Privacy mid-year review 2023
During the first six months of 2023, a number of significant privacy events shaped the regulatory landscape in Australia. Australian regulators and lawmakers were active in response to high-profile data breaches and privacy incidents.
Privacy and data protection continue to be a hot topic for businesses, industries and sectors across Australia and internationally. The fallout from major data breaches and anticipated privacy law reform has refocused organisations' efforts to uplift privacy compliance and data governance.
We continue to monitor privacy developments with interest, and anticipate more privacy regulatory and reform activity in the second half of 2023.
Download review
Lander & Rogers’ Digital Economy practice has been closely following key privacy developments in Australia amid growing regulatory activity and clampdowns on the privacy practices of companies.
Our Privacy: Mid-year review 2023 summarises these key privacy developments. Download the resource or explore by topic below.
Timeline of key events
16 February 2023: Privacy Act Review
Attorney-General's Department releases final report.
1 March 2023: OAIC report
Notifiable Data Breaches Report: July to December 2022 published.
7 March 2023: OAIC v Facebook
Full Court of the High Court of Australia revokes Facebook Inc's special leave to appeal to the High Court seeking to appeal the Full Federal Court's decision that held the Information Commissioner had established prima facie that Facebook Inc was carrying on a business in Australia.
3 May 2023: Privacy Commissioner
Standalone Privacy Commissioner role announced by the Attorney-General.
8 May 2023: Clearview Inc v Australian Information Commissioner
Administrative Appeals Tribunal hands down decision.
10 May 2023: Latitude Finance data breach
Office of the Australian Information Commissioner and New Zealand Office of the Privacy Commissioner commence joint investigation into Latitude Group.
27 June 2023: Medibank Private cyber incident
APRA imposes $250 million capital adequacy requirement on Medibank Private following its examination of Medibank's information security environment.
26 July 2023: ACCC v Facebook
Federal Court orders $20 million fine against Facebook subsidiaries in ACCC misleading and deceptive conduct case.
In February 2023 the Attorney-General's Department published the Privacy Act Review: Report 2022, with three significant areas of reform proposed.
The recent findings of a review by the Administrative Appeals Tribunal into the practices of facial recognition software service Clearview provide valuable insights into the extra-territorial application of the Privacy Act.
In the first half of 2023 we witnessed the launch of a joint investigation into Latitude Finance, the announcement of a standalone Privacy Commissioner and the publication of a bi-annual Notifiable Data Breaches Report.
Proceedings against social media giant Facebook demonstrate that the jurisdiction of the OAIC extends even to companies located predominantly outside of Australia.
White paper: Evolving world of privacy compliance
The privacy and data protection landscape is a tapestry of complex and competing laws. Lander & Rogers recently co-authored a white paper to provide businesses with a pathway to navigate this landscape.
The white paper accompanied a "Privacy Roadshow" that our clients were invited to attend to learn more about an enterprise-wide, cross-disciplinary approach to data and privacy management.