Add Your VPN Review

Disclosure: Privacy Australia is community-supported. We may earn a commission when you buy a VPN through one of our links. Learn more.

Privacy Laws & Regulations in Australia: COVID-19 Aftermath

By Will Ellis
Last Updated on May 11, 2022
Privacy Laws & Regulations in Australia: COVID-19 Aftermath
As the collection, use and disclosure of personal information to prevent and manage the spread of COVID-19 becomes the new norm, employees are becoming increasingly concerned about the future of privacy regulations in Australia.

Ever since the Australian Government announced that organizations must comply with the requirements of the Australian Privacy Act 1988 (Cth) and the requirements of the Australian Privacy Principles (APPs), privacy has been at the forefront of everyone’s mind.

During this time, businesses must understand their privacy obligations when implementing urgent regulations in response to the pandemic. Be that as it may, the severity of COVID-19 could, in some instances, justify restrictions on specific human rights.

As the government continues to highlight the need for privacy frameworks and cybersecurity, the risk of cyber scams and vulnerability proceeds to increase significantly.

With regular data breach scandals across the globe, Australian employees are becoming more concerned about who has access to their personal information. As a result, businesses across the globe are looking to implement stricter measures in order to prevent scams and to protect the data of their employees.

The Future of Privacy Regulations in Australia: What’s Next?


When disruptive events occur on an international scale, they can often have a considerable effect on how businesses operate. In light of the current global situation with COVID-19, businesses across Australia are being forced to make substantial changes to their operations.

In recent months, we have seen an increase in the collection, use, and disclosure of personal data used to control or prevent COVID-19. While access to personal information should be limited to a need-to-know basis, private sector organizations may need to use staff data to control and prevent the novel Coronavirus in the workplace.

Although the number of new COVID-19 cases in Australia is beginning to slow down, we expect to see an increase in the collection of personal information over the coming months as businesses attempt to tackle the spread of the virus.

What Do the Experts Think?


In an interview with CMO earlier last month, an expert in privacy law and founder of Salinger Privacy, Anna Johnston, expressed her opinion on the future of privacy for media and marketing companies in Australia.

When discussing privacy laws, it is essential to first acknowledge that the Australian Privacy Act 1988 (Cth) regulates all personal data, regardless of whether the information is publically found or privately retained.

“It doesn’t matter if it’s considered private in the sense of things secret or something embarrassing, what the law protects is actually very broad,” Anna Johnston explained. “That individual must be identified, or reasonably identifiable.

If you can put two and two together to maybe figure out who the person is, it will make the definition of personal information and the Privacy Act will apply and privacy principles which define your legal obligations will kick in.”

Changing the Definition of Personal Informatio


Following the Digital Platforms Inquiry by the Australian Competition and Consumer Commission (ACCC), the Australian Government is now determined to change the definition of “personal information” to include technical data that may be used to identify an individual, such as device identifiers, location data and IP addresses.

Following the change, this metadata will be classed as personal information that must be handled in line with the Privacy Act 1988.

Anna Johnston noted that this change could inevitably lead to stricter regulations concerning the secondary use or disclosure of personal data.

At the time of writing, the Australian Privacy Act requires organizations to take sensible measures to notify staff with regard to the collection of personal data. To guarantee that organizations are implementing best practices, the Australian Government has pledged to further discuss reinforcing the current GDPR notice and consent requirements.

This includes requiring organizations to obtain consent every time a customer’s personal data is gathered, used or disclosed.

Ethical Data Collection


While there’s no denying that data-sharing practices are constantly changing to keep up with the times, it is important that businesses spark-up a conversation on ethical data collection during the COVID-19 pandemic.

“The OAIC [Australian Information Commissioner] more recently has started to call out things like whether or not the means of collection of personal information is fair. And if it’s not fair, does that not even meet the law? It’s not just an ethical test, it’s also a legal test,” mentioned Anna Johnston.

She continued by saying that we could potentially see an “increased focus on accountability through methodologies like privacy impact assessment and new projects, possibly making the idea of privacy by design mandatory.”

Given the Australian Governments response to the ACCC, it appears as though privacy regulations in Australia are set to change significantly in the years to come. The question is: Are you ready for the change?

Related news