With the amendments to Australia’s privacy law coming into force, it is only natural that our attention is firmly focused on the domestic privacy scene at the moment. However, perhaps the bigger challenge for Australian businesses will come from abroad.
With a slow but steady pace, the European Union’s data privacy reform moves forward. One of its key features is that violations of the forthcoming Data Protection Regulation can result in fines of up to 2-5% of the offending company’s annual global turnover – a serious amount of money for most Australian businesses.
Having introduced its trailblazing data protection Directive in 1995, the EU is now looking to modernise its privacy law through a regulation that will harmonise the law across Europe. Several parts of the proposal have been controversial. and progress has been slow since the proposal was first released in January 2012. However, in a European Commission Memo released at the end of January, it was suggested that we may see an agreement on the data protection reform before the end of this year.
Dealing with Europe
So why should Australians care about a new law being introduced on a struggling market on the other side of the world? For the Australian business community, the answer lies in the effect the EU law may have in Australia. The EU has specifically stated that one aim of the reform is to ensure that companies based outside Europe will have to apply the same rules as European companies when they do business on the European market.
Any Australian business offering goods or services to EU residents in the EU will need to take account of the regulation. Similarly, any Australian organisation that processes the personal information of EU residents in the context of “the monitoring of their behaviour”, such as through internet tracking, are required to abide by the proposed EU law. And failure to comply may as mentioned have serious implications.
This also means that an Australian business which happens to sell something to a customer in the EU on a one-off basis must comply with the entire Data Protection Regulation.
Story continues on page 2. Please click below.