Given the updates are expected to be referred to a parliamentary committee for review, this delay means the Act itself is unlikely to be passed until early next year – at best.
If the committee review highlights significant issues, or if the opposition parties take issue with the proposed reforms, we could see the process drag out even longer.
For businesses, this delay is a double-edged sword.
On the one hand, it gives you more time to prepare for the inevitable changes. On the other, it prolongs the uncertainty and the need for ongoing vigilance in data management practices.
Why the delay?
The delay is reportedly due to the government’s busy legislative agenda with the Privacy Act seemingly being pushed down the priority list.
While this might seem like a tactical delay, it reflects the complexity and significance of the proposed changes. The reforms are not just a simple update; they represent a fundamental shift in how personal data is managed, stored, and used in Australia.
Politically, the reforms are a hot potato. Both the Liberal and Greens parties have expressed concerns over different aspects of the proposed changes.
The Liberals, for instance, have flagged potential issues related to business compliance costs and the impact on small to medium enterprises.
The Greens, on the other hand, are pushing for even stronger privacy protections, which they argue are necessary to safeguard us all in the digital age.
This political tug-of-war is likely to continue through the committee review process and could lead to further revisions before the bill is finally passed.
What politicians are saying
Key political figures have been vocal about the delay and what it means for Australians.
The Minister for Home Affairs Clare O’Neil has highlighted the government’s broader approach to digital security stating that the government is focused on properly regulating the environment and coordinating efforts across sectors to ensure better protections for Australians. She emphasised that this approach is about, “harnessing all the forces in our country” to provide better protections, rather than just pouring money into the issue.
Meanwhile, Australian Information Commissioner Angelene Falk has described the proposed reforms as, “The most significant change to the Privacy Act in decades.” She noted that these reforms are crucial for ensuring privacy protections are built into products and services from the outset. Falk stressed the importance of proceeding with reforms as a priority, given the ever-increasing use of technology in the daily lives of Australians and the rise of artificial intelligence.
Opposition members, however, have criticised the delay as a sign of the government’s lack of urgency in addressing privacy concerns. The Shadow Minister for Digital Economy has long been vocal, arguing that the government is dragging its feet on an issue that has significant implications for consumer trust and business transparency.
A quick recap: What to expect when the act passes
While the exact details of the final Privacy Act are still up in the air, there are several key changes that marketers should be prepared for:
Mandatory consent banners: One of the most anticipated changes is the introduction of mandatory consent banners, like what we’ve seen in Europe with the General Data Protection Regulation (GDPR). These banners will require explicit consent from users before any data is collected or processed.
Tighter restrictions on third-party data: The use of third-party data is expected to be heavily restricted. Businesses will need to shift towards first-party data strategies, ensuring they have direct consent from their audiences.
Increased penalties for non-compliance: The new Act will likely include significantly higher penalties for businesses that fail to comply with the new regulations. This makes it essential for businesses to audit their data practices now and ensure they are ready for the changes.
New rights for individuals: Australians will gain new rights over their data, including the right to request deletion or correction of their data. Businesses will need to ensure their systems can handle these requests efficiently.
Broader definitions of personal data: The definition of what constitutes personal data is expected to be expanded, which could have significant implications for how data is managed and used in marketing activities.
What should you do now?
Given this delay, it’s tempting to adopt a “wait and see” approach, but this would be a mistake. The delay should be seen as an opportunity to continue getting ahead of the curve. Steps you can take now include:
Audit your data practices: Now is the time to thoroughly audit how your organisation collects, stores, and uses personal data. Ensure that your practices align with what is likely to be required under the new Act.
Shift to first-party data: If you haven’t already, start moving towards a first-party data strategy. This will not only help you comply with the new regulations but also build stronger, more trusting relationships with your customers.
Prepare for consent management: Get ready for the introduction of consent banners by reviewing how you currently obtain and manage user consent. Consider investing in a consent management platform (CMP) if you haven’t already.
Stay informed: Keep a close eye on developments as the bill progresses through Parliament. Understanding the political landscape and the likely changes to the bill will help you stay ahead of any curveballs that might come your way.
While the delay in the Privacy Act updates might feel like a reprieve, it’s important not to lose sight of the changes that are coming. The key will be to use this time wisely. Prepare your data practices, update your strategies, and stay informed about the political and legislative landscape. By doing so, you’ll be better positioned to navigate the changes when they do finally arrive.
