Iubenda logo
Start generating


Table of Contents

The Incoming Australia Privacy Bill: What you Need to Know

Some important privacy news in Australia. Mark Dreyfus, Attorney-General, confirmed in a media release an incoming Australia privacy bill for strengthening its current legislation. 👀 Let’s recap.

australia privacy bill

🇦🇺 The current privacy landscape in Australia

Australian data protection laws date back more than 30 years ago, to 1988 with the Australian Privacy Act 1988. It aimed at promoting and protecting the privacy of individuals. The Privacy Act includes 13 Australian Privacy Principles (APPs).

The Act and the Principles govern the collection, storage, use and disclosure of Personal Information.
Australian businesses are bound by the Privacy Act 1988 if:

  • they handle Personal Information and
  • have $3 million or more in annual turnover; or
  • are captured by the second set of criteria set out in the Act → see here).

👉 Read our guide for more detailed information.

🔍 Why is a change needed?

Mark Dreyfus states:

Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business. We need better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivise better behaviour.

👉 Read the full statement here.

🎯 Did you know?

Optus, an Australian giant telecoms company, declared in September 2022 it was the target of a cyberattack compromising customer information. It said information which may have been exposed includes “names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s licence or passport numbers”.

In short, a spike in data breaches in Australia in the past months brought the government to implement some new rules and introduce the new 2022 data privacy bill.

🆕 The incoming Australia data privacy bill

Under the Privacy Legislation Amendment Bill 2022, the maximum penalty that could have been applied under the Privacy Act 1988 will now increase from $2.22 million to whichever is the greater of:

  • $50 million;
  • three times the value of any benefit obtained through the misuse of information; or
  • 30% of a company’s adjusted turnover in the relevant period.

Additionally, the Australian Information Commissioner will be given greater powers and more detail on the information compromised in the event of a privacy breach, under the new bill.

📬 Want to keep up to date on the latest in Data Protection and Privacy news? 👀 Join our DPO Newsletter and receive the news in your inbox!

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.