Privacy Act Review Report: what to expect in the future of Australian Privacy Laws

22 February 2023

The Australian Government released a long-awaited report last week detailing their review of the Privacy Act 1988 (the Act). The Privacy Act Review Report (the Report) details 116 principle-based proposals for reforming the Act.1

The government is now seeking public feedback by 31 March 2023.

New Zealand businesses with exposure to the Australian market will need to ensure they are aware that Australian Privacy laws will be changing in the near future, and any updates to their own privacy practices should be made with these proposals in mind.


The review of the Act was first instigated by the Australian Competition and Consumer Commission’s (ACCC) 2019 Digital Platforms Inquiry final report. The review officially commenced in October 2020 with the release of an Issues Paper, followed by a Discussion Paper in 2021, which put forward proposals for reforming the Act for consultation.

The Report has become highly anticipated following the recent large-scale data breaches of 2022, and the expedited Australian Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, as discussed in a previous Bell Gully publication here.

The Report has also been drafted with the intention of better aligning Australia’s laws with global standards of information privacy protection and to properly protect Australians’ privacy when dealing with data-driven services. The Report considers that these proposed changes are likely to enhance cross border data flows with Australia as a trusted trading partner, and result in economic benefits for Australian businesses and the economy.

While the Report does not attach an exposure draft of any reform legislation, and many of the proposals are subject to further consultation, it does provide insight into what we can expect Australian privacy laws to look like in the future.


Many of the Report’s 116 principle-based proposals align with those already provided in the 2021 Discussion paper. They cover a broad range of privacy related issues, including:

  • broadening the definition of personal information;
  • strengthening requirements around consent and providing notice;
  • expanding enforcement powers and options;
  • introducing shorter timelines for reporting Notifiable Data Breaches;
  • providing a direct right of action to enforce privacy rights;
  • introducing new individual rights, including the right of ‘erasure’;
  • removing the small business exemption;
  • introducing a statutory tort for serious invasions of privacy;
  • introducing additional obligations when handling employee records;
  • introducing greater privacy standards for the media;
  • introducing a new requirement to act ‘fairly and reasonably’ with personal information; and
  • providing additional protections for practices with greater privacy risks.
Next Steps

Once the feedback period has concluded, the government will formally respond to the Report indicating which of the 116 proposals will be implemented. Following this, an exposure draft of an amendment bill will be released, and eventually, new privacy laws may be legislated.

If you would like further information regarding any of the proposed recommendations, or to make a submission, please reach out to your usual Bell Gully adviser.

1 The full report is available here.

Disclaimer: This publication is necessarily brief and general in nature. You should seek professional advice before taking any action in relation to the matters dealt with in this publication.