data-driven Marketing & Advertising (ADMA) is Australia's leading association for data-driven marketing and advertising. ADMA successfully managed to lobby Parliament in the late stage of the legislation process to make a number of edits to the reform, removing the requirement to include opt-out messages on all marketing communications and the prohibition on direct marketing.

ADMA CEO Jodie Sangster says that government and parliamentary committees have produced workable changes and updates within the reform. But she points out that these reforms were aimed at "yesterday's problems," leaving ambiguity around the impact of the law reform on the use of social media and online channels.

Impact for Businesses

This year the Office of the Australian Information Commissioner (OAIC) says it will help businesses and government agencies abide by the new APPs by providing guidelines and other materials with everyday examples. You can find more resources available at

In a recent video announcement, the Commissioner asked businesses to start thinking about how the changes differ to current privacy policies and business processes.

Under this law, businesses and government agencies will be required to provide users with some form of 'easy' opt-out to prevent personal information being stored for the purposes of direct marketing or targeted advertising.

ADMA has said it will work with the Commissioner to put forth guidelines businesses can use.

So over the next 15 months we can observe with bated breath whether and how successful the OAIC, industry and ADMA will work together and cooperate in making the new legislation enforceable and workable for all parties. We can hope that they arrive at an agreement or at least consensus that will not impede the development of Australia's digital economy.