The Claim
“Attempted to exempt telcos and law enforcement agencies from laws requiring users to be notified if their personal information has been breached.”
Original Sources Provided
✅ FACTUAL VERIFICATION
TRUE - The Coalition government did release an exposure draft in December 2015 that proposed exemptions for law enforcement agencies and telecommunications companies from mandatory data breach notification requirements.
In December 2015, Attorney-General George Brandis published an exposure draft of the Privacy Amendment (Notification of Serious Data Breaches) Bill 2015 [1]. The draft legislation proposed that an "enforcement body" could be exempt from notifying people affected by data breaches if the body "believes on reasonable grounds that compliance ... would be likely to prejudice one or more enforcement-related activities conducted by, or on behalf of, the enforcement body" [1].
The exemption would have applied to a wide range of bodies including the Australian Federal Police (AFP), the Australian Crime Commission, and potentially the Australian Border Force [1]. Additionally, the bill contained exemptions for "secrecy provisions" that apply to the disclosure of information under the Telecommunications (Interception and Access) Act 1979, which could inhibit telecommunications companies from disclosing breaches related to data retention and law enforcement requests [1].
Missing Context
Important context omitted from the claim:
This was an exposure draft, not final legislation - The document released in December 2015 was explicitly labeled as an "exposure draft" for public consultation, with consultation open until March 2016 [1]. The claim omits that this was a preliminary proposal subject to change based on stakeholder feedback.
Strong similarities to Labor's own bill - The Guardian article itself notes that the bill "bears strong similarities to a previous bill introduced by Labor senator Lisa Singh in March 2014" [1]. Labor had previously proposed similar legislation that also lapsed before becoming law.
Final legislation was eventually passed with bipartisan support - The Privacy Amendment (Notifiable Data Breaches) Act 2017 was eventually passed by the Coalition government and came into effect in February 2018, establishing Australia's current mandatory data breach notification scheme [2].
Law enforcement exemptions exist in comparable jurisdictions - Similar exemptions for law enforcement agencies exist in other countries' data breach notification laws, including the United States and European Union, where national security and law enforcement considerations often justify limited notification exemptions.
Source Credibility Assessment
The Guardian is a mainstream international news organization with a center-left editorial stance. The article is factual reporting based on the actual exposure draft document released by the government. The article fairly notes the similarities to Labor's previous bill and includes the acting Australian Information Commissioner's supportive statement about the scheme. The Guardian is generally considered a credible news source, though readers should be aware of its progressive editorial perspective.
Labor Comparison
Did Labor do something similar?
YES - Labor Senator Lisa Singh introduced the Privacy Amendment (Privacy Alerts) Bill 2014 in March 2014, which was substantially similar to the Coalition's later proposal [1][3].
Key comparison points:
- Timing: Labor introduced their bill in March 2014, nearly two years before the Coalition's December 2015 exposure draft [1][3]
- Status: Labor's bill lapsed at prorogation in April 2016 and again at dissolution in May 2016 without becoming law [3]
- Substance: Both bills aimed to establish mandatory data breach notification schemes
- Implementation: The Coalition government ultimately passed the final legislation in 2017 with bipartisan support
The final Notifiable Data Breaches scheme that became law in 2018 was the result of proposals from both major parties over multiple parliamentary terms.
Balanced Perspective
What the claim gets right:
- The Coalition's December 2015 exposure draft did propose exemptions for law enforcement agencies and telecommunications companies from notification requirements under certain circumstances [1]
- These exemptions were concerning to privacy advocates and civil liberties groups
What the claim omits or mischaracterizes:
- The exposure draft was explicitly released for public consultation, not enacted as final policy
- Labor had proposed a substantially similar bill two years earlier
- The final legislation passed in 2017 established a mandatory notification scheme that has been operational since February 2018
- The law enforcement exemptions in the draft were conditional on the agencies believing notification would prejudice enforcement activities, not blanket exemptions
Key context: The claim presents this as a unique Coalition attempt to undermine privacy protections, when in fact:
- Both major parties had proposed similar legislation
- The draft was subject to public consultation (standard legislative process)
- The final law was eventually passed with bipartisan support
- The exemptions were narrower than the claim implies, requiring specific reasonable grounds
The Coalition ultimately delivered a mandatory data breach notification scheme that had bipartisan origins and support.
PARTIALLY TRUE
5.0
out of 10
The core factual claim is accurate: the Coalition did release an exposure draft in December 2015 that proposed exemptions for law enforcement agencies and telecommunications companies from mandatory data breach notification requirements. However, the claim omits critical context that (1) this was a draft for consultation, not final law; (2) Labor had proposed substantially similar legislation two years earlier; and (3) the final legislation was eventually passed with bipartisan support. The claim misleadingly implies this was a unique Coalition attempt to undermine privacy protections, when it was actually part of a multi-year, bipartisan process that ultimately established Australia's current mandatory data breach notification scheme.
Final Score
5.0
OUT OF 10
PARTIALLY TRUE
The core factual claim is accurate: the Coalition did release an exposure draft in December 2015 that proposed exemptions for law enforcement agencies and telecommunications companies from mandatory data breach notification requirements. However, the claim omits critical context that (1) this was a draft for consultation, not final law; (2) Labor had proposed substantially similar legislation two years earlier; and (3) the final legislation was eventually passed with bipartisan support. The claim misleadingly implies this was a unique Coalition attempt to undermine privacy protections, when it was actually part of a multi-year, bipartisan process that ultimately established Australia's current mandatory data breach notification scheme.
📚 SOURCES & CITATIONS (3)
-
1
theguardian.com
Legislation proposes telecommunications companies, federal police and other agencies not be made to tell people their data has been stolen
the Guardian -
2
oaic.gov.au
If the Privacy Act covers your organisation or agency, you must notify affected persons & us if a data breach of personal information may result in serious harm
OAIC -
3
aph.gov.au
Helpful information Text of bill First reading: Text of the bill as introduced into the Parliament Third reading: Prepared if the bill is amended by the house in which it was introduced. This version of the bill is then considered by the second house. As passed by
Aph Gov
Rating Scale Methodology
1-3: FALSE
Factually incorrect or malicious fabrication.
4-6: PARTIAL
Some truth but context is missing or skewed.
7-9: MOSTLY TRUE
Minor technicalities or phrasing issues.
10: ACCURATE
Perfectly verified and contextually fair.
Methodology: Ratings are determined through cross-referencing official government records, independent fact-checking organizations, and primary source documents.