IPMojo

BOOK AN APPOINTMENT

Privacy 2.0 Part 1

by

Privacy 2.0: Why the Law Had to Change

It’s not every day a 1980s law gets a 2020s reboot — but that’s exactly what’s happening with Australia’s privacy regime.

After years of community anxiety, OAIC submissions, and a few too many headlines about mega-breaches, the Privacy Act 1988 (Cth) is finally stepping out of its shoulder-padded past and into the digital present.

The latest round of reform — passed at the end of 2024 and now live — marks the biggest shake-up to Australia’s privacy framework in over a decade … and while the updates aren’t a total rewrite, they’re a bold start. From new breach response tools to sharper enforcement powers, and from kids’ data codes to the long-awaited statutory tort of privacy invasion, this is no longer just a compliance issue for GCs. It’s a reputational and risk issue for boards — and a tech/design challenge for operational teams.

So why now? Because the old law just wasn’t cutting it anymore. The last major reform (the 13 APPs) happened in 2014. That was before TikTok existed. Before mass data scraping, AI-driven insurance risk profiling, and customer loyalty schemes that know your breakfast habits better than your spouse. Fast forward a decade, and we’re living in an environment where personal data isn’t just a risk category — it’s a currency, and one that criminals, governments, and companies alike are eager to trade.

Add to that the global pressure. Australia has fallen behind the GDPR club, and even the US (the privacy laggard) is now rolling out state-level data laws with real teeth. If we want to be taken seriously in trade deals, tech partnerships, or cross-border enforcement, our domestic rules have to look credible. That means: Transparency. Accountability. Teeth.

This 9-part twice-per-week Privacy 2.0 blog series will unpack the key changes — what’s landed, what’s coming, and what businesses need to do now (not in 2026, when the AI rules kick in). We’ll also ask the hard questions: is this regulation or reaction? Is it about protecting individuals — or just managing headlines? And what does it mean for those of us navigating the line between innovation and intrusion?

Tune in tomorrow for: an in-depth look at Australia’s new statutory tort of serious invasion of privacy, commencing on 10 June 2025.