In a statement outlining its election platform principles, the APF said the Act should also be changed to "ensure Australians are not required to provide their personal information or register for a mandatory account to access the ABC’s full digital media services".
The foundation's statement comes ahead of the federal election which is scheduled for 21 May. The ABC last month put in place mandatory registration for use of its iview service.
Researcher Dr Vanessa Teague, who runs her own cyber-security firm Thinking Cybersecurity, demonstrated the leaking of data from iview and even the ABC's news site in a video she uploaded on YouTube.
Even hashed email addresses are sent to commercial entities like Google, Facebook and Tealium.
Among the other changes the APF has called for implementation by the party that takes power in the polls are:
"The legal definition of 'consent' needs to be fixed to reflect its real meaning, requiring ‘active and properly informed consent’ rather than ‘implied consent’. Silence, pre-ticked boxes, or inactivity mustn’t be accepted as valid ‘consent’. What we’re told about risk and disclosure must be blunt and clear.
"Personal information should only be exposed to publication as ‘Open Data’, or other uncontrolled circulation, if it is genuinely and permanently anonymous. It should be banned from being described or treated as 'de-identified' unless the process used conclusively proves the data can no longer ever be re-linked to a person, under any circumstances, at any time in the future, backed up by ongoing audits.
"We need a statutory tort for breach of privacy, at last, as recommended by five Australian Law Reform reviews over three decades. Australia must no longer be the only equivalent country where citizens have no means to take legal action to protect their personal dignity.
"The blueprint’s been discussed and consulted on for years, it’s ready to go, the rest of the world copes, let’s stop the fudging and do it.
"We need a dedicated, properly resourced Privacy Commissioner again, to address the current privacy complaint backlog, and future data privacy exploits and threats. A conflicted, sporadic regulator fails us."