Have you recently been bombarded with emails about websites updating their privacy policies and terms and conditions? Are you wondering what it’s all about? Well, here’s a quick overview.
We live in a world in which our personal information has become a commodity, and the issue of privacy and data protection has been at the forefront of media coverage in recent months (particularly in relation to Facebook’s infamous data sharing saga).
While Australia had an overhaul of its Privacy Act in 2014, it is now the European Union’s turn, with the European Union General Data Protection Regulation (GDPR) coming into force on 25 May 2018.
The GDPR covers similar ground to Australia’s Privacy Act, addressing the “lifespan” of personal information by regulating its collection, use, disclosure and retention.
While the GDPR is designed to regulate the personal information of residents of the European Union (EU), if a business is located in Australia and offers goods and services in the EU, or collects the personal information of individuals in the EU, it is required to have GDPR compliant privacy practices and risks severe penalties for any breach.
So what are some notable differences between our Privacy Act and GDPR?
Consent is key. Rather than consent being implied, you must give explicit consent to the collection and use of your personal information (e.g. by ticking a box consenting to the collection of information when you sign up to a website rather than just automatically consenting by typing in your details).
Greater access rights: In Australia, you already have a right to access and correct your personal information; however, the GDPR has expanded this and has included rights such as: a right to request your data be erased (or “forgotten”); a right for your data to be provided to you in a portable way; and a right not to be subject to a decision based solely on automated processing (except in particular circumstances).
Reporting data breaches: There’s a greater range of data breaches that must be reported, within a shorter time frame, than is required under Australian privacy laws.
As a consumer, you should take the time to familiarise yourself with these changes and consider the amendments to the privacy policies you are being contacted about.
If you have a business, you should determine whether you need to comply with the GDPR and, if so, review your data collection policies and practices to ensure that they comply with the new regulations.
If you need assistance in relation to the GDPR, please give Jenkins Legal Services a call on 02 4929 2000 or email firstname.lastname@example.org.
This article is not legal advice and the views and comments are of a general nature only. This article is not to be relied upon in substitution for detailed legal advice.