Australian insurers and banks concerned over online privacy bill

Australia’s insurance and banking industries are concerned over the Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021 (online privacy bill), particularly the impacts of its stricter privacy standards on major insurers and banks.

According to the Australian Government Attorney-General’s Department, the bill strengthens the Privacy Act 1988, gives way to a binding online privacy code for social media and other online platforms, and increases penalties and enforcement measures.

With the bill aiming to lift the privacy standards of “big tech” companies, major insurers and banks are worried that it will force them to abide by stricter privacy obligations – with associations representing the financial industry noting that the bill’s definition of “online platforms” extends to many insurers, banks, finance providers, superannuation funds, intermediaries, and other third parties, according to IT News.

The recently released Online Privacy Bill Exposure Draft included an online platform code, listing new obligations for how online platforms must collect, disclose, and use their customers’ data:

• 26KC(4)(a) - “respond to a request to not use…personal information within a reasonable period.”
• 26KC(2) - “Notify an individual … of the purposes for which the organisation collects, uses, and discloses personal information.”
• 26KC(6)(a) - “take all reasonable steps to verify the age of individuals to whom the OP organisation provides an electronic service.”
• 26KC(6)(b) - “obtain the consent of a parent or guardian of a child who has not reached 16 years before collecting, using, or disclosing 16 personal information of the child.”

Read more: eSafety commissioner warns of alarming number of adult cyber abuse cases

In a submission to the bill’s exposure draft, the Insurance Council of Australia (ICA), Australian Banking Association, Australian Finance Industry Association, and Financial Services Council warned the bill might lead to “complexity, potential conflict of laws and outcomes, and higher administrative costs.”

They noted that the online privacy bill is part of the government’s response to the Australian Competition and Consumer Commissioner’s (ACCC) 2019 Digital Platforms Inquiry. However, ACCC’s recommendations of stronger privacy obligations for big tech companies were not intended for the financial sector. Instead, the inquiry defined online platforms as “digital content aggregation platforms, social media platforms, and search engines.”

However, the submission noted that the bill expands the definition to any organisation that “collects personal information about an individual in the course of or in connection with providing access to information, goods, or services (other than a data brokerage service) by use of an electronic service (other than a social media service)” and had “over 2,500,000 end-users in Australia in the past year.”

Therefore, the submission advised the government to mull over “any proposals for changes to the operation of privacy regimes in the finance sector.”