Proposed sweeping changes to the Privacy Act will have implications for individuals and knock-on effects across a range of businesses. It comes at a pivotal time in the privacy and data security debate and as pertinent questions are raised during profit reporting season about whether AI benefits outweigh investment costs and risks, including potential bias.
This column understands the privacy legislation – in its early form – is expected to land later this month or in September, during parliamentary sitting weeks. That’s despite some industry participants fearing the timeline may slip.
The onus is on the Albanese government, in an area overseen by Attorney-General Mark Dreyfus, to get the balance right and ensure reforms are advanced in a timely fashion. Time is of the essence as Australia risks falling further behind reform efforts, including Britain’s and the European Union’s General Data Protection Regulation.
And no one wants a repeat of the disastrous Robodebt Scheme – where bungled technology and automated decision making led to terrible outcomes.
Australia’s privacy regime needs fixing.
The government’s response to a landmark review of the Privacy Act was published late last year, outlining its views on 116 proposals to beef up and modernise the legislation. Many of those 116 won’t be addressed in the legislation, but Dreyfus needs to get it moving, particularly in areas such as developing an online privacy code for children.
The small business sector is hoping the government doesn’t remove an exemption for companies with annual turnover of $3m or less. And large companies are on notice around how they handle, collect and store data. Given a bigger focus on AI, banks, retailers and healthcare companies will also closely monitor what the legislation says about automated decision making, after the government backed a number of proposals in that area of the review.
They included that individuals should have a right to “request meaningful information about how automated decisions with legal or similarly significant effect are made”. The government also agreed that privacy policies should set out the types of information drawn on in “substantially automated decisions which have a legal, or similarly significant effect on an individual’s rights”. That would include healthcare services, insurance, mortgages or personal loans.
Large companies will need to weigh up the benefits of AI for productivity against meeting potential requirements for regulators and customers to track and understand the decision making when required.
The proposed overhaul of the Privacy Act comes amid a smattering of questionable behaviour by large companies with regards to customer data and a host of data breaches.
Telstra was in the spotlight last month when a regulator outlined a major breach of its carrier licence. It related to the details of more than 140,000 Telstra customers, who had requested unlisted numbers, being made publicly available.
Separately, TikTok was the subject of a probe by the Office of the Australian Information Commissioner late last year for harvesting Australians’ data, using tracking pixels.
Privacy commissioner Carly Kind in May said while she found TikTok’s actions harmful and “corrosive of online privacy”, there wasn’t clear contravention by the company of current Australian privacy law. She called for urgent reform of the Privacy Act.
MinterEllison partner Paul Kallenbach tells this column it isn’t clear which of the 38 ‘‘agreed’’ or 68 ‘‘agreed-in-principle’’ recommendations the government will address in the first tranche of privacy legislation.
“There’s a question mark at the moment over the substance and timing of these reforms,” he says.
“The privacy principles under the current Privacy Act already constrain – at least to some extent – the ability to engage in mass data scraping of information (which is what generative AI requires – taking large amounts of data and putting it into an AI model).
“One of the key changes in the privacy reforms is a new overarching requirement that (data) collection, use and disclosure must be ‘fair and reasonable’.”
On automated decision making, Kallenbach says companies have to be mindful of the transparency of their algorithms.
“This reflects the current approach in Europe under the GDPR, which requires that if you’re making automated decisions impacting on individuals’ rights, then you need to be able to explain how that was done. I don’t see this as undermining the benefits of AI, but rather putting appropriate guardrails in place.”
Legislation was passed in 2022 to significantly increase penalties for repeated or serious privacy breaches.
Earlier this year, the British government outlined regulatory principles around AI including safety and robustness; appropriate transparency and explainability; fairness; accountability and governance; and contestability and redress.
Margin challenge
Athena Home Loans is pushing into higher-margin parts of the mortgage market after rising interest rates prompted a slowdown in broader housing credit over the past 18 months.
Last month, Athena began offering a low-deposit mortgage for those who have less than 20 per cent of the property’s value but can still provide a deposit of at least 15 per cent. Here Athena waives the requirement for lenders’ mortgage insurance (LMI), which is paid by the borrower.
ANZ has also introduced home loans that waive LMI for borrowers with lower deposits, but it is largely limiting it to customers residing in 145 wealthy postcodes that meet certain criteria. ANZ’s recent initiative allows wealthier borrowers to take out a home loan of up to 95 per cent of a property’s value without mortgage insurance. Banks and non-bank lenders alike are looking for ways to fatten their net interest margins – what they earn on loans, less funding and other costs – to offset competitive and macro pressures which have led to margin erosion.
Athena is also wading into mortgages for self-employed borrowers who typically provide less or alternative documentation and pay higher interest rates to secure a loan. They are calling it a “lite doc” loan.
From next month, Athena is planning to start lending to investor trusts and entities such as companies and trusts that don’t conduct business operations.
The lender has a mortgage book just shy of $4bn and has settled about $7.5bn in loans since launching in 2019.
Athena navigated a tough period in 2022 when it passed through a 65-basis point rise in home loan rates to existing and new customers, in excess of the Reserve Bank’s 50 basis point hike, citing volatile funding markets and higher costs. During that time banks were benefiting from ultra-low funding costs, due to the Covid-19 induced Term Funding Facility.
‘Don’t fix what ain’t broken’, FinServ lobby tells ASIC over private markets
The FSC has revealed its 101-page submission to ASIC’s review of private markets. As part of its review, ASIC must examine what is driving investors away from public markets, towards private options.
A 40-hour work week for Musk would be getting off lightly
The working week of chief executives is rarely defined, but big investors have taken aim at the Tesla boss for going missing.
The federal government’s overhaul of Australia’s privacy law is being keenly anticipated by Australian companies, particularly those weighing initial or further investment in artificial intelligence.