UPDATE — SEPTEMBER 2025: Since the Albanese Government passed the Privacy and Other Legislation Amendment Bill 2024, Australia’s most significant privacy reforms in decades have begun to take effect. The bill cleared the Senate on November 29, 2024, received Royal Assent on December 10, and came into force the following day, with staggered implementation timelines for key provisions.

The landmark statutory tort for serious invasions of privacy took effect by June 2025, giving Australians the ability to pursue legal remedies for significant breaches of their personal privacy. At the same time, the new criminal offenses for doxxing—punishable by up to seven years in prison—entered into force, particularly targeting harassment tied to domestic violence and attacks based on race, religion, or gender identity.

The Office of the Australian Information Commissioner (OAIC) has gained enhanced investigative and enforcement powers, including new tiers of civil penalties and the authority to issue infringement notices. Businesses now face stricter compliance requirements, such as mandatory technical and organizational safeguards like encryption, multifactor authentication, and access controls. Maximum penalties remain severe, with companies risking fines of up to 5% of annual turnover.

Meanwhile, the government is preparing to implement a Children’s Online Privacy Code, scheduled for rollout by December 2025, with $3 million allocated to OAIC to support its development. This will regulate how platforms handle minors’ data and sits alongside new social media protections expected at the same time, including minimum age restrictions for platforms such as YouTube, Instagram, TikTok, and Facebook.

Provisions requiring transparency in automated decision-making will take longer, with obligations set to commence in December 2026—24 months after Royal Assent. These rules will ensure Australians receive meaningful explanations of how AI-driven systems process their personal information.

Australia is also seeking to leverage these reforms internationally. In 2025, the government renewed discussions with the European Commission over an EU adequacy decision, which would recognize Australia’s privacy framework as equivalent to the GDPR. If granted, this would simplify EU–Australia data transfers, reducing reliance on contractual safeguards and boosting digital trade.

Taken together, the reforms mark a decisive shift: Australians now benefit from stronger protections against privacy invasions and online harms, regulators have sharper enforcement tools, and businesses face heightened obligations in anticipation of a fully modernized privacy regime by 2026.

ORIGINAL NEWS STORY:

Australia Passes Landmark Privacy and Anti-Doxxing Legislation

The Albanese Government achieved a historic milestone in privacy protection with the passage of the Privacy and Other Legislation Amendment Bill 2024. This groundbreaking legislation strengthens privacy safeguards for Australians and introduces severe penalties for doxxing, reflecting the government’s commitment to protecting personal information in an increasingly digital world.

The legislation updates Australia’s Privacy Act of 1988, aligning it with evolving digital realities and addressing new threats such as large-scale data breaches and online harassment. Attorney-General Mark Dreyfus has championed the reforms, stating that Australians have a right to expect robust protections for their personal information in today’s interconnected environment.

The bill includes a range of measures to enhance privacy protections:

1. Statutory Tort for Serious Invasions of Privacy: Australians now have legal recourse for significant violations of their privacy. This provision empowers individuals to seek redress for invasions that deeply affect their lives.

1. Children’s Online Privacy Code: Aimed at shielding children from online harms, this code will regulate how platforms handle data involving minors. The government has allocated $3 million over three years to the Office of the Australian Information Commissioner to develop and implement this critical initiative.

1. Transparency in Automated Decisions: The legislation mandates greater clarity for individuals impacted by algorithmic decision-making, ensuring Australians understand how AI-driven systems use their personal data.

1. Emergency Data Sharing: Provisions in the bill allow streamlined and secure sharing of information during emergencies, such as natural disasters or large-scale cyber incidents, while maintaining stringent safeguards.

1. Stronger Enforcement Powers: The Australian Information Commissioner gains enhanced authority to investigate and resolve privacy breaches swiftly, including imposing significant penalties for non-compliance.

A landmark feature of the bill is its explicit criminalization of doxxing. This malicious practice of publishing someone’s personal information online to harm or harass them carries penalties of up to seven years imprisonment. The law particularly targets cases involving domestic violence and attacks based on race, religion, gender, or other protected characteristics.

The bill builds on earlier efforts by the Albanese Government to reinforce privacy protections, including heightened penalties for serious breaches and restoring the Australian Privacy Commissioner as a standalone role. Companies found guilty of violating privacy laws face fines of up to 5% of their annual turnover, signaling the government’s zero-tolerance approach to non-compliance.

The new law also positions Australia to resume discussions with the European Commission on recognizing the nation’s privacy framework as equivalent to the EU’s General Data Protection Regulation. This recognition would facilitate smoother cross-border data transfers, benefiting Australian businesses and consumers.

Need Help?

With every day comes a new AI regulation or bill, and you might have questions and concerns about how it will impact you. Don’t hesitate to reach out to BABL AI. Their Audit Experts are ready to provide valuable assistance.