Protecting Consumer Privacy and Data Security: Regulatory Challenges and Potential Future Directions

Abstract

This article considers the regulatory problems of online tracking behaviour, lack of consent to data collection, and the security of data collected with or without consent. Since the mid-1990s the United States Federal Trade Commission has been using its power under the United States consumer protection regime to regulate these problems. The Australian Competition and Consumer Commission (ACCC), on the other hand, has yet to bring civil or criminal proceedings for online privacy or data security breaches, which indicates a reluctance to employ the Australian Consumer Law (‘ACL’) in this field.1 Recent legislative action instead points to a greater application of the specifically targeted laws under the Privacy Act 1988 (Cth) (‘Privacy Act’), and the powers of the Office of the Australian Information Commissioner (OAIC), to protect consumer privacy and data security. This article contends that while specific legislation setting out, and publicly enforcing, businesses’ legal obligations with respect to online privacy and data protection is an appropriate regulatory response, the ACL's broad, general protections and public and/or private enforcement mechanisms also have a role to play in protecting consumer privacy and data security.