UPDATE — SEPTEMBER 2025:
Since the Albanese Government passed the Privacy and Other Legislation Amendment Bill 2024, Australia’s most significant privacy reforms in decades have begun to take effect. The bill cleared the Senate on November 29, 2024, received Royal Assent on December 10, and came into force the following day, with staggered implementation timelines for key provisions.
The landmark statutory tort for serious invasions of privacy took effect by June 2025, giving Australians the ability to pursue legal remedies for significant breaches of their personal privacy. At the same time, the new criminal offenses for doxxing—punishable by up to seven years in prison—entered into force, particularly targeting harassment tied to domestic violence and attacks based on race, religion, or gender identity.
The Office of the Australian Information Commissioner (OAIC) has gained enhanced investigative and enforcement powers, including new tiers of civil penalties and the authority to issue infringement notices. Businesses now face stricter compliance requirements, such as mandatory technical and organizational safeguards like encryption, multifactor authentication, and access controls. Maximum penalties remain severe, with companies risking fines of up to 5% of annual turnover.
Meanwhile, the government is preparing to implement a Children’s Online Privacy Code, scheduled for rollout by December 2025, with $3 million allocated to OAIC to support its development. This will regulate how platforms handle minors’ data and sits alongside new social media protections expected at the same time, including minimum age restrictions for platforms such as YouTube, Instagram, TikTok, and Facebook.
Provisions requiring transparency in automated decision-making will take longer, with obligations set to commence in December 2026—24 months after Royal Assent. These rules will ensure Australians receive meaningful explanations of how AI-driven systems process their personal information.
Australia is also seeking to leverage these reforms internationally. In 2025, the government renewed discussions with the European Commission over an EU adequacy decision, which would recognize Australia’s privacy framework as equivalent to the GDPR. If granted, this would simplify EU–Australia data transfers, reducing reliance on contractual safeguards and boosting digital trade.
ORIGINAL NEWS STORY:
Australia Passes Landmark Privacy and Anti-Doxxing Legislation
Australia has passed its most significant privacy reforms in decades with the adoption of the Privacy and Other Legislation Amendment Bill 2024. The legislation strengthens protections for personal information and introduces tough new penalties for online harms, including doxxing.
The reforms mark a major update to the Privacy Act 1988, reflecting how digital technologies, large-scale data collection, and online platforms have reshaped privacy risks. Attorney-General Mark Dreyfus said Australians should expect strong safeguards for their personal information in an increasingly digital environment.
Stronger Privacy Rights for Individuals
A central feature of the legislation is the creation of a statutory tort for serious invasions of privacy. This new right allows individuals to seek legal remedies when significant breaches of privacy cause harm.
The reform gives Australians greater control over how their personal information is handled. It also signals a shift toward recognizing privacy as a core legal right rather than only a regulatory obligation.
New Protections for Children Online
The legislation introduces a Children’s Online Privacy Code to regulate how online services handle children’s personal data. The code aims to reduce exposure to online harms and limit exploitative data practices involving minors.
To support this effort, the government has allocated $3 million over three years to the Office of the Australian Information Commissioner (OAIC). The funding will help develop, implement, and enforce the new code.
Transparency in Automated Decision-Making
Another key reform focuses on transparency in automated and algorithmic decision-making. The law requires organizations to provide clearer explanations when automated systems significantly affect individuals.
These provisions respond to growing concerns about AI-driven decisions in areas such as credit, employment, and public services. By improving transparency, the legislation aims to increase accountability and public trust.
Criminalization of Doxxing
The bill makes doxxing a criminal offense under Australian law. Doxxing involves publishing personal information online to harass, threaten, or cause harm.
Offenders may face penalties of up to seven years in prison. The law places particular emphasis on cases involving domestic violence and attacks based on race, religion, gender, or other protected characteristics.
Expanded Enforcement Powers and Penalties
The reforms significantly strengthen the powers of the Australian Information Commissioner. The OAIC can now investigate privacy breaches more effectively and impose tougher penalties for non-compliance.
Companies that seriously violate privacy obligations may face fines of up to 5% of their annual turnover. These penalties reflect the government’s intention to deter misuse of personal data and encourage stronger internal safeguards.
Aligning Australia with Global Privacy Standards
The legislation also positions Australia to pursue closer alignment with international privacy frameworks. In particular, it supports renewed discussions with the European Commission on recognizing Australia’s privacy regime as equivalent to the GDPR.
Such recognition would simplify cross-border data transfers and support digital trade between Australia and the European Union.
Need Help?
With every day comes a new AI regulation or bill, and you might have questions and concerns about how it will impact you. Don’t hesitate to reach out to BABL AI. Their Audit Experts are ready to provide valuable assistance.
