Resource Center / Infographics / Key Dates of Federal Data Privacy Reform in Australia
Key Dates of Federal Data Privacy Reform in Australia
This resource provides a brief overview of federal privacy reform efforts in Australia and what might be expected going forward.
Last updated: October 2024
Contributor:
This resource provides a brief overview of federal privacy reform efforts in Australia and what might be expected in the fourth quarter of 2024 and into 2025. The IAPP would like to thank Michael Park of Dentons for his assistance with this resource.
The IAPP additionally hosts an "Australia and New Zealand" topic page, which regularly updates with the latest regional news and resources.
Navigate timeline:
1990s, 2000s, 2010s, 2020s, What to expect
1 Jan. 1989
Privacy Act 1988
• Established the Office of the Privacy Commissioner within the Human Rights and Equal Opportunity Commission.
• Set forth the Information Privacy Principles applicable to Australian government departments and agencies.
24 Sept. 1991
Privacy Amendment Act 1990
• Went into effect, regulating credit reporters and providers that handle consumer credit reports and data.
1 July 1997
Telecommunications Act 1997
• Established the regulatory functions of the privacy commissioner for personal information held by telecom companies.
1 July 2000
Privacy Amendment (Office of the Privacy Commissioner) Act 2000
• Went into effect, creating the Office of the Privacy Commissioner, which took over privacy operations from the Human Rights and Equal Opportunity Commission.
21 Dec. 2001
Privacy Amendment (Private Sector) Act 2000
• Went into effect, extending the scope of the Privacy Act to some private entities, including large businesses and health service providers.
• Introduced the National Privacy Principles, applicable to private sector organizations, into the Privacy Act.
• Clarified the distinction between personal information, sensitive information and health information under the Privacy Act.
14 Sept. 2006
Privacy Legislation Amendment Act 2006
• Went into effect, adding genetic information to the definitions of health and sensitive information under the Privacy Act.
1 Nov. 2010
Australian Information Commissioner Act 2010
• Went into effect, creating the Office of the Australian Information Commissioner, which integrated the former Office of the Privacy Commissioner.
12 March 2014
The Privacy Amendment (Enhancing Privacy Protection) Act 2012
• Went into effect, replacing the previous Information Privacy Principles and National Privacy Principles with a new set of 13 Australian Privacy Principles.
• Granted new enforcement powers to the information commissioner.
22 Feb. 2018
The Privacy Amendment (Notifiable Data Breaches) Act 2017
• Went into effect, requiring all entities subject to the Privacy Act to notify impacted individuals and the OAIC of data breaches likely to result in serious harm.
12 Dec. 2019
Review of the Privacy Act
• Announced by the Attorney-General as a response to the inquiry conducted by the Australian Competition and Consumer Commission on digital platforms.
1 July 2020
Consumer Data Right
• Launched with the banking sector's sharing of consumer data when requested by the customer.
30 Oct. 2020
Review of the Privacy Act 1988
• Published an issues paper as part of the Privacy Act comprehensive review.
25 Oct. 2021
Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021 (the Online Privacy Bill)
• Published the online privacy bill exposure draft, explanatory paper and regulatory impact statement as part of the consultation process.
7 Feb. 2022
Facebook v. Australian Information Commissioner 2022
• Confirmed an earlier ruling from a prima facie case that said Facebook (now Meta) "carries on business" and collects personal information in Australia.
12 Oct. 2022
Telecommunications Amendment (Disclosure of Information for the Purpose of Cyber Security) Regulations 2022
• Went into effect, imposing greater privacy requirements.
• Enabled the government and certain financial services providers to request customer data from telecom companies in response to cybersecurity incidents.
13 Dec. 2022
Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022
• Went into effect for a period of 12 months, introducing increased penalties for serious and/or repeated privacy breaches.
• Strengthened the powers of the OAIC to resolve breaches.
• Introduced new information-sharing powers to facilitate engagement with domestic regulators and international counterparts.
• Expanded the scope of compliance to include more foreign organizations.
16 Feb. 2023
Privacy Act Review Report
• Released and proposed 116 recommendations that emerged from stakeholders' input since 2020.
• Acknowledged that Australia's digital economy has led to innovation and increased productivity, but also raised concerns about data breaches and privacy.
3 May 2023
Restructuring of the OAIC
• Announced the return to a three-commissioner format, including a standalone privacy commissioner dedicated to handling data breach matters, announced by the Attorney-General.
• Expanded funding an additional AUD17.8 million for the agency.
28 Sept. 2023
Response to the Privacy Act Review Report
• Outlined the government's response to the Privacy Act Review Report recommendations.
• Agreed to 38 proposals, agreed in-principle to 68 proposals and noted 10 proposals out of the report's 116 recommendations.
27 Nov. 2023
Changing of the Guard
• Appointed lawyer Carly Kind as Australia's new sole privacy commissioner, effective February 2024.
• Noted incumbent Commissioner Angelene Falk will serve the remaining six months of her term as the dedicated information commissioner after the reorganization of the OAIC.
26 Feb. 2024
Assumption of office
• Privacy Commissioner Carly Kind commenced in her role.
11 March 2024
Public consultation on privacy reforms
• The Attorney-General commenced public consultation on proposed privacy reforms and received 97 written submissions from businesses, representative bodies, not-for-profit groups, academics and individuals.
13 March 2024
Roundtable on doxxing
• The Attorney-General conducted a roundtable on doxxing regarding privacy reform with selected Commonwealth stakeholders, including the eSafety and privacy commissioners.
9 May 2024
New information commissioner
• The Attorney-General announced the appointment of Elizabeth Tydd as Australian Information Commissioner commencing 16 Aug. 2024, following the conclusion of Angelene Falk's term.
12 Sept. 2024
The Privacy and Other Legislation Amendment Bill 2024
• The Privacy and Other Legislation Amendment Bill 2024 was introduced to the Australian Parliament and read for the first time. It contains the first batch of proposed reforms.
19 Sept. 2024
Referral to the Senate
• The Privacy and Other Legislation Amendment Bill 2024 was referred to the Senate Legal and Constitutional Affairs Legislation Committee for inquiry and report by 14 Nov. 2024.
• Continued passage of the bill through Parliament, possibly with some amendments.
• Further public consultation related to the next tranche of reforms constituting proposals agreed in principle by the government.
• The next federal election is due by May 2025, so progress on the second tranche of privacy law reform will likely depend on its outcome.