The AML Blog


The New Australian Privacy law was passed by Parliament on 29th November 2013 and they will come into effect on 12 March 2014.

The Association for Data-Driven Marketing & Advertising (ADMA) reported that the law will introduce changes to how marketers and advertisers can collect, use, hold and disclose customer information and other personal information relating to prospects and individuals.

Thankfully the ongoing lobbying by ADMA and ADMA member companies, convinced the Government to make some last minute changes to the new law before it was passed to reduce the impact of the legislation on marketers and advertisers. In particular, the Government:

Removed the statement that DM is prohibited and replaced with a new statement that clarifies that DM is permitted within certain parameters. Reduced the requirement to include opt-out notices in all marketing communications. Limited the need to offer customers the ability to engage under a pseudonym. Reconfigured the requirements on overseas transfer of data. Extended the period of time that companies will be given to comply from 9 months to 15 months. (Starting 12 March 2014)

Although ADMA is pleased that the immediate issues facing marketers and advertisers were addressed, it considers that, in general, the law is out-of-touch and out-of-date and will become an increasing hindrance as we continue to move to a data-driven digital economy. I could not agree more. The fact that we have a digital engagement with a prospect or customer and want to identify who they are so that content can be personalised to their preferences should be welcomed rather than hindered. The main impact of so called “junk mail” is that it is largely irrelevant to the audience. Yet any attempt to personalise a communication, and matching this with a customer’s preferences appears to have been stifled by naive and somewhat out-of-touch legislators.

Given that personal information is treated with respect and care, where is the harm? Do we, as customers, delight when a company knows who we are and respects our relationship with them? Is this not a good thing?

Agreed that care has to be taken with personal information and companies should be held accountable for a mis-use or breach of personal information. But where a company is attempting to do the right thing, common sense should prevail.

Also, ADMA advises that there are still concerns with how the law will be interpreted and enforced. The remaining concerns include:

The new definition of ‘personal information’ could result in the Privacy Act now applying to information that is currently not considered ‘personal’. For example, certain information collected through cookies and types of Big Data. The new rules require marketing communications to include an opt-out notice (including to existing customers) in all cases where the marketer has used data collected from a third party. This could include, for example, where a marketer has appended data to a customer database; extracted customer information from a social media site; or used behavioural data from a third party site. Fines of up to $1.1m apply and it remains unclear whether this is calculated on a per ‘incident’ or per ‘record’ basis.

There is still significant work to be done. ADMA a checklist for marketers and advertisers to clarify the new law and assist with compliance. They will also produce a comprehensive webinar series and education course to assist businesses interpret the provisions and how they apply to traditional channels, online, social media and mobile. If you would like a copy of the checklist, email me ( and I will send it you.

The time has now arrived for all of us to get our ships in order and I will keep AML clients fully informed through access to ADMA’s Compliance Hub. If you have any questions now, don’t hesitate to ask.

To download the latest “Australian Privacy Principles Fact Sheet” and “Spotlight on Privacy Checklist” please visit our DM Resources section.