4.1 This chapter sets out the ALRC’s approach to regulating privacy at the federal level in Australia.[1] In summary, the ALRC’s approach draws heavily on the theory of principles-based regulation, with privacy principles being the primary method of regulation used in the Privacy Act 1988 (Cth). These principles are not adequate, however, to achieve the relevant policy objectives in all the areas covered by the Privacy Act. In such areas, the ALRC recommends more prescriptive or different rules, through the use of regulations or other legislative instruments, in order to achieve such objectives.

4.2 The chapter is divided into three sections. The first examines the theory of principles-based regulation and compliance-oriented regulation, which are the twin foundations of the approach adopted by the ALRC in this Report. The second section sets out the ALRC’s approach to regulating privacy, both in terms of the regulatory tools and the approach to regulation. This section applies the theory discussed in the first section and outlines the areas where, and the reasons why, the ALRC has moved away from pure principles-based regulation. The third section sets out the scope for co-regulation in the ALRC’s approach.

4.3 This chapter does not set out recommendations for reform. The purpose of the chapter is to outline the approach adopted by the ALRC for regulating privacy in Australia, which in turn informs the discussion in this Report.

[1] The model for achieving consistency in privacy regulation across Australia is examined in Ch 3.