AUSTRALIA Trends and Developments Contributed by: Dennis Miralis and Jack Dennis, Nyman Gibson Miralis
and X; while excluding messenger, online gam - ing, health and educational-focused services. Any platforms where an “account” is not needed (eg, Youtube) will not be caught. Privacy Act On 28 September 2023, the Australian govern - ment published its response to the Attorney- General’s Department’s Privacy Act Review Report (the “Review”). The Review contained 116 proposals to amend the current Privacy Act 1988 (Cth) (the “Privacy Act”) to better align Australia’s privacy laws with global standards of information privacy protection. Of the 116 proposals in the Report, the govern - ment has “agreed” to 38 proposals and “agreed in-principle” to 68 others. A year later, and Australia has seen the first tranche of resulting reforms. The Privacy and Other Legislation Amendment Act 2024 (Cth) took effect on 10 December 2024, and: • introduces a new tort for serious privacy inva - sions; • expands Office of the Information Commis - sioner’s (OAIC) enforcement powers, includ - ing information-gathering powers concerning actual or suspected eligible data breaches; • introduces the long-awaited automated decision-making requirements; • introduces an adequacy regime (a “white list”) specifying jurisdictions with which Australian companies may more freely share data; • criminalises doxing; and • clarifies that APP11 of the APPs (Australian Privacy Principles) (ie, APP entities must take active measures to ensure the security of personal information it holds) includes both technical (eg, IT expertise) as well as more general organisational training.
The Attorney-General’s Department has indi - cated that it will start consulting on the sec - ond tranche of privacy reforms soon, which will likely reflect the remaining proposals that were “agreed”, and potentially those “agreed in-prin - ciple”. Reflections on the Anti-Encryption Legislation In a world-first initiative, the Telecommunications (Assistance and Access) Act 2018 (Cth) granted the Department of Home Affairs the power to request or compel assistance from telecommu - nications providers and technology companies in accessing encrypted communications, such as Technical Assistance Requests (TARs). According to evidence from the Parliamentary Joint Committee on Intelligence and Security (PJCIS) in 2020, the Australian Security Intel - ligence Organisation (ASIO) has issued “fewer than 20” TARs, the AFP has issued eight, and the New South Wales Police Force has issued 13. At this point, these requests were (reportedly) complied with on the most part (if not all). Since then, the ASIO Director has stated that “encryption damages intelligence coverage” in all priority counter-terrorism and counter-espio - nage cases; but instead of flagging an increased use of these powers, has called for “tech compa - nies to do more […] to give effect to the existing powers and to uphold existing laws”. This tact calls into question the utility of the powers and authorities’ capacities to properly wield them. Responses, Investigations and Enforcement Sanctions On 23 January 2024, Australia imposed a cyber sanction under the Autonomous Sanctions Act 2011 (Cth) on Russian national Aleksandr Erma - kov for his role in the compromise of Medibank Private in 2022. This sanction was the first such
35
CHAMBERS.COM
Powered by FlippingBook