University of Melbourne · S1 2026 · FACULTY OF LAW

LAWS70082 · Privacy Law

- one subject, every graph, every model, every mark
50% final exam · hurdle14 Chapters3-page Bible
Our own words - no uploaded lecturer files
Built to mirror S1 2026 · updated this semester
Chapter 7 of 7 · LAWS70082

Privacy Law Reform

Australian privacy law is mid-reform, and this chapter is the research-paper heartland (and the discursive take-home question). The legal question: is the principles-based Privacy Act regime fit for the data economy, and what should the next tranche do? The reform through-line runs ALRC 108 (2008) → the unified APPs (2014) → the ACCC Digital Platforms Inquiry (2019) → the AGD Privacy Act Review (2022, released 2023; 116 proposals) → the Government Response (2023) → the POLA Act 2024 first tranche, which enacted the statutory tort, tiered penalties, automated-decision-making transparency and a Children’s Online Privacy Code. A second tranche — the fair-and-reasonable test, a direct right of action, an expanded “personal information” definition, and exemption removal — is proposed but not yet law. The chapter also supplies the comparative leverage examiners prize: the EU GDPR (lawful bases, subject rights, extraterritoriality, Schrems II) and the US patchwork (FTC s 5, CCPA/CPRA), and the emerging frontiers — AI/automated decision-making, biometrics and facial recognition, and data brokers. The cardinal rule: do not overstate the law — keep enacted and proposed sharply apart.

In this chapter

What this chapter covers

  • 01The reform through-line: ALRC 108 → APPs → ACCC DPI → Privacy Act Review
  • 02The AGD Privacy Act Review (2022): 116 proposals; Proposal 27.1 = the tort
  • 03Enacted — POLA Act 2024: statutory tort, tiered penalties, ADM transparency, children’s code
  • 04Proposed (not law) — fair-and-reasonable test, direct right of action, expanded definitions, exemption removal
  • 05Comparative: EU GDPR (lawful bases, rights, extraterritoriality, Schrems II)
  • 06Comparative: the US patchwork (FTC s 5, CCPA/CPRA)
  • 07Emerging: AI/ADM, biometrics & FRT, data brokers
  • 08Argue, don’t describe — and never overstate what is enacted
Worked example · free

Worked example: framing a reform thesis

Q [5 marks]. Draft and defend a research-paper thesis on whether Australia should adopt a GDPR-style rights model or retain its principles-based APPs.
  • +1Map the law briefly: Australia uses principles-based APPs (flexible, outcome-focused) overseen by the OAIC; the GDPR uses enumerated lawful bases and individual data-subject rights (access, erasure, portability) with extraterritorial reach.
  • +1Frame a narrow thesis: e.g. ‘Australia should adopt a GDPR-style direct right of action and erasure right, but retain principles-based APPs rather than rigid lawful bases’ — contestable, not a description.
  • +1Argue for: enforceable individual rights and a direct right of action close the regime’s remedial gap (the second-tranche proposal) and align Australia with its largest trading partner.
  • +1Argue against / nuance: rigid lawful bases can be brittle in fast-moving tech; principles-based APPs adapt — so the thesis takes GDPR rights but keeps APP flexibility.
  • +1Anchor in currency: tie the argument to the enacted first tranche vs the pending second tranche, and use Schrems II on cross-border transfers — without overstating what is law.
A strong thesis is narrow and contestable — e.g. adopt GDPR-style enforceable rights and a direct right of action (the pending second tranche) while keeping the adaptable principles-based APPs — argued with comparative leverage (Schrems II) and anchored in what is enacted versus merely proposed.
Glossary

Key terms

Privacy Act Review (AGD, 2022)
The Attorney-General’s Department review (report 2022, released 2023) making 116 proposals to modernise the Act — the blueprint for the staged reforms, including Proposal 27.1 (the statutory tort) now enacted.
POLA Act 2024 (first tranche)
The Privacy and Other Legislation Amendment Act 2024 (Cth) — the enacted first tranche: the statutory tort (Sch 2), tiered civil penalties, automated-decision-making transparency, and a Children’s Online Privacy Code.
The fair-and-reasonable test (proposed)
A pending second-tranche proposal that collection, use and disclosure of personal information be ‘fair and reasonable in the circumstances’ as an overarching standard — proposed, not yet law; a key reform-paper subject.
The GDPR
The EU General Data Protection Regulation — the leading comparator: enumerated lawful bases, strong data-subject rights (access, erasure, portability), extraterritorial reach, and the cross-border transfer constraints of Schrems II.
Direct right of action (proposed)
A pending proposal to let individuals sue directly in court for breaches of the Act, rather than only complain to the OAIC — closing a remedial gap; proposed, not yet law.
FAQ

Privacy Law Reform FAQ

What is the single biggest risk in a reform answer?

Overstating the law. The first tranche (statutory tort, tiered penalties, ADM transparency, children’s code) is enacted; the fair-and-reasonable test, the direct right of action, the expanded ‘personal information’ definition and exemption removal are proposed, not law. Marking treats ‘the law now requires X’ as a serious error when X is only a proposal.

What makes a strong reform thesis?

Narrow and contestable, argued not described. Reliable seams: does the 2024 tort’s public-interest balance protect free speech? Is the Telstra ‘about an individual’ test fit for the data-broker era? GDPR-rights model vs principles-based APPs? Are the small-business / employee-records / journalism exemptions defensible? Map the law briefly, then argue with authority.

How much comparative law do I need?

Enough to leverage, not a survey. The GDPR (lawful bases, subject rights, extraterritoriality, Schrems II) and the US patchwork (FTC s 5, CCPA/CPRA) are the prized comparators because the subject’s outcomes reward comparative analysis — use them to sharpen an Australian thesis, not to describe foreign law for its own sake.

Do I cite in AGLC here?

For the research paper, yes — strict AGLC is required, with a table of contents and headings, and authority for every legal proposition. For the discursive take-home question the same accuracy applies even if the citation form is lighter. Either way, cite a real authority for every claim and keep enacted/proposed labelled.

Study strategy

Exam move

Build a single enacted-vs-proposed table and keep it spotless, because the cardinal error here is overstating the law — the POLA Act 2024 first tranche is in force; the fair-and-reasonable test, direct right of action, expanded definitions and exemption removal are not. Memorise the through-line (ALRC 108 → APPs → ACCC DPI → Privacy Act Review → POLA Act 2024) so you can map the law in two sentences and spend the rest arguing. Keep two or three contestable theses ready (the tort vs free speech; Telstra in the data-broker era; GDPR rights vs principles-based APPs) and one or two comparators (GDPR, Schrems II) to leverage. For the paper, draft in strict AGLC and cite a real authority for every proposition.

Keep going — explore the course
A+Everything unlocked
Unlocks this Bible + all 29 of your University of Melbourne subjects - and 1,000+ Bibles across every Australian university.
Sia - your LAWS70082 tutor, unlimited, worked the way the exam marks it
The full 3-page Bible + practice bank with worked solutions
Chrome extension - sync your LMS so Sia knows your deadlines
Bilingual EN / Chinese on every Bible and every Sia answer
$25/ month
30-day money-back · cancel in one tap · how it works
Unlock the full LAWS70082 Bible + 29 University of Melbourne subjects解锁完整 LAWS70082 Bible + University of Melbourne 29 门科目
$25/mo