1.4 KiB
Australia's federal privacy law (amended 2023-2025). Comprehensive reform in progress — the Privacy Act Review (2023) proposes significant expansion: tiered penalties up to $50M AUD (or 30% of turnover, or 3x benefit obtained), direct right of action for individuals, new tort of serious invasion of privacy, children's privacy code, automated decision-making transparency.
Who must comply: Most Australian businesses with >$3M AUD turnover; all health service providers; all businesses handling tax file numbers. Extraterritorial — applies to any organization with an Australian link.
Penalties: Current maximum $50M AUD (from amendments effective late 2024). OAIC (Office of the Australian Information Commissioner) enforces. New direct right of action will increase private litigation.
Why it matters: The Privacy Act Review's proposed automated decision-making transparency requirements are unique — organizations must disclose the logic and expected outcomes of AI decisions. The gate stack's ACL2 proof log is the most defensible transparency artifact available. First-mover advantage: the reforms are being legislated now; early adoption positions the gate stack as the reference implementation.