ADIA > Member services > Privacy > Independent Review of the Privacy Code

Independent Review of the Privacy Code


Launched on 1 December 2014, AMSRO’s Privacy (Market and Social Research) Code 2014, was the first and only non-mandatory industry privacy code under the Australian Privacy Principles (APP) registered on the Federal Register of Legislative Instruments (FRLI).

A copy of the Privacy (Market and Social) Code 2014 is available here.


In accordance with the provisions of Part G of the Code, the Code is subject to independent review by the Independent Code Reviewer Panel at least every five years.

Professor Peter Leonard, Principal, Data Synergies Law Pty. Ltd., was commissioned to undertake the independent review of the Privacy (Market and Social Research) Code 2014[1] (the Code).

A full copy of Professor Leonard’s Independent Review Report is available PMSR Code Review 2019 – Report of the Independent Reviewer March 2020 Final

See here for a full copy of Professor Leonard’s explanatory notes relating to the consultation and summarised below.

The responsibilities of the Independent Code Reviewer include: 

  • to seek the views of the Commissioner, government agencies, industry representatives, consumer representatives, the general public and other persons or bodies as appropriate in Australia and internationally, regarding the operation of this Code and in relation to suitable revisions and amendments;
  • to produce a report including recommendations for any amendments to this Code that are considered necessary or desirable for the effective operation of the Code.

Amendments proposed by the independent reviewer included: 

  • to bring the Code up to date, including by addressing changes in the law;
  • to clarify certain aspects of operation of the Code that were not as clearly expressed as would be ideal,
  • to reference relevant guidance and explanatory material that had been released by the OAIC since the Code was registered in 2014.


View The Privacy (Market and Social Research) Code 2014 consultation drafts here –

Clean copy

Marked copy

Summary of changes:

  • references to the Notifiable Data Breach Scheme, to ensure good practice in mitigation of risk of data breaches and sector awareness of the requirements of this Scheme;
  • clarification as to alternatives available to consumers in raising concerns as to operation of the Code and complaints as to compliance with provisions of the Code;
  • improved coverage of obligations of Code members to ensure compliance with data privacy law in relation to use of cloud services, outsourcing and other data handling practices conducted outside Australia, including relevant foreign laws such as the General Data Protection Regulation of the European Union;
  • removal of references to the AMSRS Code of Professional Behaviour, which is not controlled by the Code Administrator and which therefore could be changed by AMSRS in a manner that conflicts with the findings of this review or the approval requirements of the Code;
  • stronger monitoring, stronger compliance and reporting mechanisms, to heighten sector-wide awareness of issues or concerns which arise in relation to an individual Code member but which have wider sector relevance.


Terms of Reference

The Reviewer