The Privacy Act 1988 regulates the handling of personal information, that is defined as “…information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.” Australian Privacy Principles can be found on the Office of the Australian Information Commissioner website.
A key feature of Australian privacy law since a major round of legislative updates in 2014 is the increased focus on cross-border transfer of personal information. The current law, under the Australian Privacy Act, provides a path for the offshoring of data, but requires the transferring entity to ensure that the recipient of the data holds it in accordance with the principles of Australian privacy law. This is commonly achieved through contracts that require recipients to maintain such standards, but this is unlikely to be possible in a public blockchain context. An important consequence under Australian law is that the entity transferring the data out of Australia remains responsible for any breaches by or on behalf of the recipient entity or entities, meaning significant potential liability for any Australian node in a public blockchain under current rules.
|Previous Section||Next Section|