Event recap: The GDPR: Key Learnings for the Victorian Public Sector public forum

Wednesday 29th November, 2017

On Friday 24 November 2017, the Office of the Victorian Information Commissioner (OVIC) held its first public forum as the newly formed OVIC. The topic for discussion was the EU’s General Data Protection Regulation (GDPR), ahead of its commencement in May 2018.

OVIC was thrilled to host two guest speakers, Professor Moira Paterson of Monash University and James Stephens, a Principal Solicitor at the Victorian Government Solicitor’s Office (VGSO). Moira and James considered the practical implications of the GDPR in Victoria, and commented on what the GDPR means for the broader privacy law landscape.

The GDPR is designed to harmonise privacy law across the EU and offer enhanced privacy protections for individuals in an increasingly digital landscape. The extra-territorial application of the GDPR is of particular relevance to the international privacy community, prompting entities both in the private and public sectors to assess their internal information management practices.

Moira provided the audience with an overview of the GDPR, with a focus on the enhanced rights for individuals afforded under the GDPR. Moira considered these rights from a comparative perspective, aligning the protections under the Privacy and Data Protection Act 2014 (PDPA) with the rights for individuals under the GDPR. Protections afforded for individuals under the GDPR are articulated specifically as enforceable rights, and speakers raised the point that individuals captured by the GDPR are able to seek a judicial remedy for any interference with their privacy. This rights-based approach to privacy protections under the GDPR, as noted by James, specifically requires entities to consider the direct privacy implications any practices or activities may have for individuals.

The speakers made the observation that the prescriptive nature of the GDPR will generally strengthen protections afforded for individuals and that the specific rights for individuals are bolstered by underlying principles relating to data processing under the GDPR.

James considered the provisions surrounding consent under the GDPR, noting that many Victorian public sector entities regularly need to grapple with the consent requirements under the PDPA. Under the GDPR, consent provisions need to be written in plain language and in an easily accessible form. Additionally, it must be as easy to withdraw consent as it is to give consent.

As suggested by James, the implementation of the GDPR will offer exciting developments in privacy law, particularly in jurisdictions that have fundamentally similar privacy protections for individuals. The GDPR can offer essential insights into the protection of the substance of privacy rights for individuals, as separate from the legal form of such protections.

OVIC would like to extend its thanks to the speakers, James and Moira, and to all those who came along on the day. A recording of the forum is available to view on OVIC’s Periscope channel.