Cyber Law and Policy

Table of Contents


Australia and privacy information laws in the context of the General Data Protection Regulation



Introduction to Failure of Information Privacy Laws

Australia is a nation which has a federal system of government where there is a national government, six state governments along with two different territories. The concern regarding data protection is certainly frequent among such a population. The constituted data protection law existing in Australia is the Privacy Act 1988 to promote the protection of the privacy of the individual. The guidelines which have been issued by the Australian Information Commissioner for the interpretation and application in the Privacy Act has also few guidelines which are similar to the General Data Protection Regulation, which came into effect on 25 May 2018 (GDPR.EU, 2020). Both of these laws are quite comprehensive concerning their material and terrestrial scope but there are several differences which are existing between the General Data Protection Regulation and the Privacy Act of Australia. The power and information symmetry which has been existing between the digital platform and the consumers are making it challenging for each of the individuals of the nation to have an informed decision concerning their personal information which has been getting handled through the online platform (Falk, 2019). The information privacy laws of Australia are found to be no longer fit for the protection of the individual's personal information from exploitation and risk. The comparison of the provisions of data protection in the General Data Protection Regulation and the legislation of Privacy Act persisting in the nation suggests strong need to reform the laws for the protection of the rights of privacy of the individual. The present paper will analyse the different aspects where the information privacy laws of Australia as are failing in the protection of the rights of the individuals. Within the context of European Union's General Data Protection Regulation, this paper will further analyse the different provisions which need to be incorporated in the privacy law to ensure the full protection of the personal information of the individuals in the nation.

Australia and Privacy Information Laws in The Context of The General Data Protection Regulation

One of the significant issues which are leading to the risk on the protection of the private individual is the inability of the information privacy laws of Australia in applying to most of the private sector of the nation. The information privacy laws of Australia cover only those organisations who have a monetary turnover of. Although there are some exceptions where the law covers those organisations, as well, which are active in the collection and handling of health information. It is also noticeable that like other Nations, for example, New Zealand, the information privacy laws of Australia have not been declared as providing' data protection of adequate level' under the provisions of European Union Directive 95/46/EC and henceforth does not receive a similar appreciation under the General Data Protection Regulation (Article 25(2) of the EU Directive 95/46/EC).

The nation is also not fully able to protect the personal information of the individuals from exploitation and risk as to the sanctions and penalty which have been provided under the Australian information privacy laws are comparatively weak than those sanctions which have been available under the General Data Protection Regulation of the European Union.

Again, compared to General Data Protection Regulation, Australian information privacy laws have not been updated to provide additional rights that are becoming rapidly significant to protect privacy in the context of Big Data or similar technologies (Law and Policy Program, 2018). Some of the examples which suggest this very statement concerning the information privacy laws of Australia are the legislation does not have the right to be forgotten. Also, the data protection rights are not provided under the information privacy laws of Australia which are quite significant these days. The privacy of the individuals of the nation is also on risk and exploitation under the information privacy laws of Australia as the legislation has not provided any right for objecting concerning the processing of personal information which may include profiling.

This suggests that the information privacy laws of Australia, with its provision for the protection of the privacy of the individual, particularly at the Commonwealth level, is quite running behind the European development and still in need to frame and implement those legislations which are having the introduction of various new technologies that can have the potential to challenge the existing form of protection provided to the individuals concerning their privacy. The de-identified information which has been published by the government, with the adoption of open data policies, is also not capable concerning the inherent limitations which are existing in the techniques of the de-identification.

The other lacking point of the information privacy laws of Australia is concerning the fact that despite the regulation of holding, handling, correction and access of personal information to include the private sector, the implementation and amendments of the privacy information laws of Australia has not yet been fully capable to address the changing nature of data collection in this digital era. This again suggests that the law and regulatory system of Australia concerning the privacy is not capable to deal with the new digital platform Business models along with the ramp data collection which has been encouraged by the nation but not sufficiently managed (Brookes, 2019).

Another significant difference concerning the approach of General Data Protection Regulation privacy information laws exist in Australia is concerning data protection. In the European Union, the data protection has been defined as one of the fundamental rights which is in the interest of personality, dignity and self-determination (Schwartz and Peifer, 2017, p.123) and has a much constitutionally from the Charter of Fundamental Rights (8 CFR), with the focus on a specific Article centred on the issue of data protection.

On the other hand, privacy information laws of Australia still not have any constitutional basis for data protection and is presented concerning the broader protection around privacy. With the assistance of common law such as the tort of breach of confidence, protection has been provided to an individual based on ‘management and protection of private information’ (Meese and Wilken, 2014, p. 320). It has been provided in this particular common law that an individual can use such law to protect their privacy issues which may even include their data but such that has been rarely used.

The nation has a process to provide an opportunity for the individual to complain directly regarding their complaint against any organisation which has been leading to the issue of data privacy for the individual. An individual can even go to the office of the Australian Information Commissioner in cases where no satisfactory response has been received by the individual (Meese and Wilken, 2014). While there is no option available in the information privacy laws of the nation to file a suit against another party for the breach of confidence, it has been rarely used and found incapable of addressing all the potential data protection or privacy-related issues which an individual can face. This led to the narrowing of the operation of privacy laws of Australia to ascertain bureaucratic context which is in contrast with the data protection right which has been provided through the European Union.

Another significant distinction which again suggests a lack of approach in the privacy information laws of Australia is the jurisdiction which has different approaches for the definition of data or information. The European Union has having a continued interest in regulating personal data since the framing of the Data Protection Directive (1995). The personal data has been defined as any information which is related to an 'identified' or 'identifiable natural person' (art. 2 (a) DPD or art 4.1 General Data Protection Regulation) where an 'identified natural person' has been defined as the one who can be identified either directly or indirectly (art. 2 (a) DPD or art 4.1 General Data Protection Regulation). This is in contrast with the privacy information laws of Australia which is focused on protecting the personal information defined as 'an opinion of information concerning the identified individual or an individual who can be reasonably identifiable' (Section 6 of the Act). Also, with the legal case of Privacy Commissioner vs Telstra Corporation Limited, this definition of the personal information provided under the legislation of Australia is found to be an undetermined. The issue of the case was regarding a journalist who attempted to get access to is metadata (Privacy Commissioner vs Telstra Corporation, 2017). The Full Federal Court in this case observe that personal information should be about the individual but has not provided any determination concerning the inclusion of metadata. The issue which is in focus with this case is regarding the information which can be needed to relate to any person in Europe. The important point is that with the need for information per person in Europe, a comprehensive suite of information is subject to any regulation, such as data generated from personal use of a service. Interestingly, Australian law concerning the privacy has only had regulation for the data which is expressly concerned with the name, address, details, place of employment, signature work role of the individual and so on (Productivity Commission, 2017, p. 56),

Surveillance capitalism: Threat to privacy

The presence of surveillance capitalism is one of the areas of Australian privacy laws which suggest that privacy of the individual in the nation is at stake and the current legislation is not capable enough to protect from exploitation and risk concerning the privacy of the individual. The term “Surveillance capitalism” has been coined by one of the academic and digital technology experts of the United States called Shoshana Zuboff (Zuboff, 2017). Recently, in one of his speech, the CEO of the Apple company, Tim Cook, drew the attention of the world towards the destruction of the privacy of the individual at the hands of some major technology companies (Bornstein, 2019). He further condemned the data Industrial complex in the speech provided to the European Parliament. The data industrial complex has been referred by him as a way in which the personal information of the individual is getting transferred to the other companies in exchange of getting access to the internet and thus leading to the weaponization of one's personal information against the individual.

After the conduction of an enquiry into the digital platforms by the Australian competition and consumer Council, a set of recommendation has been provided in the report which is the focusing particularly on the privacy-related issues for assisting in the nation for the surveillance capitalism (Greenleaf et al., 2019). It has been recommended by the report that there must be some relevant factors concerning the merger laws which will look into the amount and nature of data which has been acquired in the Merger (Recommendation 1). In another recommendation, Australian Competition and Consumer Council has emphasized the need to be more specific concerning the identity and the contact details of the entity which are collecting data and the type of data which have been collected along with the purpose for the collection. The recommendation also suggests analysing if the data collected by such entity are getting disclosed to any third party and if yes then what was the purpose of doing so must be specified (Recommendation 8(a)). Report and recommendations are also evident proof of the need for better legislation policies for the protection of the privacy of the individual in the information privacy laws of Australia.

Conclusion on Failure of Information Privacy Laws

The nation needs to reform and incorporate some new provisions concerning the privacy information laws to ensure that the privacy of the individual is protected and free from any risk and exploitation in the nation. The various laws of the privacy information law of Australia are evident to win it is compared in the context of the General Data Protection Rights of the European Union.

References for Failure of Information Privacy Laws

Acts/ Legislations

Article 25(2) of the EU Directive 95/46/EC

art. 2 (a) DPD or art 4.1 General Data Protection Regulation.

Section 6 of the Privacy Act


Privacy Commissioner vs Telstra Corporation, 2017

Websites/ Journals

Greenleaf, G., Johnston, A., Arnold, B., Lindsay, D., Clarke, R. & Coombs, E. (February 22, 2019). Digital Platforms: The Need to Restrict Surveillance Capitalism (Australian Privacy Foundation Submission to the Australian Competition and Consumer Commission (ACCC) – Digital Platforms Inquiry – Preliminary Report.

GDPR. EU. (2020). What is GDPR, the EU's new data protection law?.,tens%20of%20millions%20of%20euros.

Meese, J., & Wilken, R. (2014). Google Street View in Australia: Privacy implications and regulatory solutions. Media Arts Law Review, 19(4), 305-324.

Productivity Commission. (2017). Data Availability and Use. Inquiry Report. Canberra: Commonwealth of Australia.

Schwartz, P. M., & Peifer, K. N. (2017). Transatlantic Data Privacy Law. The Georgetown Law Journal, 106(1), 115–179.

Zuboff, S. (2017). The Age of Surveillance Capitalism: The Fight for a Human Future at the New. United States: Ingram Publisher Services.

Law and Policy Program. (June, 2018) Big Data Technology and National Security - Comparative International Perspectives on Strategy, Policy and Law.

Bornstein, J. (Feb 1, 2019). In this age of surveillance capitalism, the law is left for dust.

Berookes, J, (Sep 2, 2019). Cover Story: As Surveillance Capitalism Takes Hold, Australia Lacks the Ability to Protect Its Citizens’ Privacy.

Falk, A. (October 29, 2019). 2020 Vision: Challenges and opportunities for privacy regulation.

Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Law Assignment Help

Get It Done! Today

Applicable Time Zone is AEST [Sydney, NSW] (GMT+11)
Upload your assignment
  • 1,212,718Orders

  • 4.9/5Rating

  • 5,063Experts


  • 21 Step Quality Check
  • 2000+ Ph.D Experts
  • Live Expert Sessions
  • Dedicated App
  • Earn while you Learn with us
  • Confidentiality Agreement
  • Money Back Guarantee
  • Customer Feedback

Just Pay for your Assignment

  • Turnitin Report

  • Proofreading and Editing

    $9.00Per Page
  • Consultation with Expert

    $35.00Per Hour
  • Live Session 1-on-1

    $40.00Per 30 min.
  • Quality Check

  • Total

  • Let's Start

Browse across 1 Million Assignment Samples for Free

Explore MASS
Order Now

My Assignment Services- Whatsapp Tap to ChatGet instant assignment help