Australia is an active member of the 5 Eyes Alliance, including the USA, Canada, the UK, and New Zealand. Therefore, the Australian government has access to alot of online data for the sake of national security. Owing to such circumstances, there are some concerns about the adequacy of the current legal framework and laws to protect the online privacy of Australian citizens.
As an individual, it is your responsibility to protect yourself online and protect your personal information. To give you an idea of what is the state of online privacy in Australia, here is a brief overview of the online privacy laws in Australia that you must know about.
The Federal Privacy Act 1988
The Federal Privacy Act 1988 is one of the most important laws in Australia that deals with the online privacy of citizens. This law focuses on the protection of the privacy of the citizens of Australia by private organizations. It incorporates businesses with an annual turnover of $3 million or more. These include:
- Private health sector companies
- Residential tenancy based private operators
- Credit providers and credit reporting bodies
- Contractors providing services under contract with the Australian government
- Businesses that sell or purchase personal information on the web (including the dark web).
If your business comes under one of the above-mentioned categories, you need to act in accordance with the thirteen Australian Privacy Principles (APPs). These principles provide the framework regarding the collection, use, and disclosure of personal information by businesses in Australia.
If your organization meets the criteria, we highly recommend you understand the Australian Privacy Principles (APP) guidelines. Here are some key principles relating to online data protection for companies:
- Personal information should be collected “only by lawful and fair means and not in an unreasonably intrusive way.”
- Organizations must “take reasonable steps” to ensure the data protection of individuals.
- Organizations must not disclose or use the personal data of individuals in any other way than the primary purpose of collection.
- Organizations should take reasonable steps to make sure the personal information it collects is protected from misuse, unauthorized access, and disclosure.
- If personal information is not needed anymore for the purpose it was collected, then the organization should take steps to “permanently de-identify” information.
These are some important considerations that businesses need to follow. However, keep in mind that even if your business is not covered under the Privacy Act 1988, you should handle user data with care and due diligence.
The Notifiable Data Breaches (NDB)
As of February 2018, every organization must comply with the Notifiable Data Breaches (NBD) scheme. If an organization faces a data breach, it must notify individuals and the Office of the Australian Information Commissioner (OAIC).
Data breaches happen when an organization loses personal information that is liable to exposure. This occurs when a database of a company is hacked, or personal information is stolen or lost.
Individual Rights Under Privacy Act
It may seem that the Privacy Act only covers organizations and agencies. No, the Australian laws also grant the individuals control over the use of their personal information and data usage.
The Privacy Act allows the following rights to the individuals:
- Know how your personal data is gathered, used, and disclosed by organizations.
- Request access to your personal information and data.
- Ask organizations to correct any personal information that needs to be corrected.
- Hide your real name because you have the choice not to identify yourself.
- Stop receiving direct messages from organizations advertising a product.
- File a complaint about an organization that is violating the Privacy Act regarding the use of your personal data.
Online Behavioral Advertising
Targeted and behavioral online advertising has expanded greatly in recent years due to advancements in online technologies and the digital world. The Privacy Act allows organizations to use personal data for the purpose of direct marketing. However, the organization needs to get the content of the individual before using such data. Also, the subject has the right to opt out of it and send a request not to receive any direct marketing material via email, text, phone call, etc.
Protecting Personal User Information Online
There are numerous ways individuals can protect their personal information online from being collected and used by the authorities and private organizations. To save you the trouble, here are some of the best ways to protect your online activities:
- Use a top-rated VPN service
- Avoid using public Wi-Fi without a VPN
- Dont share personal information on social media platforms like Facebook, Instagram, Twitter, and more.
- Use a strong password and keep it private.
- When getting rid of a computer, mobile phone, or any other electronic device, safely dispose of your personal information
Trade Marks Act 1995
Trade Marks Act 1995 (Commonwealth) protects trademarks of brands from being replicated. You can use company trademarks to compare different brands or services, but you cannot use them to impersonate the brand in any way. The same goes for the information you provide. Misleading users with false information about a brand is a crime.
According to the Australian Defamation Law, you can also sue someone who is publishing false information about your company that is damaging the reputation of the company. You can sue two types of defamation that you can be sued for:
- Slander: Oral and written false communication harming individual reputation.
- Libel: Publishing false reputation in the written form.
Australian Online Privacy Laws: Real-Life Example
In March 2020, the Australian Information Commissioner sued Facebook over a privacy breach that violated the privacy of 300,000 Australians. The data included people’s names, email addresses, locations, friends list, Facebook messages, and likes.
The Australian Information Commissioner said that the personal information of Australian users was unlawfully disclosed to an application called This Is Your Digital Life (TIYGL), breaching the Privacy Act 1988.
The most alarming situation about this incident is that Facebook knew about it, and it did not inform its users at all. As a result of the privacy breach, Facebook faced serious charges and a fine of more than $500+ billion.
Future of Online Privacy & Laws in Australia
The current coronavirus pandemic has changed the norm and forced companies to make drastic changes in their everyday business operations. Organizations are collecting and using the information to handle the pandemic and implement appropriate measures.
In light of this situation, the Australian Competition and Consumer Commission (ACCC) suggested that the definition of “personal information” should be adjusted to make room for technical information like IP addresses, geo-location, and more. To protect your online privacy, we suggest using a VPN in Australia. You can also go for free VPNs for Australia if you don’t feel like splurging on privacy.