Just this year alone we have seen a series of privacy scandals and legislative developments. From the massive global privacy breach involving Facebook and Cambridge Analytica and the severe lack of public confidence in Peter Dutton’s proposed identity matching regime that lawyers warn could expose Australians to a Chinese-style surveillance system with few built-in privacy safeguards; to important changes to Australian revenge porn legislation designed to protect private images from being shared online without consent and, now, the implementation of the new global standard for online privacy, the General Data Protection Regulation.
Needless to say, the word “privacy,” and how to actually maintain the integrity of one’s private data online, has become a strong and recurring theme this year. It’s a good thing Privacy Awareness Week is upon us.
General Data Protection Regulation (GDPR)
Important changes are being proposed in Australia, and around the world, to ensure better protection of individual online data privacy.
On 25 May 2018, the General Data Protection Regulation (GDPR), will come into effect. The purpose of the new legislation is to protect the data and privacy of all individuals within the European Union (EU). It also deals with the export of personal data outside the EU, aiming to provide control to individuals over their personal data and how it is used.
Last week the Senate passed a motion calling the government to consider the impact of Australia’s insufficient and outdated privacy laws on all Australians, including children and young people.
Green Senator Jordon Steele-John moved that Australia’s privacy laws be updated to align more with the European standard of online privacy protection and current world best practice.
There is need for urgent review of privacy regulations in Australia, including the collection, storage, and use of personal information by government, corporations and other entities particularly with respect to its impact on the integrity of our democracy” said Senator Steele-John.
Why should Australian companies pay attention to the GDPR changes?
The law applies to Australian companies that:
- have an establishment in the EU; or
- do not have an establishment in the EU but provide goods and services, or monitor the behaviour of individuals in the EU.
The GDPR also creates ‘individual rights’ such as the right to:
- be informed;
- access your personal data;
- rectification of personal data if inaccurate or incomplete;
- be forgotten – you can have your data erased;
- restrict data processing;
- data portability;
- object; as well as
- rights relating to automated decision making and profiling.
Companies may be liable for data breaches such as having customer’s data hacked. Penalties can reach up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher for specific infringements.
The implementation of the GDPR is why you have been receiving privacy-related emails from companies like ASOS, Ebay and Twitter asking you if you wish to continue receiving emails as well as informing you of your privacy rights.
The GDPR comes into effect next week following Privacy Awareness Week. The GDPR and will operate alongside the Privacy Act 1988 (Cth) and the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth).
Privacy Awareness Week
Privacy Awareness Week (PAW) is held each year (Sunday 13 to Saturday 19 May 2018) to promote and raise awareness of privacy issues and the importance of protecting personal information. It is an annual initiative of the Asia-Pacific Privacy Authorities Forum in conjunction with the Office of the Australian Information Commissioner (OAIC).
The focus of PAW this year is to encourage Australian organisations to review and improve their data handling practices especially where personal information is concerned. Transparency and accountability are encouraged in order to build public confidence and meet community expectations.
PAW is also aimed at promoting and discussing how we can improve individual privacy practices while increasing awareness of privacy risks and how to reduce those risks. Given the rapid flow of information, including private information, in the digital age, community awareness and understanding of privacy issues, risks and protections have never been more important.
How to get involved
Many events are open to the public during PAW including:
- Webinar — How to prepare your agency’s Privacy Management Plan
When: 10.30am to 11.30am, Tuesday 15 May 2018
How: Register online
Cost: Free
It is aimed specifically at Privacy Officers, Privacy Champions, and anyone else who is responsible for privacy in Australian Government agencies. We recommend registering early to test the webcast on your device.
- Do you know your Credit History?
- Thursday 17 May 2018 from 7:30am-1:30pm at Wynyard Park, Sydney CBD, NSW
- Digital Self-Defence and Privacy Workshops
- This will be held by the Office of the Information Commissioner, Queensland on Wednesday 16 May 2018 from 9:30am-11:00am at Brisbane Square Library. This event is FREE and you can register to attend here.
Privacy Awareness Week runs from Sunday 13 May – Saturday 19 May 2018.
BucketOrange Magazine is a proud Privacy Awareness Week partner.
Further Information
- For more information on personal privacy, visit the Office of the Australian Information Commissioner website.
- For more information on the GDPR for Australian businesses, see the OAIC guidelines.