Australia: Review of the Online Safety Act and related reforms on online harms

The Australian Government has released the Terms of Reference for the statutory review of the Online Safety Act 2021 (Cth), while recent events have also prompted the Government to take action in relation to doxxing activities and hate speech laws.

In brief

On 13 February 2024, the Minister for Communications announced the Terms of Reference for the upcoming independent review ("Review") into the operation of the Online Safety Act 2021 (Cth) (OSA). For more information about other recent developments in the Australian online safety roll-out, please view our previous alerts here and here.

The Review is required by section 239A of the OSA, and will examine the effectiveness of the OSA, and consider whether additional protections are needed to prevent the publication and spread of harmful online material.

An Issues Paper is expected to be released in the first part of this year, with the final report expected by 31 October 2024.

Separately, the Government has announced its intention to introduce amendments to the Privacy Act 1988 (Cth) ("Privacy Act") aimed at cracking down on doxxing activities, as well as the introduction of laws to address hate speech as part of a promised Religious Discrimination Bill package.


Key takeaways

Terms of Reference for the Review of the Online Safety Act 2021

  • The Review has been brought forward one year earlier than the prescribed statutory review period.
  • The Terms of Reference include a review of the operation and effectiveness of current OSA schemes, as well as consideration of whether further functions and powers should be granted to the eSafety Commissioner and whether penalties should apply in a broader range of circumstances.
  • The Government also intends to undertake public consultation on the second stage reforms to the National Classification Scheme during the first half of 2024.

Doxxing and hate speech

  • As a result of an increase in doxxing activity, the Government has indicated that anti-doxxing laws will be introduced as part of planned changes to the Privacy Act.
  • Laws addressing hate speech will also be strengthened as part of the Religious Discrimination Bill package.
  • Harmful online activities such as doxxing and hate speech are examples of the increasing potential for overlap between different regulatory regimes in Australia. For instance, whilst anti-doxxing laws are being considered as part of privacy reform due to the role of personal information in such activities, the Attorney-General has acknowledged that the eSafety Commissioner also has a role to play in addressing the online harms caused by doxxing.

In depth

Terms of Reference for the Review of the Online Safety Act 2021

The Terms of Reference set out a broad range of considerations for the Review, with a focus on the following areas:

  • Operation and effectiveness of the OSA:
    • The appropriateness of the objects of the Act in achieving the Government's current online safety policy intent.
    • The operation and effectiveness of selected statutory schemes concerning cyber-bullying and cyber-abuse material, non-consensual sharing of intimate images, the Online Content Scheme, and material depicting abhorrent violent conduct.
    • The operation and effectiveness of the Basic Online Safety Expectations (BOSE) regime in the Act. See our previous alerts here and here for information regarding the BOSE regime.
  • Statutory and regulatory arrangements to address online harms:
    • Whether additional arrangements are warranted to address online harms not explicitly captured under the existing statutory schemes, including in relation to online hate and abuse, volumetric (pile-in) attacks, technology-facilitated abuse and gender-based violence, and harms arising from emerging technologies including artificial intelligence and end-to-end encryption
    • Whether the regulatory arrangements, tools and powers available to the eSafety Commissioner should be amended and/or simplified, through consideration of the introduction of a duty of care requirement towards users and ensuring industry acts in the best interests of the child
  • Enforcement powers under the OSA:
    • Whether penalties should apply to a broader range of circumstances
    • Whether the current scope of the eSafety Commissioner's roles and responsibilities and the information gathering powers, investigative powers, enforcement powers, civil penalties or disclosure of information provisions should be amended
    • Potential cost recovery from industry for eSafety’s regulatory activities

The Final Report of the Review is expected to be provided to the Minister for Communications by 31 October 2024.

The accelerated timing of the Review indicates that online safety remains a key area of focus for the Government given evolving technologies and changes in patterns of malicious online activity between end users. The Terms of Reference suggest that a key focus of the Review will be on further strengthening the OSA with the possibility of increased powers for the eSafety Commissioner, broadening of penalties and the addition of new schemes and requirements. 

The Review provides a significant and important opportunity for industry participants and other interested parties to share their views with regard to the operation of the OSA to date, and the various other matters within the scope of the Terms of Reference.

It also appears that the long-awaited second stage reforms to the National Classification Scheme will be progressed in the coming months – a key reform process that also underpins the operation of the Online Content Scheme in the OSA.

Doxxing and hate speech reforms

  • Doxxing refers to the malicious release of personal information on online platforms without permission. While legislation is yet to be drafted, the Government has suggested that it intends to introduce laws against doxxing as soon as possible.
  • Doxxing activities have the potential to fall within the ambit of both the Privacy Act and the OSA.  This provides a good example of the increasing potential for overlap between different regulatory regimes aimed at digital platforms and other online activity. While invasion of privacy and use of people's personal information are issues governed under the Privacy Act, online harms are more broadly regulated under the OSA.
  • Hate speech provides another key example of potential regulatory intersection. The Government has announced its intention to strengthen laws addressing hate speech and to bring them forward as a package with a planned Religious Discrimination Bill. At a State and Territory level, New South Wales is conducting a review into its laws on threats and incitement to violence and Victoria consulted in 2023 on strengthening its own anti-vilification laws. Additionally, stronger hate crime laws will be in effect in Queensland from late April 2024. In parallel, changes are also currently under consideration to the BOSE to specifically regulate hate speech under that instrument.
  • Both of these developments highlight the growing need for coordination across reform processes to ensure that a consistent and effective approach is taken on key issues that fall across multiple regulatory regimes and multiple regulators.

* * * * *

With thanks to Alison Chen, Fiona Liu and Liz Grimwood-Taylor for their assistance with this alert.


Copyright © 2024 Baker & McKenzie. All rights reserved. Ownership: This documentation and content (Content) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms). The Content is protected under international copyright conventions. Use of this Content does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulations and practice are subject to change. The Content is not offered as legal or professional advice for any specific matter. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any Content. Baker McKenzie and the editors and the contributing authors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The Content may contain links to external websites and external websites may link to the Content. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. Attorney Advertising: This Content may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Content may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. Reproduction: Reproduction of reasonable portions of the Content is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Baker McKenzie, (iii) the portion of the Content being reproduced is not altered or made available in a manner that modifies the Content or presents the Content being reproduced in a false light and (iv) notice is made to the disclaimers included on the Content. The permission to re-copy does not allow for incorporation of any substantial portion of the Content in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.