# [Australia Privacy Policy and Cookies](https://www.cookiebot.com/en/australia-privacy-policy/) **Australia’s Privacy Act and its Australian Privacy Principles (APP) require a website to have an updated privacy policy (known as APP privacy policy) that also informs users of how it collects and handles personal information.** · [Try Cookiebot CMP free for 14 days](https://admin.cookiebot.com/signup) · [Learn more about Cookiebot CMP](https://www.cookiebot.com/en/cookie-consent-solution/) --- ## Australia's Privacy Act Australia’s [Privacy Act of 1988](https://www.legislation.gov.au/Details/C2020C00025/) is the main piece of data protection legislation on the continent. Though it originally dates from 1988, it has been amended more than thirty times. It regulates all companies, organizations and websites who operate in Australia and creates a national standard for collecting, processing and sharing personal information. The Privacy Act does this by creating the so-called [Australian Privacy Principles (APPs)](https://www.oaic.gov.au/privacy/australian-privacy-principles/) – a set of thirteen codes of conduct that must be followed in order to be compliant with the Act. These are the backbone of personal data protection for websites that operate in Australia. Enforcement of the Privacy Act and the Australian Privacy Principles befalls the [Office of the Australian Information Commissioner (OAIC)](https://www.oaic.gov.au/about-us/our-regulatory-approach/privacy-regulatory-action-policy/), who both guides companies in legal compliance, investigates and enforces breaches of the privacy law. --- ### Personal information vs sensitive information The **Australian Privacy Principles (APPs)** create a legal landscape for websites that is carved in two: between personal information and sensitive personal information. It's important to know which type of data your website collects in order to be compliant. *Personal information* includes – - name, - signature, - addresses, - e-mail, - phone number, - social security numbers, - date of birth, - signature, - credit or bank information, - IP addresses and browser history, - location data. *Sensitive personal information* includes – - racial or ethnic origin, - political opinions, - religious beliefs, - sexual orientation, - criminal history, - health information, - genetic data, - biometric information. With **personal information**, the Australian Privacy Principles (APPs) state that your website is only allowed to collect and process it **if it is reasonably necessary for or directly related to your website’ functions and activities**. This must be clearly stated in your privacy policy. With **sensitive personal information**, websites must usually ask users for their express consent before collection. --- ### New amendments to the Privacy Act on the way The [Australian government has announced](https://iapp.org/news/a/2020-australian-legislative-predictions-and-updates/) that it will amend the Privacy Act to increase fines for data breaches, as well as creating a whole new privacy code to regulate the collection and processing of personal information on digital platforms, such as Facebook and Google. It has also announced that a broad review of the Privacy Act will take place to assess whether it accurately protects users privacy and their personal information online. --- ## Australian Privacy Principles The **Australian Privacy Principles (APPs)** are thirteen codes of conduct created by the Privacy Act that websites, companies and organizations who operate in Australia must follow for compliance. ### Who does the Australian Privacy Principles apply to? The Australian Privacy Principles (APPs) apply to what is known in the law as “an APP entity”, defined as an agency or organization. Small businesses are in general exempt from compliance with the Australian Privacy Principles, however, numerous exceptions exist, such as if a small business discloses personal information for “a benefit, service or advantage”. ### What are the Australian Privacy Principles? The thirteen APPs concern the following areas – 1. open and transparent management of personal information 2. enabling user anonymity and pseudonymity 3. collection of solicited personal information 4. dealing with unsolicited personal information 5. notification of the collection of personal information 6. use or disclosure of personal information 7. direct marketing 8. cross‑border disclosure of personal information 9. adoption, use or disclosure of government related identifiers 10. quality of personal information 11. security of personal information 12. access to personal information 13. correction of personal information ### Australian Privacy Principle 1 – open and transparent management of personal information The first Australian Privacy Principle is essentially the one that establishes the requirement for websites to **have a clear, transparent and exhaustive privacy policy**. A compliant APP privacy policy must inform users about – - the kinds of personal information that your website collects, stores and shares, - the ways your website collects personal information (e.g. cookies), - the purposes for which you collect, store and share personal information, - the ways in which your users can access the personal information you’ve collected on them, - the ways in which your users can correct their personal information if wrong, - whether or not you send users’ personal information overseas. ### Australian Privacy Principle 3 – collection of solicited personal information This APP is where the legal difference between personal information and sensitive personal information is created, and the compliance requirements stated. ### Australian Privacy Principle 5 – notification of the collection of personal information At or before the time of collection – or as soon as possible after – your website must notify users that you are collecting personal information. Australian data protection laws **do not require cookie banners**, unless your website collects sensitive personal information, in which case you must obtain the express consent of users. ### Australian Privacy Principle 6 – use or disclosure of personal information If your website collects personal information on users for one purpose, you are **not allowed to use or disclose it** for any other purposes – unless you obtain the consent to this from your users. ### Australian Privacy Principle 10 – quality of personal information It is your responsibility as the website owner to ensure that the **personal information you collect is accurate, up-to-date and complete.** ### Australian Privacy Principle 11 – security of personal information It is also your responsibility as the website owner to protect the personal information you collect from misuse, interference and loss, unauthorized access, modification or disclosure. ### Australian Privacy Principle 12 – access to personal information You must enable your users to request access to the personal information you have collected on them. You are required to respond to such a request within **a reasonable period** after the request is made, and to give access to the information in the way that was requested by the user. Access to personal information must be **free of charge**. ### Australian Privacy Principle 13 – correction to personal information You must enable your users to request corrections of the personal information you have collected on them. If such requests are made, you must ensure that the information is **up to date, complete, relevant and not misleading**. You are also required to notify third parties of such correction requests. --- ## Summary Australia’s data protection regime consists of the Privacy Act and its Australian Privacy Principles. These require your website to have a clear and exhaustive APP privacy policy that lists all cookies, trackers and trojan horses embedded on your website by you or third parties. --- ## Frequently asked questions What is the Australia Privacy Act? The Privacy Act of 1988 is the main data privacy law in Australia today. It regulates how companies, organizations and websites are allowed to collect, process and share personal information inside Australia. Enforcement of the Privacy Act is the responsibility of the Office of the Australian Information Commissioner (OAIC). The Privacy Act established the Australian Privacy Principles (APPs) that govern lawful handling of personal information in Australia. What are the Australian Privacy Principles? The Australian Privacy Principles are 13 codes of conduct that websites, companies and organizations who operate in Australia must follow in order to be compliant the Privacy Act. What is personal information under the Australian Privacy Act? Personal information includes name, signature, addresses, e-mail, phone number, identification numbers (e.g. social security, passport), date of birth, IP addresses and browser history and location data. Sensitive personal information includes racial or ethnic origin, political opinions, religious beliefs, sexual orientation, health data, genetic data, biometric data and criminal history. What must a compliant privacy policy include? Under the Australian Privacy Principles (APPs), your website’s privacy policy must be clear, transparent and exhaustive. --- ## Resources *Used by: Brand A, Brand B, Brand C* is not present in the original text, so it is not included in the output. However, the following resources are listed: [Privacy Act of Australia](https://www.legislation.gov.au/Details/C2020C00025/) [Australian Privacy Principles](https://www.oaic.gov.au/privacy/australian-privacy-principles/read-the-australian-privacy-principles/) [Office of the Australian Information Commissioner](https://www.oaic.gov.au/about-us/our-regulatory-approach/privacy-regulatory-action-policy/) [OAIC on who Australian Privacy Principles apply to](https://www.oaic.gov.au/privacy/australian-privacy-principles-guidelines/chapter-b-key-concepts/) [OAIC on personal and sensitive personal information](https://www.oaic.gov.au/privacy/your-privacy-rights/your-personal-information/what-is-personal-information/) [2020 Australian legislative predictions and updates by IAPP](https://iapp.org/news/a/2020-australian-legislative-predictions-and-updates/) [Website tracking and cookies](https://www.cookiebot.com/en/website-tracking/) [What is GDPR?](https://www.cookiebot.com/en/gdpr/) [What is CCPA?](https://www.cookiebot.com/en/what-is-ccpa/) --- ## Product [Cookiebot™ Consent Solution](https://www.cookiebot.com/en/cookie-consent-solution/) · [Usercentrics for Wix](https://www.cookiebot.com/en/cookiebot-for-wix-by-usercentrics-app/) · [WordPress Plugin](https://www.cookiebot.com/en/new-wp-cookie-plugin/) · [Pricing](https://www.cookiebot.com/en/pricing/) ## Regulations [DMA (EU)](https://www.cookiebot.com/en/digital-markets-act-dma/) · [GDPR (EU)](https://www.cookiebot.com/en/gdpr/) · [CCPA (California)](https://www.cookiebot.com/en/what-is-ccpa/) · [VCDPA (Virginia)](https://www.cookiebot.com/en/virginia-vcdpa/) · [LGPD (Brazil)](https://www.cookiebot.com/en/lgpd/) · [TCF v2.3 (IAB)](https://www.cookiebot.com/en/tcf/) · [Google Consent Mode](https://www.cookiebot.com/en/cookiebot-cmp-google-consent-mode/) · [Microsoft UET Consent Mode](https://www.cookiebot.com/en/microsoft-consent-mode-cmp/) ## Partners [Become an affiliate](https://www.cookiebot.com/en/affiliates/) · [Become a partner](https://www.cookiebot.com/en/resellers/) · [Find a partner](https://www.cookiebot.com/en/cookiebot-reseller/) ## Resources [Blog](https://www.cookiebot.com/en/blog/) · [Digital Markets Act Hub](https://www.cookiebot.com/en/digital-markets-act-dma-resources/) · [Google Consent Mode Hub](https://www.cookiebot.com/en/google-consent-mode-resources/) · [Google Consent Mode V2 Certification](https://courses.usercentrics.com/course/google-consent-mode-v2) · [Google Consent Audit Fixes](https://www.cookiebot.com/en/google-consent-audit-fixes/) · [Developer documentation](https://www.cookiebot.com/en/developer/) · [Cookiebot vs CookieYes](https://www.cookiebot.com/en/cookiebot-best-cookieyes-alternative/) · [Cookiebot vs OneTrust](https://www.cookiebot.com/en/onetrust-alternative/) · [Cookie Banner Cost Calculator](https://www.cookiebot.com/en/cookie-banner-pricing-calculator/) ## Company [About us](https://www.cookiebot.com/en/about/) · [Careers](https://usercentrics.com/career/) · [Support](https://support.cookiebot.com/hc/en-us/) --- [Privacy Policy](https://www.cookiebot.com/en/privacy-policy/) · [Terms of Service](https://www.cookiebot.com/en/terms-of-service/) · [Cookie Declaration](https://www.cookiebot.com/en/cookie-declaration/) · [Data Processing Agreement](https://www.cookiebot.com/en/data-processing-agreement/) ©2026 Cookiebot™ by [Usercentrics](https://usercentrics.com/)