Tech firms facing more than $10M in fines for data privacy breaches
- 25 March, 2019 16:40
The Australian Federal Government has revised the Privacy Act penalties that could see technology companies with multi-million-dollar fines if breaching privacy laws.
Under proposed new rules, companies could face penalties of up to $10 million for serious breaches of the Privacy Act, rising from the current penalty of $2.1 million.
Alternatively, firms may also have to pay three times the value of any benefit obtained through the data misuse or 10 per cent of their annual domestic turnover, leaving some tech giants with even bigger fines.
Social media giants such as Facebook and Twitter will also be forced to stop using or disclosing an individual’s personal information "upon request".
The amendments to the Privacy Act will also include specific rules to protect the personal information of children and other vulnerable groups.
Unveiled by Attorney-General Christian Porter and Minister for Communications and the Arts Mitch Fifield, the amendments are to be drafted for consultation later this year.
Porter claimed Australia’s current laws “fall short” given the explosion of social media and online platforms which have traded “in personal information over the past decade”.
“This penalty and enforcement regime will be backed by legislative amendments which will result in a code for social media and online platforms which trade in personal information,” he said.
“The code will require these companies to be more transparent about any data sharing and requiring more specific consent of users when they collect, use and disclose personal information.”
The updated laws will also give the Office of the Australian Information Commissioner (OAIC) the power to impose corporate fines of up to $63,000 and penalties of $12,600 for individuals as punishment for not helping resolve minor breaches.
The OAIC will be given an extra $25 million over three years to investigate breaches. In addition, the body will also get more options to address breaches through third-party reviews and public notices.
“The tech industry needs to do much more to protect Australians’ data and privacy,” Minister Fifield said.
“Today we are sending a clear message that this Government will act to ensure consumers have their privacy respected and we will punish those firms and platforms who defy our norms and our laws.”
The proposed changes come ahead of the Australian Competition and Consumer Commission’s final report from the Digital Platforms inquiry, which is due out in June.
Relevant findings from the report, which is focused on the impact of large digital media platforms on competition, will be incorporated into the draft legislation, Porter added.