By: Cameron Abbott and Rob Pulham
The Administrative Review Tribunal of Australia (Tribunal) has partially overturned the findings of the Privacy Commissioner on Bunnings’ use of facial recognition technology (FRT) in its stores.
Read MoreBy: Rob Pulham, Cameron Abbott, and Annaliese Filippis (Graduate, Melbourne)
The Office of the Australian Information Commissioner (OAIC), Australia’s privacy regulator, is conducting its first ever privacy compliance sweep, as of this January. The compliance sweep will include a review of the privacy policies of businesses that collect information in person.
Read MoreBy Cameron Abbott, Rob Pulham and Stephanie Mayhew
The Federal Court has ordered Australian Clinical Labs (ACL) to pay AU$5.8 million in civil penalties following a 2022 data breach involving its then-newly acquired Medlab Pathology business. The breach affected over 223,000 individuals whose data was accessed and infiltrated by malicious actors and is one of Australia’s most significant healthcare cyber incidents.
Read MoreBy: Rob Pulham, Cameron Abbott, and Maryam Ahmed
Not to be outdone by its regional peers, New Zealand updated its privacy laws with the passing of the Privacy Amendment Act 2025 (the Act) last month: see the NZ Privacy Commissioner’s media release here.
Read MoreBy: Cameron Abbott, Rob Pulham, and Stephanie Mayhew
Tranche 2 of the Australian Privacy Act reforms is expected soon (perhaps imminently), following comments from the new attorney general in the media that suggested the time for conversation and for lobbying is over. The attorney general noted in an interview last month on Sky News that the highly anticipated “second tranche” of Australian privacy law reform is coming, saying “Australians are sick and tired of their personal data being exploited” and “not being protected,” and that “we will not have our privacy reforms dictated by multinational tech giants.”
Read MoreBy: Amigo Xie, Dan Wu and Sarah Kwong
On 18 July 2025, China’s Cyberspace Administration (CAC) officially launched its online portal (Portal) for registration of China Data Protection Officers (China DPO). This operationalizes the requirements under Article 52 of the Personal Information Protection Law (PIPL).
Read MoreBy: Claude-Etienne Armingaud, Thomas Nietsch, Nóirín McFadden, and Sophie Verstraeten
The UK’s major post-Brexit reform of the UK General Data Protection Regulation (UK GDPR), the Data Use and Access Act (DUAA), became law on 19 June 2025.
Read MoreThe European Data Protection Board recently published its draft Guidelines 02/2025, which remain open to consultation until 09 June 2025. Stakeholders in the blockchain industry are encouraged to submit any observations before the finalization of these Guidelines.
Read MoreBy: Cameron Abbott, Rob Pulham, Stephanie Mayhew and Emre Cakmakcioglu
In Australia, last week was the 2025 Privacy Awareness Week (PAW), with this year’s theme ‘Privacy – it’s everyone’s business’. Among other things in PAW, the Office of the Australian Information Commissioner (OAIC) produced a Privacy Foundations self-assessment tool, which provides a privacy maturity score on the basis of tenets such as Accountability, Transparency, Collection and Data breach management. The tool, and PAW more broadly emphasise that privacy is not just about compliance, but good business and building trust. NSW, Vic and QLD state governments have each run parallel PAW events.
Read MoreBy: Cameron Abbott, Rob Pulham, Stephanie Mayhew, Emre Cakmakcioglu
As of 29 May 2025, the requirement on businesses to report ransomware payments they make has come into effect.
Read MoreCopyright © 2025, K&L Gates LLP. All Rights Reserved.