India’s Digital Personal Data Protection Bill passed: “it’s a bad law”

Australia inching towards needed privacy reforms, yet encryption at risk

The Australian Government’s response to the Attorney General’s Department (AGD) Privacy Act Review Report is a step in the right direction for ensuring privacy and security for people in the country  — but there’s a long way to go.

As part of the ongoing review of the Privacy Act 1988, the AGD’s report proposes reforms for stronger privacy protections. According to the government, proposals with which the government “agrees” will be developed into legislation, for those with which it “agrees-in-principle” there will be further consultation with “entities” — opening up influence from an ambiguous group of stakeholders. However, for the proposals that the government “notes,” there is no clarity on next steps, leaving much needed reforms hanging in the balance.

The Australian government’s efforts to reform the framework governing privacy and surveillance is commendable, but we need clearer, more concrete action. The government must release a draft legislation for wider, sustained consultation with the public and experts — “entities” who are given more opportunities to provide feedback must not be the privacy pen holder. The true test of the in-principle agreements in the government’s response — including on widening the definition of “personal information” and on consent being voluntary, informed, current, specific and unambiguous – will be the text of the bill itself. Raman Jit Singh Chima, Asia Pacific Policy Director, Access Now

As the government recognises in its response, the Privacy Act Review is one of the many ongoing processes to revamp the digital and data regulatory framework, which will have a direct impact on people’s privacy in Australia. Therefore, the AGD will develop a guide for alignment on these various pieces. 

Australia’s effort to harmonise the various privacy-related obligations must also take into account the proposals adversely targeting encryption — the backbone of secure communications. While the Australian government is making commendable efforts to introduce privacy-strengthening reforms, legacy regulations like the Telecommunications Act 2018 and imminent regulation like the Online Safety Codes risk encryption. The AGD must address this contradiction, and ensure that encryption, and therefore online privacy and security, are meaningfully protected. Namrata Maheshwari, Asia Pacific Policy Counsel, Access Now

People across Australia have the right to privacy, and Access Now urges the Australian government to develop draft legislation for input from the public and experts on privacy-impacting obligations, and to reconcile the regulatory landscape by ensuring safeguards for privacy-preserving tools like encryption.