Resource Center / Infographics / Key Dates of Federal Data Privacy Reform in Australia

Key Dates of Federal Data Privacy Reform in Australia

This resource provides a brief overview of federal privacy reform efforts in Australia and what might be expected going forward.


Last updated: December 2024


Contributor:


Click to View (PDF)

This resource provides a brief overview of federal privacy reform efforts in Australia and what might be expected in 2025. The IAPP would like to thank Michael Park of Dentons for his assistance with this resource.

The IAPP additionally hosts an "Australia and New Zealand" topic page, which regularly updates with the latest regional news and resources.

Navigate timeline:
1990s, 2000s, 2010s, 2020s, What to expect

1990s

1 Jan. 1989

Privacy Act 1988

• Established the Office of the Privacy Commissioner within the Human Rights and Equal Opportunity Commission.

• Set forth the Information Privacy Principles applicable to Australian government departments and agencies.


24 Sept. 1991

Privacy Amendment Act 1990

• Went into effect, regulating credit reporters and providers that handle consumer credit reports and data.


1 July 1997

Telecommunications Act 1997

• Established the regulatory functions of the privacy commissioner for personal information held by telecom companies.

2000s

1 July 2000

Privacy Amendment (Office of the Privacy Commissioner) Act 2000

• Went into effect, creating the Office of the Privacy Commissioner, which took over privacy operations from the Human Rights and Equal Opportunity Commission.


21 Dec. 2001

Privacy Amendment (Private Sector) Act 2000

• Went into effect, extending the scope of the Privacy Act to some private entities, including large businesses and health service providers.

• Introduced the National Privacy Principles, applicable to private sector organizations, into the Privacy Act.

• Clarified the distinction between personal information, sensitive information and health information under the Privacy Act.


14 Sept. 2006

Privacy Legislation Amendment Act 2006

• Went into effect, adding genetic information to the definitions of health and sensitive information under the Privacy Act.

2010s

1 Nov. 2010

Australian Information Commissioner Act 2010

• Went into effect, creating the Office of the Australian Information Commissioner, which integrated the former Office of the Privacy Commissioner.


12 March 2014

The Privacy Amendment (Enhancing Privacy Protection) Act 2012

• Went into effect, replacing the previous Information Privacy Principles and National Privacy Principles with a new set of 13 Australian Privacy Principles.

• Granted new enforcement powers to the information commissioner.


22 Feb. 2018

The Privacy Amendment (Notifiable Data Breaches) Act 2017

• Went into effect, requiring all entities subject to the Privacy Act to notify impacted individuals and the OAIC of data breaches likely to result in serious harm.


12 Dec. 2019

Review of the Privacy Act

• Announced by the Attorney-General as a response to the inquiry conducted by the Australian Competition and Consumer Commission on digital platforms.

2020s

1 July 2020

Consumer Data Right

• Launched with the banking sector's sharing of consumer data when requested by the customer.


30 Oct. 2020

Review of the Privacy Act 1988

• Published an issues paper as part of the Privacy Act comprehensive review.


25 Oct. 2021

Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021 (the Online Privacy Bill)

• Published the online privacy bill exposure draft, explanatory paper and regulatory impact statement as part of the consultation process.


7 Feb. 2022

Facebook v. Australian Information Commissioner 2022

• Confirmed an earlier ruling from a prima facie case that said Facebook (now Meta) "carries on business" and collects personal information in Australia.


12 Oct. 2022

Telecommunications Amendment (Disclosure of Information for the Purpose of Cyber Security) Regulations 2022

• Went into effect, imposing greater privacy requirements.

• Enabled the government and certain financial services providers to request customer data from telecom companies in response to cybersecurity incidents.


13 Dec. 2022

Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022

• Went into effect for a period of 12 months, introducing increased penalties for serious and/or repeated privacy breaches.

• Strengthened the powers of the OAIC to resolve breaches.

• Introduced new information-sharing powers to facilitate engagement with domestic regulators and international counterparts.

• Expanded the scope of compliance to include more foreign organizations.


16 Feb. 2023

Privacy Act Review Report

• Released and proposed 116 recommendations that emerged from stakeholders' input since 2020.

• Acknowledged that Australia's digital economy has led to innovation and increased productivity, but also raised concerns about data breaches and privacy.


3 May 2023

Restructuring of the OAIC

• Announced the return to a three-commissioner format, including a standalone privacy commissioner dedicated to handling data breach matters, announced by the Attorney-General.

• Expanded funding an additional AUD17.8 million for the agency.


28 Sept. 2023

Response to the Privacy Act Review Report

• Outlined the government's response to the Privacy Act Review Report recommendations.

• Agreed to 38 proposals, agreed in-principle to 68 proposals and noted 10 proposals out of the report's 116 recommendations.


27 Nov. 2023

Changing of the Guard

• Appointed lawyer Carly Kind as Australia's new sole privacy commissioner, effective February 2024.

• Noted incumbent Commissioner Angelene Falk will serve the remaining six months of her term as the dedicated information commissioner after the reorganization of the OAIC.


26 Feb. 2024

Assumption of office

• Privacy Commissioner Carly Kind commenced in her role.


11 March 2024

Public consultation on privacy reforms

• The Attorney-General commenced public consultation on proposed privacy reforms and received 97 written submissions from businesses, representative bodies, not-for-profit groups, academics and individuals.


13 March 2024

Roundtable on doxxing

• The Attorney-General conducted a roundtable on doxxing regarding privacy reform with selected Commonwealth stakeholders, including the eSafety and privacy commissioners.


9 May 2024

New information commissioner

• The Attorney-General announced the appointment of Elizabeth Tydd as Australian Information Commissioner commencing 16 Aug. 2024, following the conclusion of Angelene Falk's term.


12 Sept. 2024

The Privacy and Other Legislation Amendment Bill 2024

• The Privacy and Other Legislation Amendment Bill 2024 was introduced to the Australian Parliament and read for the first time. It contains the first batch of proposed reforms.


19 Sept. 2024

Referral to the Senate

• The Privacy and Other Legislation Amendment Bill 2024 was referred to the Senate Legal and Constitutional Affairs Legislation Committee for inquiry and report by 14 Nov. 2024.


29 Nov. 2024

Approval of first tranche of proposed Privacy Act reforms

• The Privacy and Other Legislation Amendment Bill 2024 was passed by both houses of Parliament. This represents the first tranche of amendments to the Privacy Act arising from its years-long review.

What to expect in 2025

• Further public consultation on the next tranche of proposals that the government has agreed to in principle.

• Progress on the second tranche of reforms after the next federal election, which is expected to occur by May 2025.