The Federal Court of Australia recently confirmed the wide extraterritorial application of the Privacy Act 1988 (Cth) and the notion of holding personal information without physical presence in Australia.
The origin of this decision dates back to the Facebook-Cambridge Analytical scandal in 2018. With the discovery of Facebook’s unethical data harvesting practices, the Australian Information Commissioner instituted proceedings against Facebook over the alleged contravention of Principles 6 and 11 of the Privacy Act. Facebook’s primary counterargument was that by virtue of being a social media platform headquartered in the US, there was no ‘Australian link’ present in this case.
As such, the Privacy Act was held to apply to Facebook despite being overseas via a substantial Australian link. This decision has widespread implications for other digital platforms and social media companies as the Federal Court has clarified that the Australian link requirement is now easier to satisfy thanks to modern technology. It is likely that other international organisations with an Australian link will updated their privacy policies in accordance with Australian privacy legislation.
For the full reading of the case, see here.