Does the Australian Privacy Act apply to individuals?
Asked by: Amya Beatty | Last update: June 18, 2026Score: 4.8/5 (49 votes)
The Australian Privacy Act 1988 generally does not apply to individuals acting in a personal, family, or household capacity. It primarily regulates how Australian government agencies and private sector organizations (with >$3M turnover, or health service providers) collect and handle personal information.
Do the Australian privacy principles apply to individuals?
The Purpose of Australian Privacy Principles (APPs)
The primary objective of the APPs is to safeguard the privacy of individuals and ensure that businesses and organizations handle personal information (PII) in a responsible and transparent manner.
Who is subject to the Privacy Act in Australia?
Who has responsibilities under the Privacy Act? Australian Government agencies (and the Norfolk Island administration) and organisations with an annual turnover more than $3 million have responsibilities under the Privacy Act, subject to some exceptions.
Who is not an individual under the Privacy Act?
Under the Privacy Act of 1974, an "individual" is defined strictly as a U.S. citizen or an alien lawfully admitted for permanent residence (LPR) [5.2, 5.6]. Therefore, non-individuals, who are not covered by the Act, include non-US citizens/foreign nationals (such as foreign ambassadors), corporations, businesses, associations, and deceased persons.
Who is required to have a privacy policy in Australia?
Any organisation or agency the Privacy Act 1988 - external site covers must have a privacy policy. The Privacy Act covers organisations with an annual turnover more than $3 million and operating in Australia, and some other organisations.
Privacy Act Australia
What is the threshold for the Privacy Act in Australia?
The Privacy Act 1988 was introduced to promote and protect the privacy of individuals and to regulate how Australian Government agencies and organisations with an annual turnover of more than $3 million, and some other organisations, handle personal information.
Can my personal data be shared without permission?
Sharing data about anyone without a lawful basis is unlawful, but there are specific regulations to protect children online and their data needs greater protection. For example, it's unlawful to sell on children's personal data for commercial re-use.
Does the Privacy Act apply to non-citizens?
The Privacy Act does not apply to records that are solely about non-resident foreign nationals. However, if a record system includes both citizens and non-citizens, the parts that relate to U.S. citizens and permanent residents must comply with the Privacy Act.
What is the definition of personal information in the Australian Privacy Act?
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable. The Privacy Act 1988 protects personal information collected for inclusion in a record or publication.
What are the exceptions to the Privacy Act?
The Privacy Act of 1974 allows federal agencies to exempt certain records from provisions like access and amendment. Key exemptions include information compiled for civil litigation, classified national security data, law enforcement investigatory material, and protective services for the President. These exemptions must be established via agency regulations.
What is the new privacy legislation in Australia?
In 2024, the Privacy and Other Legislation Amendment Act 2024 (Cth) (POLA Act) amended the Privacy Act to require APP entities to include additional information relating to automated decisions in their privacy policies. This transparency requirements come into effect on 10 December 2026.
Does the Privacy Act apply to deceased individuals?
United States. Under common law, the right to privacy is considered a personal right, meaning it applies only to the living and, consequently, does not recognize the privacy interests of the deceased.
What does section 51 of the Australian Constitution say?
Section 51 of the Australian Constitution outlines the specific legislative powers of the Federal Parliament, enabling it to make laws for the "peace, order, and good government of the Commonwealth" regarding 39 listed areas. These powers are mostly concurrent, meaning both federal and state parliaments can legislate on them, with federal law prevailing in cases of conflict.
Who is bound by the Privacy Act in Australia?
The Privacy Act contains 13 Australian Privacy Principles (APPs). The APPs apply to government agencies and private sector organisations with an annual turnover of $3 million or more. The APPs are principles-based - protecting privacy while not burdening agencies and organisations with inflexible prescriptive rules.
Are there 13 Australian privacy principles?
There are 13 Australian Privacy Principles and they govern standards, rights and obligations around: the collection, use and disclosure of personal information. an organisation or agency's governance and accountability.
What are 5 examples of personal information?
Personal information is any data that can directly or indirectly identify a specific individual. Examples include full names, government-issued IDs, contact details, biometric records, and financial information. It is often collected for identification, communication, or services.
Is there an Australian equivalent to HIPAA?
No, HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law and does not apply in Australia. Instead, Australia uses the Privacy Act 1988 and the Australian Privacy Principles (APPs) to regulate health information.
Are email addresses considered personal information?
Yes, email addresses are personal data. According to data protection laws such as the GDPR and the CCPA, email addresses are personally identifiable information (PII).
What is not personal information?
Since you didn't provide a specific list of options, the correct answer depends on which set of choices you are looking at. However, based on common academic and legal definitions of Personal Information (PI) and Personally Identifiable Information (PII), here are the most likely answers for common versions of this question:
Which is not an individual under the Privacy Act?
The Privacy Act protects the rights of U.S. citizens and lawful permanent resident aliens (referred to as individuals). The Privacy Act does not cover records of deceased persons or non-persons (businesses, agencies, institutions).
Can a US citizen lose their citizenship and be deported?
Yes, a U.S. citizen can lose their citizenship and be deported, but only in specific circumstances. While native-born citizenship is rarely lost, naturalized citizens can lose their citizenship (denaturalization) if it was obtained through fraudulent means, such as concealing criminal records or lying on their application. Once denaturalized, they can be deported.
Was Elon Musk an immigrant?
Yes, Elon Musk is a South African-born immigrant to the United States who became a naturalized U.S. citizen in 2002. Born in Pretoria, South Africa, in 1971, he moved to Canada in 1989 to avoid apartheid-era military service, later moving to the U.S. to attend university before pursuing business ventures.
Can I legally look at my wife's text messages?
Accessing your wife's text messages without her permission is generally illegal and violates federal or state privacy laws, such as the Stored Communications Act, even if you are married or own the phone account. Sneaking onto her phone to read private messages can lead to criminal charges or civil lawsuits and such evidence is often inadmissible in court.
What personal information Cannot be shared?
Sharing sensitive information such as your address, phone number, family members' names, car information, passwords, work history, credit status, social security numbers, birth date, school names, passport information, driver's license numbers, insurance policy numbers, loan numbers, credit/ debit card numbers, PIN ...
What are the three exceptions for disclosing confidential information?
Some common exceptions include information that is or becomes public through no act of the recipient, information that was already in the possession of the recipient as of the date of disclosure, and information that is disclosed by court order.