The Privacy Commissioner is armed and ready to enforce privacy law: Are you prepared?

If waiting for the second wave of privacy reforms for more clarity on what businesses need to do to become compliant is your strategy, we urge you to rethink this approach. Australian Privacy Commissioner, Carly Kind, spoke with Mi3 in this recent article regarding her robust enforcement. In short, the article outlines how the Office of the Australian Information Commissioner (OAIC) is taking a firm, proactive stance on enforcing privacy law, despite delays to reforms in tranche two. 

Kind is using the new regulatory powers passed in tranche one to set enforcement benchmarks. She specifically acknowledged that a key focus for the OAIC is the use of tracking technologies like pixels on websites, where liability rests with site operators rather than the platforms. The Commissioner also warned that widespread practices involving data brokering, clean rooms, and AI training with de-identified data may not be as compliant as businesses assume. Overall, the OAIC’s enforcement strategy is designed to end regulatory ambiguity, elevate privacy to a board-level concern, and incentivise stronger data governance across industries.
 

What does this mean for marketers, CMOs, and their businesses?

When tranche one of privacy reforms was introduced, the ‘slimmed down’ version of the Privacy and Other Legislation Amendment Bill 2024 was a surprise to many. Lacking majority of the reforms that were teased and anticipated, the curve ball definitely resulted in many boards, c-suites and business owners letting out a sigh of relief that the pressure, it appeared, was temporarily off. However, Commissioner Kind’s recent statements refute this response and indicates that prioritising and investing in privacy should still be a top priority for businesses. 

For marketers, CMOs, and their businesses, Kind has signalled a clear warning that privacy compliance is no longer optional or theoretical. Rather, it’s now an urgent, high-stakes operational priority. Regulatory enforcement is intensifying irrespective of what will be included in tranche two and when that will come into effect. Non-compliance from here on will be a costly mistake to both the bottom line of a business and brand reputation. To avoid non-compliance, CMOs must engage with their legal and compliance teams, ensure effective governance around data use, and educate their teams on risks and compliance requirements.

Kind is not aiming to catch organisations out or off guard, as naming and shaming is not the OAIC’s intention. Instead, the Commissioner simply wants stronger and proactive enforcement to result in a compliant ecosystem where privacy is taken seriously and data practices are sound. That’s why the OAIC is providing warning to targeted sectors as well as issuing guidance on key focus areas such as pixel tracking, AI training and data de-identification processes. Marketers, CMOs and their businesses may lack the knowledge and awareness of where liability sits when various stakeholders are involved in these technologies, like third parties, platforms, agencies and so on. That’s why the OAIC is issuing guidance and providing fair warning of their enforcement crackdown. This way, appropriate due diligence and preparation can occur, such as auditing current data handling, tightening consent mechanisms, and embedding privacy-by-design into marketing systems.

So while the OAIC may have the power to investigate without receiving formal complaints and can issue substantial penalties for non-compliance, their aim is not to catch you out, but to make you compliant, sooner rather than later. By proactively demonstrating compliance with the law, your business will be safeguarded. The core of the Commissioner’s message here is a call to action that there is no longer time to wait. Get your house in order by auditing your data, reviewing your data governance, processes and procedures, with particular attention paid to practices involving the aforementioned key focus areas. This way, you’ll not only be a leader in prioritising privacy, but if the Commissioner comes knocking, you’ll have nothing to fear.

Avoid an investigation and set your business up for success and compliance

The current regulatory landscape is evolving and the privacy reforms underpinning this are complex. While it may seem daunting to address, it doesn’t have to be. At ADMA, we have a range of options available to help members navigate these complexities.   

We have hosted a webinar alongside the OAIC to discuss the critical privacy and enforcement issues CMOs and their teams need to understand, which is available to watch on-demand here. This is a must watch if you’re in need of further clarity around the OAIC enforcement tools and the Privacy Commissioner's new approach to fair uses of data for marketing. The webinar also discusses marketing automation, AI and segmentation with suggested guardrails to navigate new restrictions. Plus, the codes and rules that apply when marketing to children and vulnerable groups.

We also have a great regulatory resource hub filled with articles, CMO crib sheets, information sheets and toolkits. These pieces have been created specifically for marketers by exploring how these complex issues directly impact the industry and marketing operations, in easy to digest language. 

Another crucial way to prepare for regulatory reforms is to upskill in this area with formal education. Like many marketers, on-the-job training has been enough to get by with, up until now. However, with the sweeping changes to marketing practices the reforms are due to make, marketers now need more extensive training. That’s why we have a suite of regulatory courses available. From topic specific online short courses to our more comprehensive Privacy and Compliance for Marketers course, there is an option to suit your individual needs. Then for streamlining skill sets and efficiently upskilling whole teams, our in-house bespoke regulatory course is a great option.

Finally, ADMA also has a fantastic regulatory team of experts that is accessible to members for guidance and advice as needed. This is incredibly beneficial when needing to unpack specific business problems rather than general industry concerns.
 

Want to know more about an ADMA membership?
You can find out more about ADMA membership benefits here. To express your interest in becoming an ADMA member, simply fill out this form and our friendly team will be in touch.