5 ways businesses can prepare for the first tranche of Australian privacy reforms

"Un tranche de vie" is a late 1800s theatrical saying translating to an authentic "slice of life." So, too, the Privacy and Other Legislation Amendment Bill 2024 introduced in Parliament in September gives us a little slice of privacy reforms truly needed in Australia.

The bill reflects 23 reforms to Australia's Privacy Act and other changes agreed to by the government last September, with the remaining 83 reforms directed for legislative change expected in a second tranche next year or later.

The first tranche of reforms will not see a material transformation of privacy practices for businesses covered by the Privacy Act. They are, however, a critical first step to evolve Australia's privacy laws. The reforms will better address advancements and rapid adoption of digital technologies, safeguarding Australians' privacy rights over their personal information and protections against digital harms, particularly for children.

The first tranche of reforms come into force when the bill passes, with requirements around automated decision-making and children's privacy taking effect two years later. Businesses should prepare to integrate each reform into their privacy programs, products and operations, raising any risks and endorsements needed from executives and the board.

1. Provide greater transparency on automated decisions that use personal information

Under the bill, businesses will need to include specific information in their privacy policies regarding the use of personal information to make or do a thing directly related to automated-decision making that significantly affects the rights or interests of an individual. The automated decisions must be conducted by computer programs, which are a pre-programmed rule-based process, artificial intelligence, or machine learning process to make a computer execute a task. They include decisions made under regulation or agreement, or to access a significant service or support.