Authorities are pushing to enhance regulation amid the rise of “intrusive” technology. 

Australia's national privacy commissioner, Angelene Falk, has said that modernising the country’s privacy laws is essential to protect citizens against intrusive technologies such as smart glasses and AI-powered devices. The proposed changes would also bring Australia in line with international regulations. 

Falk believes that foundational protections are necessary as the complexity of privacy policies and the pace of technology change can be difficult to understand.

“We’ve got information handling practices that are very complex and difficult to understand,” she told the AFR.

“We’re really at a point where, just like a safety standard where we can walk into a building and be confident in the structure without having to be engineers, we need to be able to deal with products and services and have confidence that personal information will be similarly protected.

“That’s why I think it’s really important to have this obligation to ensure all personal information handling is fair and reasonable.”

Falk says she supports the creation of a statutory tort for serious invasions of privacy that are intentional or reckless, as the Privacy Act only protects against breaches of informational privacy, but not against general intrusions of privacy such as bodily privacy or seclusion. 

Responding to the recommendation to end the small business exemption, Falk said that Australia is an international outlier in regulating only 5 per cent of the 2.3 million businesses operating in the country. 

“So that can exclude businesses like real estate agents, debt collectors, some law firms and accountants, all of whom are handling personal information,” she said. 

A survey by the commission reportedly found 85 per cent of consumers thought small businesses were already covered by the Privacy Act.

“When we asked them whether or not in fact they should be covered, when they learned that was not the case, 71 per cent considered that they should be,” Falk said. 

“The small business exemption was introduced more than 20 years ago at an absolutely different time and place. And we now have a situation where 84 per cent of small businesses have an online presence and many of them will be handling personal information.“

She also expressed concern about the need to rely on good data practices across the entire supply chain.

“One of the key issues that businesses in the EU and UK and Japan for example, are interested in when they’re dealing with the business in Australia, is how they better protect the information that might transfer from their country,” Falk said.

“Bringing small businesses into the remit of the Privacy Act will give that greater trust and confidence from an international trade perspective as well.”