A new right to have personal information collected by companies erased and to ask search engines such as Google to delist results are among the key recommendations of a two-year sweeping review of the nation’s privacy laws.
Attorney-General Mark Dreyfus will embark on another round of consultations on the “right to request erasure” proposal and 115 other reforms put forward by his department in the review of the Privacy Act, commissioned by the former Morrison government.
The report is not government policy but lays the groundwork for the most comprehensive overhaul of privacy law since the act was introduced in 1988, but any changes could still be more than a year away.
The right-to-erasure proposal is modelled on the EU’s data protection regime, considered to be the strongest privacy and security law in the world, and would be subject to a number of exemptions including a public interest test and “where it would be technically impossible or unreasonable to comply with an individual’s request”.
If adopted, the changes would require small businesses to comply with the act, a major change from their current exempt status.
“The community expects that if they provide their personal information to a small business they will keep it safe,” the report states, noting further extensive consultation would be required to facilitate this process.
However, parties would be subject to new requirements that voters be given the ability to opt out of direct marketing or targeted advertising and that parties be prevented from targeting voters based on sensitive information or traits, such as racial origin, religious beliefs, sexual orientation, or health.