The Commonwealth Government has announced a new penalty regime under the Privacy Act. The penalties will apply to all businesses to which the Privacy Act applies with a focus on social media companies.

The amendments to the Privacy Act will:

• Increase penalties for all entities covered by the Act, which includes social media and online platforms operating in Australia, from the current maximum penalty of $2.1 million for serious or repeated breaches to $10 million or three times the value of any benefit obtained through the misuse of information or 10 per cent of a company’s annual domestic turnover – whichever is the greater;
• Provide the Office of the Australian Information Commissioner (OAIC) with new infringement notice powers backed by new penalties of up to $63,000 for bodies corporate and $12,600 for individuals for failure to cooperate with efforts to resolve minor breaches;
• Expand other options available to the OAIC to ensure breaches are addressed through third-party reviews, and/or publish prominent notices about specific breaches and ensure those directly affected are advised;
• Require social media and online platforms to stop using or disclosing an individual’s personal information upon request;
• Introduce specific rules to protect the personal information of children and other vulnerable groups.

Legislation will be drafted for consultation in the second half of 2019.

The draft legislation will also incorporate any relevant findings of the current Digital Platforms inquiry by the Australian Competition and Consumer Commission which is due to issue its final report in June 2019.