The Online Safety Act and the Privacy Act — protecting individuals and personal data in the digital age.

Helen Clarke and Hannah James JOHNSON WINTER SLATTERY

The Online Safety Act 2021 (Cth) (OSA) and its role (as well as that of the eSafety Commissioner) in the regulation of online harms and consumer protection on digital platforms have been overshadowed of late by the major reforms underway to Australia’s Privacy Act 1988 (Cth) and by the fallout from the significant and high-profile data breaches that affected millions of Australians in 2022.

So, what is the OSA and its key regulatory schemes and how do some of the key concepts established under the OSA and the Privacy Act align and differ? This article provides a “primer” on the OSA for privacy lawyers and those responsible for privacy compliance within organisations bound by the Privacy Act and which may also be subject to the OSA. It also considers some of the key concepts and regulatory mechanisms that are shared or differ under each Act and examines how the OSA has been specifically considered in the current review of the Privacy Act.

This article comes from the experts behind the Privacy Law Bulletin. This is written by expert lawyers, academics, and legal experts covering the rapidly changing legal landscape around privacy laws and cases that continue to shape Australia's privacy framework.

Subscribers to the Privacy Law Bulletin can read the full bulletin article HERE.

Enter your details to access the full article.

The OSA commenced on 23 January 2022 replacing a patchwork of different laws relating to online safety in Australia and with the objective of developing a clearer and more consistent regulatory framework.

The OSA is broad in scope and has significant implications for a number of digital platforms and online service providers, introducing new measures designed to make the industry more accountable for the online safety of end users and giving the eSafety Commissioner enhanced powers to enforce the OSA effectively. In fact, the OSA has effected the most sweeping reforms of online safety laws since the establishment of the Children’s eSafety Commissioner (now the eSafety Commissioner) in 2015.

The OSA seeks to limit, prevent and help remediate various forms of online harm — the cyberbullying of children, image-based abuse, illegal or restricted online content and adult cyber abuse — through a number of enhanced and new regulatory schemes.

A key new element of the OSA is the BOSE. The BOSE operates in addition to the obligations imposed on service providers under the OSA to regulate illegal and restricted content and aims to increase industry action, transparency and accountability in relation to online safety.

A key new element of the OSA is the Basic Online Safety Expectations (BOSE), established by a formal Determination made by the Minister for Communications. The BOSE operates in addition to the obligations imposed on service providers under the OSA to regulate illegal and restricted content and aims to increase industry action, transparency and accountability in relation to online safety.

The BOSE require online service providers to proactively take steps to ensure the safety of Australian end-users and to minimise the extent to which harmful material is provided on their online services. Essentially, BOSE enacts broad expectations for online service providers requiring them to be more transparent about their safety features, policies and practices.

Together, the OSA and the Privacy Act aim to protect individuals (from online harms) and their personal information in the digital age. They are key pieces of legislation in Australia that regulate different aspects of online safety and privacy and share some common approaches and concepts as well as some key differences.

Practical Guidance Cybersecurity, Data Protection & Privacy module is an invaluable guide for practitioners preparing to advise on data privacy and cybersecurity matters in today’s rapidly changing legal landscape.

This module will help you follow best practices in relation to data security, mandatory data breach notification, transfer of data, and cybersecurity strategy. Cover all of your bases and stay across the latest developments in this area with Practical Guidance as your on-hand authority.