ADIA > The Privacy Legislation Amendment Bill 2022

The Privacy Legislation Amendment Bill 2022


The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 has now passed both houses of parliament and will beef up privacy protection in Australia by significantly increasing penalties for serious or repeated interferences with privacy, enhancing the Australian Information Commissioner’s enforcement powers, and provide the Commissioner and the Australian Communications and Media Authority (ACMA) with increased information sharing powers.

Key changes:

Increased penalties – the Bill increases the penalty under the Privacy Act for serious or repeated interferences with privacy to:

  • $2.5 million for a person other than a body corporate;
  • for a body corporate an amount not exceeding the greater of:
    • $50 million;
    • three times the value of the benefit obtained; or
    • if the court cannot determine the value of the benefit, 30% of their adjusted turnover in the relevant period.

Enhanced enforcement powers – the Bill provides the Office of the Australian Information Commissioner (OAIC) with enhanced enforcement powers, including:

  • expanding the types of declarations that the Commissioner can make in a determination at the conclusion of an investigation
  • amending the extraterritorial jurisdiction of the Privacy Act to ensure foreign organisations that carry on a business in Australia must meet the obligations under the Act, even if they do not collect or hold Australians’ information directly from a source in Australia
  • providing the Commissioner with new powers to conduct assessments
  • providing the Commissioner new infringement notice powers to penalise entities for failing to provide information without the need to engage in protracted litigation

Enhanced information sharing powers the Bill enhances the Commissioner’s ability to share information by:

  • clarifying that the Commissioner is able to share information gathered through the Commissioner’s information commissioner functions, freedom of information functions and privacy functions
  • providing the Commissioner with the power to disclose information or documents with an enforcement body, an alternative complaint body, and a State, Territory or foreign privacy regulator for the purpose of the Commissioner or the receiving body exercising their powers, or performing their functions or duties, and
  • providing the Commissioner with the power to publish a determination or information relating to an assessment on the Commissioner’s website; and disclose all other information acquired in the course of exercising powers or performing functions or duties if it is in the public interest.