{"id":1130,"date":"2021-11-19T14:00:00","date_gmt":"2021-11-19T14:00:00","guid":{"rendered":"https:\/\/www.cookiebot.com\/en\/?p=1130"},"modified":"2026-03-12T08:20:16","modified_gmt":"2026-03-12T08:20:16","slug":"australia-privacy-policy","status":"publish","type":"post","link":"https:\/\/www.cookiebot.com\/us\/australia-privacy-policy\/","title":{"rendered":"Australia Privacy Policy and Cookies"},"content":{"rendered":"\n

Australia\u2019s Privacy Act and its Australian Privacy Principles (APP) require a website to have an updated privacy policy (known as APP privacy policy) that also informs users of how it collects and handles personal information.<\/strong><\/p>\n\n\n\n

Most cookies and trackers on your website will collect personal information from visitors and must therefore be disclosed in your APP privacy policy. However, most cookies and trackers require deep-scanning technology to be uncovered.<\/strong><\/p>\n\n\n\n

In this blogpost, we look at the privacy policy requirements for Australian websites, the issues around detecting hidden cookies and trojan horses, and the technology needed to uncover it all.<\/strong><\/p>\n\n\n\n

Australia: privacy policy and cookies<\/h2>\n\n\n\n

Your website has cookies \u2013 most websites do. Your website likely has both first-party cookies (necessary for the basic functions of your domain) and third-party cookies (for analytics and marketing purposes).<\/p>\n\n\n\n

This means that your website \u2013 like most websites in the world today \u2013 is faced with protecting its users\u2019 privacy on the one hand and processing their personal information for website optimization and marketing on the other.<\/p>\n\n\n\n

Australia\u2019s Privacy Act<\/strong> and its Australian Privacy Principles (APP) require your website to have a privacy policy<\/strong>, in which you also inform your users of all cookies and trackers that collect, process or share personal information<\/strong>.<\/p>\n\n\n\n

But your website has many hidden cookies and trackers from third-party companies that harvest personal data from your users, and these can create a real liability for your website, company or organization.<\/p>\n\n\n\n

The issues of cookies on websites<\/h3>\n\n\n\n

A 2020 study of more than ten thousand websites<\/a> shows the difficulties for website owners of being compliant \u2013<\/p>\n\n\n\n

72% of cookies<\/strong> are set by fourth parties that are loaded in secret by the third-party cookies embedded, also known as trojan horses.<\/p>\n\n\n\n

18% of cookies<\/strong> are deeper trojan horses, i.e. derive from secretly loaded fifth, sixth, seventh or eighth parties.<\/p>\n\n\n\n

50% of trojan horses<\/strong> will have changed and have different trackers on repeated visits.<\/p>\n\n\n\n

These findings make it very clear how difficult it is for website owners to know exactly what goes on on their domain without deep-scanning technology that can uncover not only third-party trackers, but all the trojan horses that third-party cookies load unbeknownst to you, the website owner.<\/p>\n\n\n\n

In the end, it is the responsibility of the website owner<\/strong> to make sure that their privacy policy is not only up to date, but exhaustive, i.e. informing users of all cookies and trackers<\/strong> that can be privacy-infringing.<\/p>\n\n\n\n

This is where Cookiebot consent management platform (CMP)<\/a> comes in.<\/p>\n\n\n\n

<\/p>\n\n\n\n

Cookiebot CMP: deep-scans for APP privacy policies<\/h2>\n\n\n\n

Cookiebot CMP<\/a> is a deep-scanning technology developed to enable website owners to detect all cookies and trackers and take control of them to protect the privacy of their users and obtain compliance with data protection laws across the world.<\/p>\n\n\n\n

When you implement Cookiebot CMP<\/a> on your website, it automatically performs scans of your entire domain and all of its subpages. After it has found all there is to find, Cookiebot CMP then takes automatic control of all cookies (also third-party cookies and the trackers they secretly load).<\/p>\n\n\n\n

The Privacy Act<\/a> and its Australian Privacy Principles (APP)<\/a> establish certain requirements for how a website must inform and disclose<\/strong> its collection, processing and sharing of personal information.<\/p>\n\n\n\n

Cookiebot CMP unmatched website scanner<\/a> can help you obtain compliance with Australia\u2019s data laws and their requirements for your privacy policies<\/strong> to inform exhaustively about all cookies, trackers and other ways you collect, process and share personal information on your website.<\/p>\n\n\n\n

The biggest struggle of having a Privacy Act-compliant APP privacy policy on your website is making sure that it is exhaustive and correct<\/strong>, i.e. informs clearly about all cookies and trackers embedded<\/strong>, even the trojan horses that are loaded by other trackers.<\/p>\n\n\n\n

With Cookiebot CMP<\/a>, you can rest assured that all cookies, trackers and trojan horses will be found and control of them handed over to you.<\/p>\n\n\n\n

Cookiebot CMP<\/a> also enables compliance with both the EU\u2019s GDPR and California\u2019s CCPA \u2013<\/p>\n\n\n\n

In the EU, the General Data Protection Regulation (GDPR)<\/a> demand websites to obtain and securely store the explicit consent of users before any collection of their personal data is allowed to take place. You must be compliant with the GDPR if you have visitors to your website from inside the EU.<\/p>\n\n\n\n

In the US, the California Consumer Privacy Act (CCPA) <\/a>requires businesses to give more control to California residents over the personal information they generate online, including giving them an option to opt out of having their data sold to third parties.<\/p>\n\n\n\n

Try Cookiebot CMP free for 14 days<\/a><\/p>\n\n\n\n

Australia's Privacy Act<\/h2>\n\n\n\n

Australia\u2019s Privacy Act of 1988<\/a> is the main piece of data protection legislation on the continent. Though it originally dates from 1988, it has been amended more than thirty times.<\/p>\n\n\n\n

It regulates all companies, organizations and websites who operate in Australia and creates a national standard for collecting, processing and sharing personal information.<\/p>\n\n\n\n

The Privacy Act does this by creating the so-called Australian Privacy Principles (APPs)<\/a> \u2013 a set of thirteen codes of conduct that must be followed in order to be compliant with the Act. These are the backbone of personal data protection for websites that operate in Australia.<\/p>\n\n\n\n

Enforcement of the Privacy Act and the Australian Privacy Principles befalls the Office of the Australian Information Commissioner (OAIC)<\/a>, who both guides companies in legal compliance, investigates and enforces breaches of the privacy law.<\/p>\n\n\n\n

Personal information vs sensitive information<\/h3>\n\n\n\n

The Australian Privacy Principles (APPs)<\/strong> create a legal landscape for websites that is carved in two: between personal information and sensitive personal information. It's important to know which type of data your website collects in order to be compliant.<\/p>\n\n\n\n

Personal information<\/em> includes \u2013<\/p>\n\n\n\n