Since 25 May 2018, Australian businesses which distribute goods and services to persons in the EU are now bound by strict data protection laws which are more onerous than Australian Privacy Principles.
Under the General Data Protection Regulation (GDPR), personal data can only be processed if there is consent by the individual, or if there are contractual obligations to do so. Therefore it is paramount that all businesses with EU customers or suppliers update their customer terms and subcontracts with those that involve access to personal information.
The European Commission does not recognise Australia as having adequate privacy laws. As a result Australian companies contracting with EU parties will have to ensure that they have additional safeguards in place to protect personal data transferred to Australia. In Australia, businesses commonly rely on implied consent, however this is inadequate under the new rules imposed by the GDPR, where express consent is required either by statement or clear affirmative action.
The reach of the GDPR is significant enough to affect many Australian businesses, especially those who operate in the digital economy. Agreements that concern the processing of data should be reviewed immediately to ensure compliance with the GDPR.
Big Players and compliance: Google
Google encounters over 2 trillion searches per year, where results are categorised based on data collected by individuals. This information is also separately used for targeted advertising. In response to the GDPR, Google has taken the controversial approach of passing the burden of consent onto the publishers who provide them with targeted advertising. Commentators allege that Google’s approach is innately non-complaint and inevitably the GDPR will be tested against their interpretation. Determinations under these new laws may change privacy law obligations in relation to cross-boarder interactions. This may also impact the way we draft data security and privacy legislation in Australia. Stay tuned.
For advice on how to ensure compliance with the GDPR, contact Peter McNamara today.