By end of next year, social media service providers, relevant electronic services or designated internet services with an Australian end-user must comply with stronger children's privacy protections through the OAIC's Children's Online Privacy Code and APP entities must disclose automated decision-making. While tranche 2 implementation timing remains unclear, organisations should prepare for potential changes including the "fair and reasonable" test, removal of small business exemptions, and new controller/processor distinctions. Separately, Australia's Social Media Minimum Age Act will also be enforced by 11 December 2025.
Australia is transforming ‘future proofing’ its cyber security landscape with an ambitious 7-year strategy to establish the nation as a cyber security leader by 2030. The Cyber Security Act 2024 reshapes organisational approaches to cyber threats through mandatory ransomware payment reporting to the Australian Signal Directorate and security standards for IoT and smart devices operating in Australia. Adequate cyber-security protections also remains an enforcement priority for the key regulators including OAIC and ASIC.
Our top-ranked Cyber, Privacy & Data Protection experts stay ahead of these developments and has deep experience assisting organisations navigate these complex reforms.