Office of the Australian Information Commissioner

The OAIC has made appointments to key new roles in our senior executive leadership team. Ashleigh McDonald has been appointed Executive General Manager, Information Rights. She’ll lead our FOI and privacy case management, and intake and triage branches, with responsibility for strategically enhancing these functions to ensure the best outcomes for the Australian community. Rowena Park will take up the role of Executive General Manager, Regulatory Action. She’ll lead our experts in enforcement, investigations and compliance, ensuring the OAIC takes proactive and strategic action, including around new technologies and emerging harms. We look forward to welcoming both Ashleigh and Rowena in February. These appointments are part of an organisational redesign that will ensure the OAIC is a harm-focused, proactive regulator. More information and bios: https://lnkd.in/g7rh3vmV

The Australian Information Commissioner has agreed to a $50 million payment program as part of a settlement with Meta Platforms, Inc. The payment scheme will be open to eligible Australian users impacted by the Cambridge Analytica incident. Media release: https://lnkd.in/guF45ijQ

We’re hiring for several roles. Could you be our next: - Principal Director (Head of Legal), Corporate Legal Services (EL 2) - Senior Lawyer, Corporate Legal Services (EL 1) - Lawyer, Corporate Legal Services (APS 5/6) - Assistant Director, Data Analytics (EL 1)? Head to our website to apply: https://lnkd.in/gKmJV8jq Applications close from 9 January.

International collaboration was in full swing in our Sydney office last Thursday. Our commissioners met with senior security and economic officials responsible for developing Cambodia’s cyber security and telecommunications policy. The group discussed how Australia promotes and upholds privacy and information access rights, and the benefits of open, accountable and transparent government. The commissioners also met with representatives from Thailand’s Office of the National Digital Economy and Society Commission, civil society and industry. They discussed aspects of the Australian privacy framework that align with a study project being undertaken by the group.   Collaborating and sharing information with international peers is an important element of the OAIC’s contemporary approach to regulation and key to advancing interoperability between global privacy and information access frameworks.

Attorney-General Mark Dreyfus joined our commissioners Elizabeth Tydd, Carly Kind and Toni Pirani in addressing our people today. The Attorney-General spoke about the importance of privacy and information access rights for all Australians. He reflected on how privacy has grown in importance to Australians and discussed initiatives to strengthen the country’s privacy framework to meet community expectations and make sure it is fit for the digital age, including Parliament’s recent passing of the Privacy and Other Legislation Amendment Bill 2024. The Attorney-General also spoke about access to information, highlighting the OAIC's vital work in this area and that Australia’s freedom of information system is essential to a robust, fair and effective democracy.

Today is UNESCO’s International Day of People with Disability.   It is crucial that government agencies make information easily accessible to all Australians.   Do you work in freedom of information or information management for a government agency?   When considering your plans to make agency information available, take the time to think about what barriers people may face to accessing it. Consider accessibility and inclusion at every stage in your plans.   #IDPwD

Our commissioners Elizabeth Tydd and Toni Pirani recently attended the Association of Information Access Commissioners (AIAC) meeting hosted by Ombudsman SA. Discussion focused on the challenges new technologies present to government transparency and accountability. AIAC members remind agencies that good data governance is more important than ever as governments increasingly rely on emerging technologies to capture and store information and to help in decision making. Data governance is also important in an environment where trust in government is declining, and disinformation represents a real threat to democracies around the world. Read the meeting summary: https://lnkd.in/gbwxCKcZ

⚡ It's a big day for privacy here in Australia! ⚡ Last night the Senate passed the Privacy and Other Legislation Amendment Bill, the result of many years' work to begin to advance reform of the Privacy Act. The Bill contains some really significant pieces: ✅The introduction of a statutory tort for serious invasions of privacy, giving individuals a route to seek redress for privacy harms in the courts, ✅Expansion of the enforcement and investigative powers available to the Office of the Australian Information Commissioner, ✅A new power for my office to develop a Children's Online Privacy Code, which will cover not only social media platforms but any online services likely to be accessed by children, ✅A new facility for the Governor General to stipulate a 'white list' of countries with adequate privacy protections to facilitate cross-border data transfers, and ✅A requirement that privacy policies contain information about any automated decision-making system in use which could reasonably be expected to significantly affect the rights or interests of an individual. These new powers and functions come at a critical time, as privacy harms increase and the Australian community demands more power over their personal information. They were also adopted in the same parliamentary session in which the Senate passed the social media ban, which I believe in time will fundamentally shape the online ecosystem by requiring social media platforms to age assure all users. The OAIC has a significant role to play in ensuring this new requirement is applied consistently with individuals' privacy rights, by: *️⃣Oversighting the age assurance trial to be conducted in early 2025 to ascertain privacy-preserving methods for age assurance, *️⃣Ensuring that platforms don't compel users to provide government-issued identity documents, and that they provide alternative means for age assurance, and *️⃣Ensuring that platforms comply with the obligation to delete data collected for age assurance purposes and not to use it for any other purposes without voluntary, informed, current, unambiguous and specific consent. 2025 is going to be a big year for privacy and for the OAIC as we expand both our powers and our mandate!

Privacy Commissioner Carly Kind was a keynote speaker at the IAPP ANZ Summit earlier this week. She joined IAPP Vice President and Chief Knowledge Officer Caitlin Fennessy for a conversation about her first year in the role, the OAIC’s regulatory priorities, recent enforcement action and privacy law reform.

🎙️ A key priority for the OAIC is ensuring we take a forward-looking and technologically-informed view of applying the Australian Privacy Principles as written. One area of sustained focus for us has been data scraping practices, and compliance with the requirement under APP 3.5 that the collection of personal information must only be by fair and lawful means. In addition to our proceedings against Clearview, we also issued a determination in this area in the Court Data decision in February 2024 (https://lnkd.in/eexfsqSn). Yesterday, we further advanced our jurisprudence on APP 3.5 in dual determinations related to investigations into Master Wealth Control (https://lnkd.in/eWcNfyQ7) and Property Lovers (https://lnkd.in/eS2eU7xH). In considering whether the scraping of individuals' personal information from daily court listings and other databases was done by fair means, I undertook a broad assessment of a number of all the relevant circumstances, namely: - The respondents collected individuals’ personal information from published daily court listings and subscription-based services, in circumstances where those individuals did not have any knowledge or hold a reasonable expectation that their personal information was being collected. Daily court listings are transitory in nature and it was not the intention that information is made available indefinitely or for commercial purposes. - The respondents were scraping data to compile a list of individuals thought to be in distressed, vulnerable situations as they are a party to court proceedings because of bankruptcy, a deceased estate or a divorce. This information was then distributed explicitly to enable the deliberate targeting those individuals in order to capitalise on their vulnerability.