Yes, Australian and UK privacy law is different. The requirements are similar in both countries but there are some differences that websites will need to be aware of to ensure compliance. The good news is that it is possible to amend your Australian Website Privacy Policy so it is in compliance with the requirements of both the UK and Australian jurisdictions.
New privacy legislation – The General Data Protection Regulation (GDPR) – came into effect in May 2018. This affects all businesses who collect personal information from UK and EU citizens. If you are an Australian business engaged in email marketing to UK and EU customers, then you need to comply with the new regulations.
For more information read our guide: How to Comply with GDPR.
Recently, following an EU directive, amendments were made the UK Privacy and Electronic Communications Regulations which came into force in May 2011. The most significant aspect of these UK amendments is that website users and visitors must expressly agree to accepting cookies that give any and all website information from a user or visitor. Prior to this, any information collected, even things as minor as visitor sites that were viewed or visited and collected for the purposes of advertising relevant or related adverts to subject topics they viewed, was exempt from this active requirement. This new regulation now means that any type of ‘cookie’ which may collect this or any type of visitor information must be actively and positively agreed to by the visitor to the site prior to viewing or access to the website.
This is seen as a very strict and uncommercial policy in comparison to other countries. It is viewed as a barrier and obstacle which will inhibit and stop people from viewing UK websites. Visitors may choose to go to other websites in other countries, such as the US, which do not have this requirement.
Currently in Australia a privacy policy must tell users of websites how information is collected and its purpose (which is stricter than other jurisdictions such as the US) but does not require active agreement for cookies which monitor such things as advertising directional material unlike the UK.
Other UK considerations …
Aside from this major change with visitors and user to sites having to explicitly accept cookies and storage of their information in the UK, there are a number of other modifications Australian websites will need to make in order to ensure that their policies are UK compliant. This includes notifying visitors that their IP addresses, in addition to other information from visitors may be taken and stored.
Although both the UK and Australia generally have similar privacy laws, one should never assume that just because a site complies with a privacy policy in one country that it will also comply with another. Every jurisdiction may be slightly different and may include unexpected or new requirements as website privacy laws are seemingly and constantly changing and being updated.
In addition to new requirements, it is likely that laws may change on a regular basis, as they recently have in the UK and may result in modifications needing to be made to an existing privacy policy. By modifying an existing privacy policy to make it fit the requirements of another jurisdiction will not necessarily void the policy in the home jurisdiction, but rather make it more comprehensive-generally speaking, the stricter the privacy policy compliance, the more likely it will meet local requirements.
