Commonwealth of Australia Bills Commonwealth of Australia Bills[Index] [Search] [Download] [Related Items] [Help]
This is a Bill, not an Act. For current law, see the Acts databases.
2022
The Parliament of the
Commonwealth of Australia
HOUSE OF REPRESENTATIVES
Presented and read a first time
Privacy Legislation Amendment
(Enforcement and Other Measures) Bill
2022
No. , 2022
(Attorney-General)
A Bill for an Act to amend the law in relation to
privacy, and for other purposes
No. , 2022
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
i
Contents
1
Short title ........................................................................................... 1
2
Commencement ................................................................................. 1
3
Schedules ........................................................................................... 2
Schedule 1--Amendments
3
Australian Communications and Media Authority Act 2005
3
Australian Information Commissioner Act 2010
3
Privacy Act 1988
5
No. , 2022
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
1
A Bill for an Act to amend the law in relation to
1
privacy, and for other purposes
2
The Parliament of Australia enacts:
3
1 Short title
4
This Act is the
Privacy Legislation Amendment (Enforcement and
5
Other Measures) Act 2022
.
6
2 Commencement
7
(1) Each provision of this Act specified in column 1 of the table
8
commences, or is taken to have commenced, in accordance with
9
column 2 of the table. Any other statement in column 2 has effect
10
according to its terms.
11
12
2
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
No. , 2022
Commencement information
Column 1
Column 2
Column 3
Provisions
Commencement
Date/Details
1. The whole of
this Act
The day after this Act receives the Royal
Assent.
Note:
This table relates only to the provisions of this Act as originally
1
enacted. It will not be amended to deal with any later amendments of
2
this Act.
3
(2) Any information in column 3 of the table is not part of this Act.
4
Information may be inserted in this column, or information in it
5
may be edited, in any published version of this Act.
6
3 Schedules
7
Legislation that is specified in a Schedule to this Act is amended or
8
repealed as set out in the applicable items in the Schedule
9
concerned, and any other item in a Schedule to this Act has effect
10
according to its terms.
11
Amendments
Schedule 1
No. , 2022
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
3
Schedule 1--Amendments
1
2
Australian Communications and Media Authority Act 2005
3
1 At the end of subsection 59D(1)
4
Add:
5
; (q) a non-corporate Commonwealth entity (within the meaning
6
of the
Public Governance, Performance and Accountability
7
Act 2013
) not otherwise covered by this subsection that is
8
responsible for enforcing one or more laws of the
9
Commonwealth.
10
Australian Information Commissioner Act 2010
11
2 Section 25
12
Omit "The", substitute "(1) Subject to subsection (2), the".
13
3 Paragraphs 25(e), (g) and (h)
14
Repeal the paragraphs.
15
4 Paragraph 25(k)
16
Omit "
1988
;", substitute "
1988
.".
17
5 Paragraph 25(l)
18
Repeal the paragraph.
19
6 At the end of section 25
20
Add:
21
(2) The Information Commissioner may only delegate the following
22
functions or powers to a member of staff of the Office of the
23
Australian Information Commissioner who is an SES employee, or
24
an acting SES employee, or who holds, or is acting in, a position
25
that is equivalent to, or higher than, a position occupied by an SES
26
employee:
27
(a) the function conferred by section 55K of the
Freedom of
28
Information Act 1982
(making a decision on an IC review);
29
Schedule 1
Amendments
4
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
No. , 2022
(b) the function conferred by section 73 of the
Freedom of
1
Information Act 1982
(discretion not to investigate a
2
complaint);
3
(c) the function conferred by section 86 of the
Freedom of
4
Information Act 1982
(obligation to notify on completion of
5
investigation);
6
(d) making determinations for the purposes of section 52 of the
7
Privacy Act 1988
.
8
7 Paragraph 29(2)(a)
9
Repeal the paragraph, substitute:
10
(a) both of the following apply:
11
(i) the information was acquired by the person in the
12
course of performing an information commissioner
13
function or exercising a related power;
14
(ii) the person records, discloses or otherwise uses the
15
information in the course of performing an information
16
commissioner function or exercising a related power; or
17
(aa) both of the following apply:
18
(i) the information was acquired by the person in the
19
course of performing a freedom of information function
20
or exercising a related power;
21
(ii) the person records, discloses or otherwise uses the
22
information in the course of performing a freedom of
23
information function or exercising a related power; or
24
(ab) both of the following apply:
25
(i) the information was acquired by the person in the
26
course of performing a privacy function or exercising a
27
related power;
28
(ii) the person records, discloses or otherwise uses the
29
information in the course of performing a privacy
30
function or exercising a related power; or
31
8 Paragraph 29(2)(aa)
32
Reletter as paragraph (ac).
33
Amendments
Schedule 1
No. , 2022
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
5
Privacy Act 1988
1
9 Paragraph 5B(3)(b)
2
Omit "Territory;", substitute "Territory.".
3
10 Paragraph 5B(3)(c)
4
Repeal the paragraph.
5
11 Subsection 6(1)
6
Insert:
7
alternative complaint body
has the meaning given by
8
subsection 50(1).
9
related body corporate
: see subsection (8).
10
12 Section 13G
11
Before "An", insert "(1)".
12
13 Section 13G (penalty)
13
Repeal the penalty.
14
14 At the end of section 13G
15
Add:
16
(2) The amount of the penalty for a contravention of subsection (1) by
17
a person other than a body corporate is an amount not more than
18
$2,500,000.
19
(3) The amount of the penalty for a contravention of subsection (1) by
20
a body corporate is an amount not more than the greater of the
21
following:
22
(a) $50,000,000;
23
(b) if the court can determine the value of the benefit that the
24
body corporate, and any related body corporate, have
25
obtained directly or indirectly and that is reasonably
26
attributable to the conduct constituting the contravention--3
27
times the value of that benefit;
28
Schedule 1
Amendments
6
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
No. , 2022
(c) if the court cannot determine the value of that benefit--30%
1
of the adjusted turnover
of the body corporate during the
2
breach turnover period for the contravention.
3
(4) Subsection (3) applies despite paragraph 82(5)(a) of the Regulatory
4
Powers Act.
5
(5) For the purposes of paragraph (3)(c), the
adjusted turnover
of a
6
body corporate during a period is the sum of the values of all the
7
supplies that the body corporate, and any related body corporate,
8
have made, or are likely to make, during the period, other than:
9
(a) supplies made from any of those bodies corporate to any
10
other of those bodies corporate; or
11
(b) supplies that are input taxed; or
12
(c) supplies that are not for consideration (and are not taxable
13
supplies under section 72-5 of the
A New Tax System (Goods
14
and Services Tax) Act 1999
); or
15
(d) supplies that are not made in connection with an enterprise
16
that the body corporate carries on; or
17
(e) supplies that are not connected with the indirect tax zone.
18
(6) Expressions used in subsection (5) that are also used in the
A New
19
Tax System (Goods and Services Tax) Act 1999
have the same
20
meaning as in that Act.
21
(7) For the purposes of paragraph (3)(c), the
breach turnover period
22
for a contravention means the longer of the following periods:
23
(a) the period of 12 months ending at the end of the month in
24
which the contravention ceased, or proceedings in relation to
25
the contravention were instituted (whichever is earlier);
26
(b) the period:
27
(i) starting at the beginning of the month in which the
28
contravention occurred or began occurring; and
29
(ii) ending at the same time as the period determined under
30
paragraph (a).
31
15 Subparagraphs 25(1)(a)(i) and 25A(1)(a)(i)
32
Omit "this Act (other than section 13G)", substitute "this Part".
33
Amendments
Schedule 1
No. , 2022
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
7
16 At the end of section 26WA
1
Add:
2
•
The Commissioner may obtain information or documents in
3
relation to actual or suspected eligible data breaches.
4
17 Paragraphs 26WK(3)(c) and 26WR(4)(c)
5
After "the", insert "particular".
6
18 At the end of Part IIIC
7
Add:
8
Division 4--Commissioner's powers to obtain information
9
or documents relating to eligible data breaches
10
26WU Power to obtain information and documents relating to
11
eligible data breaches
12
(1) This section applies if the Commissioner has reason to believe that
13
a person or entity has information or documents, or can answer
14
questions, that are relevant to either or both of the following
15
matters (the
relevant matters
):
16
(a) an actual or suspected eligible data breach of an entity;
17
(b) an entity's compliance with the requirements in Division 3 of
18
this Part.
19
(2) Without limiting subsection (1), the relevant matters may relate to
20
one or more of the following:
21
(a) whether the entity is required to comply with one or more of
22
those requirements;
23
(b) the conduct or events that led to, or may have led to, the
24
application of one or more of those requirements to the
25
entity;
26
(c) the actions taken by the entity to comply with one or more of
27
those requirements;
28
(d) the actual or suspected eligible data breach that has, or may
29
have, happened;
30
Schedule 1
Amendments
8
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
No. , 2022
(e) the particular kind or kinds of information involved in the
1
actual or suspected eligible data breach;
2
(f) the steps taken to notify individuals affected by the actual or
3
suspected eligible data breach.
4
(3) The Commissioner may give to the person or entity a written
5
notice requiring the person or entity:
6
(a) to give information of the kind specified in the notice to the
7
Commissioner that relates to the matter; or
8
(b) to produce documents of the kind specified in the notice to
9
the Commissioner that relate to the matter; or
10
(c) answer questions of the kind specified in the notice to the
11
Commissioner that relate to the matter.
12
Note:
For a failure to give information etc., see section 66.
13
(4) A notice given by the Commissioner under subsection (3) must
14
state:
15
(a) the place at, or manner in which, the information or
16
document is to be given or produced or the questions are to
17
be answered; and
18
(b) the time at which, or the period within which, the information
19
or document is to be given or produced or the questions are
20
to be answered.
21
(5) If documents are produced to the Commissioner in accordance
22
with a requirement under subsection (3), the Commissioner:
23
(a) may take possession of, and may make copies of, or take
24
extracts from, the documents; and
25
(b) may retain possession of the documents for any period that is
26
necessary for the purposes of assessing an entity's
27
compliance with this Part; and
28
(c) during that period must permit a person who would be
29
entitled to inspect any one or more of the documents if they
30
were not in the Commissioner's possession to inspect at all
31
reasonable times any of the documents that the person would
32
be so entitled to inspect.
33
(6) This section is subject to section 70 but it has effect regardless of
34
any other Commonwealth law.
35
Amendments
Schedule 1
No. , 2022
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
9
(7) A person or entity is not liable to a penalty under the provisions of
1
any other Commonwealth law because the person or entity gives
2
information, produces a document or answers a question when
3
required to do so under this section.
4
19 Division 3 of Part IV (heading)
5
Repeal the heading, substitute:
6
Division 3--Reports and information sharing by
7
Commissioner
8
20 At the end of Division 3 of Part IV
9
Add:
10
33A Commissioner may share information with other authorities
11
(1) Subject to subsections (3) and (4), the Commissioner may share
12
information or documents with a body covered by subsection (2) (a
13
receiving body
):
14
(a) for the purpose of the Commissioner exercising powers, or
15
performing functions or duties, under this Act; or
16
(b) for the purpose of the receiving body exercising its powers,
17
or performing its functions or duties.
18
(2) The following bodies are covered by this subsection:
19
(a) an enforcement body;
20
(b) an alternative complaint body;
21
(c) a State or Territory authority, or an authority of the
22
government of a foreign country, that has functions to protect
23
the privacy of individuals (whether or not the authority has
24
other functions).
25
(3) The Commissioner may only share information or documents with
26
a receiving body under this section if:
27
(a) the information or documents were acquired by the
28
Commissioner in the course of exercising powers, or
29
performing functions or duties, under this Act; and
30
Schedule 1
Amendments
10
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
No. , 2022
(b) the Commissioner is satisfied on reasonable grounds that the
1
receiving body has satisfactory arrangements in place for
2
protecting the information or documents.
3
(4) If the Commissioner acquired the information or documents from
4
an agency, the Commissioner may only share the information or
5
documents with a receiving body under this section if the receiving
6
body is an agency.
7
(5) If information is shared with a receiving body under this section,
8
the receiving body may use the information only for the purposes
9
for which it was shared.
10
(6) To avoid doubt, the Commissioner may share information or
11
documents with a receiving body under this section whether or not
12
the Commissioner is transferring a complaint or part of a complaint
13
to the body.
14
33B Commissioner may disclose certain information if in the public
15
interest etc.
16
Information may generally be disclosed if in the public interest
17
(1) The Commissioner may disclose information acquired by the
18
Commissioner in the course of exercising powers or performing
19
functions or duties under this Act if the Commissioner is satisfied
20
that it is in the public interest to do so.
21
Public interest considerations
22
(2) In determining under subsection (1) whether the Commissioner is
23
satisfied that a disclosure is in the public interest, the
24
Commissioner:
25
(a) must have regard to the following:
26
(i) the rights and interests of any complainant or
27
respondent;
28
(ii) whether the disclosure will, or is likely to, prejudice any
29
investigation the Commissioner is undertaking;
30
(iii) whether the disclosure will, or is likely to, disclose the
31
personal information of any person;
32
Amendments
Schedule 1
No. , 2022
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
11
(iv) whether the disclosure will, or is likely to, disclose any
1
confidential commercial information;
2
(v) whether the Commissioner reasonably believes that the
3
disclosure would be likely to prejudice one or more
4
enforcement related activities conducted by or on behalf
5
of an enforcement body; and
6
(b) may have regard to any other matter the Commissioner
7
considers relevant.
8
(3) This section does not limit any other powers the Commissioner has
9
to disclose information under this Act or any other law of the
10
Commonwealth.
11
21 After paragraph 33C(1)(c)
12
Insert:
13
(ca) the ability of an entity subject to Part IIIC to comply with
14
that Part, including the extent to which the entity has
15
processes and procedures in place to:
16
(i) assess suspected eligible data breaches; and
17
(ii) provide notice of eligible data breaches to the
18
Commissioner and to individuals at risk from such
19
breaches;
20
22 At the end of section 33C
21
Add:
22
(3) Without limiting subsection (2), if the Commissioner has reason to
23
believe that an entity or file number recipient being assessed has
24
information or a document relevant to the assessment the
25
Commissioner may, by written notice, require the entity or file
26
number recipient to give the information or produce the document
27
within the period specified in the notice, which must not be less
28
than 14 days after the notice is given to the entity or file number
29
recipient.
30
Note:
For a failure to give information etc., see section 66.
31
(4) The Commissioner must not give a notice under subsection (3)
32
unless the Commissioner is satisfied that it is reasonable in the
33
circumstances to do so, having regard to the following:
34
(a) the public interest;
35
Schedule 1
Amendments
12
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
No. , 2022
(b) the impact on the entity or file number recipient of
1
complying with the notice;
2
(c) any other matters that the Commissioner considers relevant.
3
(5) An enforcement body is not required to comply with a notice given
4
by the Commissioner under subsection (3) if the chief executive
5
officer of the enforcement body believes on reasonable grounds
6
that compliance with the notice would be likely to prejudice one or
7
more enforcement related activities conducted by or on behalf of
8
the enforcement body.
9
(6) Subsection (3) is subject to section 70 but it has effect regardless of
10
any other Commonwealth law.
11
(7) A person or entity is not liable to a penalty under the provisions of
12
any other Commonwealth law because the person or entity gives
13
information or produces a document when required to do so under
14
subsection (3).
15
(8) The Commissioner may publish information relating to an
16
assessment on the Commissioner's website.
17
23 At the end of subsection 44(1)
18
Add:
19
Note:
For a failure to give information etc., see section 66.
20
24 At the end of subsection 46(4)
21
Add:
22
Note:
For a failure to give information etc., see section 66.
23
25 At the end of subsection 47(1)
24
Add:
25
Note:
For a failure to give information etc., see section 66.
26
26 Subsection 50(1)
27
Omit "In this section", substitute "In this Act".
28
Amendments
Schedule 1
No. , 2022
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
13
27 Subsection 50(1) (after paragraph (b) of the definition of
1
alternative complaint body)
2
Insert:
3
(ba) the eSafety Commissioner; or
4
28 Subsection 50(1) (definition of Ombudsman)
5
Repeal the definition.
6
29 After subparagraph 52(1)(b)(ii)
7
Insert:
8
(iia) a declaration that the respondent must prepare and publish, or
9
otherwise communicate, a statement about the conduct (see
10
section 52A);
11
30 After paragraph 52(1A)(b)
12
Insert:
13
(ba) a declaration that the respondent must prepare and publish, or
14
otherwise communicate, a statement about the conduct (see
15
section 52A);
16
31 After subsection 52(1A)
17
Insert:
18
(1AAA) Without limiting subparagraph (1)(b)(ia) or paragraph (1A)(b), the
19
steps specified by the Commissioner may include a requirement for
20
the respondent to:
21
(a) engage, in consultation with the Commissioner, a suitably
22
qualified independent adviser to review:
23
(i) the acts or practices engaged in by the respondent that
24
were the subject of the complaint; and
25
(ii) the steps (if any) taken by the respondent to ensure that
26
the conduct referred to in the determination is not
27
repeated or continued; and
28
(iii) any other matter specified in the declaration that is
29
relevant to those acts or practices, or that complaint; and
30
(b) provide a copy of the review to the Commissioner.
31
Schedule 1
Amendments
14
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
No. , 2022
32 After subsection 52(5)
1
Insert:
2
(5A) The Commissioner may publish a determination made under this
3
section on the Commissioner's website.
4
33 After section 52
5
Insert:
6
52A Determination--requirement to notify conduct constituting
7
interference with privacy of individual
8
(1) If a determination under section 52 includes a declaration
9
mentioned in subparagraph 52(1)(b)(iia) or paragraph 52(1A)(ba),
10
the respondent must, within 14 days after receiving the
11
determination (or such longer period as the Commissioner allows):
12
(a) prepare a statement, in consultation with the Commissioner,
13
setting out:
14
(i) the identity and contact details of the respondent or, if
15
the respondent is the principal executive of an agency,
16
the agency; and
17
(ii) a description of the conduct engaged in by the
18
respondent that constitutes the interference with the
19
privacy of an individual; and
20
(iii) the steps (if any) undertaken, or to be undertaken, by the
21
respondent to ensure the conduct is not repeated or
22
continued; and
23
(iv) any other information required by the declaration to be
24
included in the statement; and
25
(b) if required by the declaration--give a copy of the statement
26
to the complainant or, if the complaint is a representative
27
complaint, to each class member identified as affected by the
28
determination, in the manner specified by the declaration;
29
and
30
(c) if required by the declaration--publish, or otherwise
31
communicate, the statement in the manner specified by the
32
declaration; and
33
(d) give the Commissioner, within 14 days after the end of the
34
period specified in the declaration, evidence that the actions
35
Amendments
Schedule 1
No. , 2022
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
15
required by paragraphs (b) and (c) were taken in accordance
1
with this section and the declaration.
2
(2) The matters specified by the Commissioner for the purposes of
3
subsection (1) must be reasonable and appropriate.
4
34 Division 3 of Part V (heading)
5
Repeal the heading, substitute:
6
Division 3--Enforcement of determinations
7
35 At the end of section 55
8
Add:
9
; and (d) must prepare and publish, or otherwise communicate, a
10
statement in accordance with a declaration included in the
11
determination under subparagraph 52(1)(b)(iia) or
12
paragraph 52(1A)(ba) and section 52A.
13
36 At the end of section 58
14
Add:
15
; and (d) must prepare and publish, or otherwise communicate, a
16
statement in accordance with a declaration included in the
17
determination under subparagraph 52(1)(b)(iia) or
18
paragraph 52(1A)(ba) and section 52A.
19
37 At the end of section 59
20
Add:
21
; and (d) the preparation, publishing or communicating of a statement
22
in accordance with a declaration included in the
23
determination under subparagraph 52(1)(b)(iia) or
24
paragraph 52(1A)(ba) and section 52A.
25
38 Subsection 66(1)
26
Repeal the subsection, substitute:
27
Basic contravention
28
(1) A person contravenes this subsection if:
29
Schedule 1
Amendments
16
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
No. , 2022
(a) the person is required to give information, answer a question
1
or produce a document or record under this Act; and
2
(b) the person refuses or fails to do so.
3
Civil penalty:
60 penalty units.
4
39 After subsection 66(1)
5
Insert:
6
Multiple contraventions
7
(1AA) A person commits an offence if:
8
(a) the person is a corporation; and
9
(b) the person engages in conduct that constitutes a system of
10
conduct or a pattern of behaviour; and
11
(c) the system of conduct or pattern of behaviour results in 2 or
12
more contraventions of subsection (1).
13
Penalty: 300 penalty units.
14
40 Subsection 66(1B)
15
After "(1)", insert "or (1AA)".
16
41 Subsection 66(1B) (note)
17
Repeal the note, substitute:
18
Note:
A person who wishes to rely on this subsection bears an evidential
19
burden in relation to the matter in this subsection: see
20
subsection 13.3(3) of the
Criminal Code
and section 96 of the
21
Regulatory Powers Act.
22
42 Paragraph 67(b)
23
Omit ", whether or not pursuant to a requirement under section 44".
24
43 Subsection 70(1)
25
Omit "is not entitled to require", substitute "must not exercise a power
26
under this Act that requires".
27
44 After Division 1 of Part VIB
28
Insert:
29
Amendments
Schedule 1
No. , 2022
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
17
Division 1A--Infringement notices
1
80UB Infringement notices
2
Provisions subject to an infringement notice
3
(1) Subsection 66(1) of this Act is subject to an infringement notice
4
under Part 5 of the Regulatory Powers Act.
5
Note:
Part 5 of the Regulatory Powers Act creates a framework for using
6
infringement notices in relation to provisions.
7
Infringement officer
8
(2) For the purposes of Part 5 of the Regulatory Powers Act, each of
9
the following is an infringement officer in relation to the provision
10
mentioned in subsection (1):
11
(a) the Commissioner;
12
(b) a member of the staff of the Commissioner who holds, or is
13
acting in, an office or position that is equivalent to an SES
14
employee.
15
Relevant chief executive
16
(3) For the purposes of Part 5 of the Regulatory Powers Act, the
17
Commissioner is the relevant chief executive in relation to the
18
provision mentioned in subsection (1).
19
Extension to external Territories
20
(4) Part 5 of the Regulatory Powers Act, as that Part applies in relation
21
to
the provision mentioned in subsection (1), extends to every
22
external Territory.
23
45 Application of amendments
24
(1)
Subsection 59D(1) of the
Australian Communications and Media
25
Authority Act 2005
, as amended by this Schedule, applies in relation to
26
authorised disclosure information acquired by the ACMA before or
27
after the commencement of this item.
28
Schedule 1
Amendments
18
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
No. , 2022
(2)
Subsection 29(2) of the
Australian Information Commissioner Act 2010
,
1
as amended by this Schedule, applies in relation to information acquired
2
before or after the commencement of this item.
3
(3)
Section 13G of the
Privacy Act 1988
, as amended by this Schedule,
4
does not apply in relation to an act done, or a practice engaged in,
5
before the commencement of this item.
6
(4)
Paragraphs 26WK(3)(c) and 26WR(4)(c) of the
Privacy Act 1988
, as
7
amended by this Schedule, apply in relation to statements prepared after
8
the commencement of this item.
9
(5)
A notice may be given under section 26WU of the
Privacy Act 1988
, as
10
added by this Schedule, in relation to an actual or suspected eligible
11
data breach that occurred, or may have occurred, before or after the
12
commencement of this item.
13
(6)
Section 33A of the
Privacy Act 1988
, as added by this Schedule, applies
14
in relation to the sharing of information or documents after the
15
commencement of this item, whether the information or documents
16
were obtained by the Commissioner before or after that commencement.
17
(7)
Section 33B of the
Privacy Act 1988
, as added by this Schedule, applies
18
in relation to the disclosure of information after the commencement of
19
this item, whether the information was obtained by the Commissioner
20
before or after that commencement.
21
(8)
Section 33C of the
Privacy Act 1988
, as amended by this Schedule,
22
applies in relation to:
23
(a) assessments started before the commencement of this item
24
but not concluded at that commencement; and
25
(b) assessments started after that commencement.
26
(9)
Section 52 of the
Privacy Act 1988
, as amended by this Schedule,
27
applies in relation to:
28
(a) the investigation of complaints that started before the
29
commencement of this item but not finally dealt with at that
30
commencement; and
31
(b) the investigation of complaints that started after that
32
commencement.
33
Amendments
Schedule 1
No. , 2022
Privacy Legislation Amendment (Enforcement and Other Measures)
Bill 2022
19
(10)
Subsection 52(5A) of the
Privacy Act 1988
, as inserted by this
1
Schedule, applies in relation to determinations made by the
2
Commissioner before or after the commencement of this item.
3