A coalition of 27 advocates and researchers are calling on the federal government to urgently reform the Privacy Act to better protect people from data breaches and data misuse by businesses and corporations.
In an open letter to the government, the signatories – which include privacy experts and assistance services working with people affected by data breaches – urge the government to update the "outdated" laws.
We know all too well the harm that inadequate privacy protections cause
Rafi Alam, CHOICE senior campaigns and policy advisor
"We know all too well the harm that inadequate privacy protections cause. Gambling companies hound at-risk people with targeted advertising, data brokers sell our information without consent and automated systems discriminate against marginalised people," says CHOICE senior campaigns and policy advisor, Rafi Alam.
"We've also seen millions of consumers harmed by data breaches when businesses store too much personal information," he adds.
What needs to change?
In March the Attorney-General's Department released its review into the Privacy Act and the federal government has since announced its support for the majority of the recommendations.
"To ensure the Privacy Act is fit-for-purpose in a rapidly changing digital environment, we are calling on the federal government to urgently implement a number of recommendations to protect the safety, security and integrity of our personal information," Alam says.
The joint letter calls for the Privacy Act to apply to all businesses, regardless of size, and for more resources and power for regulators
The joint letter calls for urgent action to modernise the definition of "personal information", ensuring businesses only collect and keep data that customers want them to by establishing a fair and reasonable use test.
It also calls for the Privacy Act to apply to all businesses, regardless of size, and for more resources and power for regulators and clear guardrails on high-risk technologies like facial recognition.
Experts agree that our privacy laws are out of date
Anna Johnston, principal at specialist privacy consulting and training firm Salinger Privacy, supports the proposed reforms.
"Our privacy laws are well out-of-date. So much data is collected and used about us every day, much of it in ways beyond our understanding or control," she says
"Without a stronger Privacy Act, Australians will remain at risk of more data breaches, and our data will continue to be collected and sold by data brokers who track, profile and target us online without our consent. It is critical that the government enacts these reforms as soon as possible," she adds.
Carol Bennett from the Alliance for Gambling Reform says lax privacy laws have allowed the gambling industry to commercialise people's information, especially children and those who struggle with gambling addiction.
Without a stronger Privacy Act, Australians will remain at risk of more data breaches, and our data will continue to be collected and sold by data brokers
"We need to place responsibility where it should be – on the industries that benefit from the collection of personal data – to mitigate and reduce risks of harm related to their operations."
Bennett cites the gambling industry as an area of high-risk for unreliable data privacy and information management. "It's like putting Dracula in charge of the bloodbank," she says.
In September, Attorney-General Mark Dreyfus said the government agreed "in-principle" to the majority of the review's proposals and that the next steps would be to conduct impact analysis and work with communities, businesses, media organisations and government agencies to inform the development of legislation in this term of Parliament.
"The Government will also consider appropriate transition periods as part of the development of any legislation," he said.
Download the PDF of the full open letter.
Stock images: Getty, unless otherwise stated.