Draft legislation on Privacy Act Reforms brought forward to August as the Government respond to the ‘violence against women’ crisis

The Federal Government has announced a suite of preventative measures and legislative reforms following a national cabinet meeting yesterday addressing violence against women in Australia. Notably, the Government will bring forward legislation in August outlawing the release of private information online with an intent to cause harm, also known as ‘doxxing’. This is in addition to an overhaul of The Privacy Act 1988 (Cth) (Privacy Act) with the aim of giving all Australians who experience domestic and family violence ‘greater control and transparency over their personal information’, with a particular focus on women following widespread protests across the country this week.

Attorney General, Mark Dreyfus, said on the reforms:

“The increasing use of online platforms to harm people, particularly women, through the malicious release of their personal information is deeply disturbing.

.….

These reforms will make clear that those who seek to abuse or degrade women through doxxing, deepfakes, or by abusing their privacy online, will be subject to serious criminal penalties.”

As part of the Government’s Privacy Act Review released in February last year, recommendations included new provisions addressing the practice of doxxing. These included a new statutory tort for serious invasions of privacy allowing individuals to seek court recourse if they have fallen victim to doxxing, as well as strengthened individual rights to access, object, erase, correct and de-index their personal information.

The term ‘doxxing’ encompasses a number of practices, including revealing the identity of someone who was previously anonymous, revealing specific information about someone that allows them to be contacted or located, and revealing sensitive or intimate information about someone that can damage their reputation (e.g. medical, legal or financial records).

The proposed new statutory tort for serious invasions of privacy is likely to allow affected individuals to seek redress if they have been subjected to doxxing and the incident meets the proposed legal test:

• the privacy invasion was serious;
• they had a reasonable expectation of privacy;
• that the invasion was committed intentionally or recklessly (not merely negligently); and
• the public interest in privacy outweighs any countervailing public interest.

The introduction of a new statutory tort for serious invasions of privacy paired with the proposed creation of new individual rights will more closely align the rights of Australian individuals with those found in the EU General Data Protection Regulation. For example, if an individual has fallen victim to doxxing, under the proposed changes, they will have a right to require an entity to delete personal information through a right to erasure, a right to correction where the entity has control of the information, as well as the ability to request search engines de-index search results.

The impact of these proposed changes is that individuals will have more control over their personal information and more direct access to the courts if remedies are sought in the case of Privacy Act breaches. Although, the government response notes that affected individuals will need to lodge a complaint with the Office of the Australian Information Commissioner or a recognised External Dispute Resolution scheme as a first response to allow court resources to be efficiently utilised.

As always, the ‘devil will be in the detail’. We expect that these changes will be reflected in the draft legislation set to be presented to Government in August. Whilst no doubt a welcome step forward for individuals affected by doxxing, the proposed changes will nevertheless pose technical challenges for digital and social media organisations already coming to grips with a raft of proposed reforms in the space.

In addition to the above legislative updates, the Albanese Government announced resourcing for the development of industry codes and standards informed by the eSafety Commissioner’s existing work under the Online Safety Act 2021 (Cth) (Online Safety Act), and the initiation of a review of the Online Safety Act.

For more information on the announcement, see the media release here. We will keep you updated as privacy reforms in Australia progress this year.

For support or for additional information on any of these changes, please contact our team.

If you found this insight article useful and you would like to subscribe to Gadens’ updates, click here.

Authored by:

Sinead Lynch, Partner
Dudley Kneller, Partner
Michael Morris, Partner
Lucy Hardyman, Lawyer