By -

Snapshot

  • Entities regulated by the Privacy Act 1988 (Cth) have until 10 December 2026 to update their privacy policies with information about automated decision making which may significantly affect individuals’ rights or interests.
  • The Office of the Australian Information Commissioner has new infringement notice powers to issue fines or seek court penalties of up to $330,000 for non-compliant privacy policies.
  • Legal professionals advising private sector entities and Australian Government agencies will need to be familiar with transparency requirements in order to ensure privacy policies are updated ahead of the deadline.

The Privacy and Other Legislation Amendment Act 2024 (Cth) (‘POLA Act’) received royal assent on 10 December 2024 and introduced the ‘first tranche’ of changes from the long running project to reform the Privacy Act 1988 (Cth) (‘Privacy Act’).

New transparency requirements

Notable aspects of the POLA Act include the introduction of a statutory tort for serious invasions of privacy, the development of a Children’s Online Privacy Code and the addition of a new ‘doxxing’ crime to the Criminal Code to cover the malicious release of personal information online.

However, the greatest operational impact for the majority of regulated entities will likely come from the amendment of Australian Privacy Principle (‘APP’) 1 in the Privacy Act. It aims to increase transparency in privacy policies on the use of automated decisions which significantly affect individuals’ rights or interests.

You've reached the end of this article preview

There's more to read! Subscribe to LSJ today to access the rest of our updates, articles and multimedia content.

Subscribe to LSJ

Already an LSJ subscriber or Law Society member? Sign in to read the rest of the article.

Sign in to read more