The announcement makes it clear that the new laws are designed to expressly target online social media platforms, with Minister Fifield stating that “[t]he tech industry needs to do much more to protect Australians’ data and privacy”.
The tragic events that took place in Christchurch informed the Australian Government’s decision. Australian Prime Minister Scott Morrison criticised the fact that the massacre, which was live-streamed, could be freely viewed for over an hour.
The proposed changes
The proposal includes the following changes:
The proposed changes are yet to become law. However, the announcement contemplates that the relevant legislation will be drafted for consultation in the second half of 2019.
New Zealand – much smaller teeth
New Zealand is currently reforming its privacy laws. The Justice Select Committee’s final report on the New Zealand Privacy Bill was released on 13 March (see our comments on the key changes here).
Although the Privacy Bill in its current form addresses some of the issues found in the Australian announcement, the key distinction between the proposed Australian regime and that contemplated by the New Zealand Privacy Bill is the quantum of the maximum fines for breaches of the law.
The New Zealand Privacy Commissioner had previously called for the ability to apply to the court for a civil penalty of $1,000,000 for body corporates. However, notwithstanding submissions from the Privacy Commissioner and others (see Kensington Swan’s submission here), the maximum payable fine under the Privacy Bill remains at $10,000 – a mere fraction of the penalties that could be imposed under the Australian proposals or under the GDPR.
What next for New Zealand?
The revised Privacy Bill will now be heard and debated by the New Zealand Parliament and, if it passes its second reading in Parliament (which we expect it will), will then be considered by the Committee of the whole House. During or prior to the Committee of the whole House stage, any Member of Parliament may propose that amendments to the Privacy Bill be considered, by submitting a Supplementary Order Paper or last-minute typescript amendment.
We expect that it is likely that the current political environment may affect these later stages of the legislative process, and it would not surprise us if the House were asked to at least consider increasing the scope of the fines available under New Zealand privacy law, in order to more closely align New Zealand’s position with that of its second-largest trading partner.
While it would be unusual for a key policy change to a Bill to be made at such a late stage, the balance between privacy and security issues is squarely in the political spotlight in the wake of the Christchurch terrorist attack, and an increase in enforcement powers (however tangential to the events in Christchurch) may be seen as part of the political response.
We will regularly be publishing updates on the Privacy Bill as it progresses through the New Zealand legislature. If you would like specific advice on what the Bill will mean for your business, please contact Hayley Miller, Hayden Wilson, Gretchen Fraser, or Campbell Featherstone.