Regulation of Digital Platforms as Part of Economy-Wide Reforms to Australia's Failed Privacy Laws (Australian Privacy Foundation Submission to the Australian Government on Implementation of the ACCC's Digital Platforms Inquiry—Final Report)

Abstract

This is the final submission to the Australian Government by the Australian Privacy Foundation (APF) on the final report of the Australian Consumer & Competition Commission (ACCC) Report on regulation of digital platforms. APF welcomes the contribution made by the ACCC to improving the understanding of how the protection of privacy is central to addressing anti-competitive concerns and consumer protection in the data economy. APF's primary focus in this submission is on the consumer privacy aspects of the Inquiry, but with an eye to the issues of market power, and the trust that is fundamental for public administration in online environments. The APF strongly supports the ACCC's analysis and recommendations, across the board. ACCC’s analysis is consistent with a wide range of Australian and international official and private reports over the past three years, demonstrating that there is international recognition of a substantive problem that must be addressed. In particular, APF urges the Government’s adoption of the recommendations in Chapter 7 to achieve vital and substantial upgrades in Australia’s privacy protection, in order to address the major inroads into privacy because of the enormous growth in data surveillance by the private sector since 2000, the pressing need for a more powerful and much more effective Privacy Commissioner, and to achieve the privacy right of action previously recommended. For reasons detailed in this Submission (and summarised at its end), APF expresses its strong support for the adoption by the Australian Government of all of the following Recommendations: 16: Strengthen protections in the Privacy Act (a) Update ‘personal information’ definition (b) Strengthen notification requirements (c) Strengthen consent requirements and pro-consumer defaults (d) Enable the erasure of personal information (e) Introduce direct rights of action for individuals (f) Higher penalties for breach of the Privacy Act 17: Broader reform of Australian privacy law, having regard to: 1. Objectives 2. Scope 3. Higher standard of protections 4. Inferred information 5. De-identified information 6. Overseas data flows 7. Third-party certification 18: OAIC privacy code for digital platforms, including but not limited to: 1. Information requirements 2. Consent requirements 3. Opt-out controls 4. Children’s data 5. Information security 6. Retention period 7. Complaints-handling 19: Statutory tort for serious invasions of privacy 20: Prohibition against unfair contract terms 21: Prohibition against certain unfair trading practices