AU Privacy Amendment 2024
Privacy and Other Legislation Amendment Bill 2024
Strengthens Privacy Act requirements for biometric data collection, raising the standard of conduct for collecting biometric information used for automated verification or identification. Cannot collect such information unless individual has consented and it is reasonably necessary.
Jurisdiction
Australia
AU
Enacted
Nov 29, 2024
Effective
Dec 10, 2024
Enforcement
Office of the Australian Information Commissioner (OAIC)
Passed both houses November 29, 2024; received royal assent December 10, 2024
What It Requires
Who Must Comply
This law applies to:
- • Regulated entities under Australian Privacy Act
- • Organizations collecting biometric data for automated verification or identification
Capability triggers:
Who bears obligations:
Safety Provisions
- • Higher standard of conduct for collection of biometric data used for automated biometric verification or identification
- • Explicit consent required for biometric information collection
- • Reasonably necessary test for biometric data collection
- • Enhanced protections following OAIC enforcement against Bunnings and Kmart for facial recognition use
Enforcement
Enforced by
Office of the Australian Information Commissioner (OAIC)
Penalties
Unspecified
Penalties per Privacy Act violations; OAIC has enforcement powers including investigations and orders
Quick Facts
- Binding
- Yes
- Mental Health Focus
- No
- Child Safety Focus
- No
- Algorithmic Scope
- Yes
Why It Matters
Strengthens biometric data protections in Australia following high-profile facial recognition enforcement cases. Establishes clear consent and necessity standards for biometric AI systems. OAIC focusing enforcement on facial recognition technology.
Recent Developments
Royal assent December 2024. OAIC announced facial recognition as 2025-26 regulatory priority. Followed enforcement actions against Bunnings and Kmart. Bunnings found to have interfered with privacy through facial recognition system.
What You Need to Comply
Regulated entities must obtain explicit consent before collecting biometric data for automated verification/identification, and collection must be reasonably necessary for entity's functions or activities
NOPE can helpCite This
APA
Australia. (2024). Privacy and Other Legislation Amendment Bill 2024. Retrieved from https://nope.net/regs/au-privacy-amendment-2024
BibTeX
@misc{au_privacy_amendment_2024,
title = {Privacy and Other Legislation Amendment Bill 2024},
author = {Australia},
year = {2024},
url = {https://nope.net/regs/au-privacy-amendment-2024}
} Related Regulations
AU Social Media Age Ban
World's first social media minimum age law. Platforms must prevent under-16s from holding accounts. Implementation depends on age assurance technology.
AU Online Safety Act
Grants eSafety Commissioner powers to issue removal notices with 24-hour compliance. Basic Online Safety Expectations (BOSE) formalize baseline safety governance requirements.
NZ Biometric Code
Sets specific legal requirements under Privacy Act for collecting and using biometric data such as facial recognition and fingerprint scans. Prohibits particularly intrusive uses including emotion prediction and inferring protected characteristics like ethnicity or sex.
China FR Security Measures
Comprehensive facial recognition regulation requiring consent, protecting minors, restricting public space use, mandating data localization, and requiring filing for large-scale processing (100K+ individuals).
Brunei PDPO
Brunei's personal data protection order requiring DPIA and imposing penalties up to 10% Brunei turnover or $1M.
Korea AI Act
First comprehensive AI legislation in Asia-Pacific and second in the world after EU. Regulates "High-Impact AI" in healthcare, energy, nuclear, transport, government, and education sectors. Requires transparency notifications, content labeling for generative AI, and fundamental rights impact assessments. Notable for lower penalties than EU AI Act and absence of prohibited AI practices.