TCA supports privacy outcomes but urges consultation

The Tech Council of Australia (TCA) has applauded government commitment to 38 of 116 proposals in the Privacy Act Review Report and its agreement in principle to 68 measures.

TCA CEO Kate Pounder is pleased the government has accepted the proposals as put forward by the organisation.

“The Tech Council of Australia has consistently supported the need to modernise Australia’s outdated privacy laws to better reflect our increasingly interconnected and global digital economy.

“We see privacy reform as a key pillar of a credible response to improve Australia’s ability to safely and responsibly develop and adopt AI, to improve cybersecurity resilience and to enable the continued growth of the tech sector.

“We welcome the government’s decision to release the final review report and consult further before developing legislation,” Pounder said.

Some key measures advocated by the TCA include:

• The need for more harmonised and interoperable privacy laws aligned with international and domestic standards and frameworks, such as the GDPR.
• The introduction of the concepts of data controllers and data processors.
• Clearer definitions and tests for the fair and reasonable steps organisations are required to take to protect personal information.
• A review of laws requiring retention of personal information.
• The introduction of privacy impact assessments for activities with higher privacy risk, including Facial Recognition Technology.
• The establishment of an ‘Australian link’ for the Privacy Act.
• The ability of the OAIC to publish guidelines related to emerging technologies and privacy practice.
   

“Our first priority now is to consult with our member community on a number of areas that will require further thought and consultation on potential implementation risks and issues.

“As such, we will reconvene our Privacy Working Group to help develop a comprehensive and constructive Tech Council response,” Pounder said.

Areas for consultation include:

• A right to erasure — which the TCA supports — but which should provide some flexibility in how an organisation implements it.
• Transparency requirements for substantially automated decision-making, to ensure a clear definition of ‘substantially automated’ is determined, that any obligations are workable in a range of settings given the breadth of uses of AI, and that obligations do not compromise other public interest and safety objectives.
• Clarifying the roles and responsibilities of data controllers and processors.
• Consideration of removal of the small business exemption for privacy, which the TCA supports, recognising that good data practice is vital from both a privacy and cybersecurity perspective, but which needs to be designed in consultation with small businesses and should include support measures for them.
• The proposals for a direct right of privacy and statutory tort of privacy, which the TCA believes should only considered after the adoption and assessment of the effectiveness of other reform proposals to safeguard privacy.
• The design of privacy and collection notices, which should provide flexibility in their format to recognise the range of organisations and situations in which they are used, and which need to be user-friendly to be meaningful and avoid consent fatigue.
• The scope of direct marketing, targeting and trading definitions, in particular the unqualified right to opt-out of marketing and advertising.
• The introduction of a Children’s Online Privacy Code in a similar way to the UK’s Age-Appropriate Design Code.
   

Image credit: iStock.com/kutubQ