Calls for Greater Regulatory Scrutiny – the introduction of a Privacy Code for the Digital Platforms Sector

Calls for sweeping changes to the regulatory landscape governing digital platforms were made with the release of the Australian Competition and Consumer Commission’s (ACCC) Digital Platform’s Inquiry (Inquiry) Report earlier this year. The Inquiry focussed on the impact of ‘platform services’ or ‘digital platforms’, including digital search engines, social media platforms, and other digital content aggregation platforms. The Inquiry critically assessed the power imbalance which exists between the organisations behind digital platforms and consumers. To redress to this imbalance the Inquiry made a total of 23 recommendations for change across competition law, consumer protection, media regulation and privacy law.

Notably, the Inquiry called for stronger privacy protections and increased regulatory checks and balances for digital platforms when it comes to the use of personal information. To effect this, one of the Inquiry recommendations is the introduction of a Privacy Code of Practice specifically targeted towards digital platforms (which we have entitled the Digital Platforms Privacy Code for the purposes of this article).

The Government released its response to the Inquiry on 12 December and has shown its support for a binding code with aims to introduce and release the necessary legislation to give effect to the Digital Platforms Privacy Code in 2020. Importantly, the Digital Platforms Privacy Code will be regulated and enforced by the Office of the Australian Information Commissioner (OAIC), with Commissioner Angelene Falk stating that “the changes will support people to make informed choices and hold organisations to account.”

The Power to Implement the Code

Under Part IIIB of the Privacy Act 1998 (Cth) (Privacy Act), specified industry sectors or professions may be subject to a unique privacy code. For instance, the Privacy (Credit Reporting) Code 2014 (Version 2) specifically deals with issues and privacy risks identified as characteristic of the credit reporting sector. Given the heightened privacy risks in the digital platforms sector which challenge consumers’ capacity to make informed decisions about their personal information, it is not surprising the Government would take steps to implement greater regulatory checks and balances.

What does this mean for Digital Platforms?

If implemented, the Digital Platforms Privacy Code will likely impose requirements on digital platforms in relation to:

  • consent mechanisms for the collection, use and disclosure of personal information
  • obligations for consumer opt-out controls,
  • the handling of children’s data,
  • information security and
  • the retention of data and complaints handling procedures.

These recommendations will build on the existing privacy standards in the Australian Privacy Principles (APPs) in Schedule 1 of the Privacy Act and will also supplement OAIC guidance on matters such as consent and notice. Essentially, the Digital Platforms Privacy Code will mandate that digital platforms engage in responsible data handling practices with the failure to do eliciting the similar penalties as are applicable under the Privacy Act.

Beyond the Digital Platforms Privacy Code, the Government has also adopted the Inquiry’s recommendation to consider broader reforms to The Privacy Act itself.  To ensure that consumers have greater control of their personal information, the following reforms will be considered:

  • Stronger consent requirements in favour of the consumer;
  • A broader definition of personal information, including technical and location data;
  • Measures to require personal information to be erased on request; and
  • A direct right of action for individuals and a statutory cause of action for serious invasions of privacy.

Conclusion

In world where data is increasingly cultivated and monetised, it is prudent for digital platforms to be subject to greater regulatory scrutiny. The imminent introduction of a Digital Platforms Privacy Code demonstrates a shift in favour of the rights and privacy of consumers – a critical step towards allowing individuals to better manage their privacy choices and to exercise greater control of their personal information.

The Australian Government has made it clear that it intends to take a proactive and not reactive approach to the challenges and opportunities presented by digital platforms. Now it is critical for digital platforms to do the same and to reconsider their data handling practices, while supporting growth in the digital sector and the broader economy.

Sainty Law can help you review and redesign your approach to privacy and data protection. Contact us for an obligation free discussion on how we can help your organisation.