GDPR matchup: Australia's Privacy Act 1988
Contributors:
Tim de Sousa
AIGP, CIPP/E, CIPM, FIP
Managing Director, Technology, Privacy, Information Governance and Tech Ethics
FTI Consulting
Editor's note: This article was originally published 11 Oct. 2017 as part of a series that matched laws from across the globe to the EU General Data Protection Regulation. This article has been updated to include the latest developments to Australia's Privacy Act in December 2024.
The IAPP is policy neutral. We publish contributed opinion and analysis pieces to enable our members to hear a broad spectrum of views in our domains.
The Privacy Act (cth) is the foundation of Australia's national privacy regulatory regime. Its genesis lies in the 1980 guidelines issued by the Organisation for Economic Co-operation and Development. Since it came into force in 1988, the Privacy Act has undergone four key rounds of amendments: the expansion of the application of the act to private sector businesses in 2000, the extensive updates to the act in 2014 following a comprehensive review by the Australian Law Reform Commission and a significant expansion to the civil penalties available under the act in 2022.
More recently, in 2024, the first tranche of amendments following a lengthy review process commenced in 2021. This first tranche included amendments to the powers of the regulator, new rules around overseas disclosures, and new transparency requirements. A second tranche will be required to implement the bulk of accepted reform proposals, however, this has not yet been scheduled at publication time.
Contributors:
Tim de Sousa
AIGP, CIPP/E, CIPM, FIP
Managing Director, Technology, Privacy, Information Governance and Tech Ethics
FTI Consulting