The Office of the Australian Information Commissioner (OAIC) has published an exposure draft of the landmark Privacy (Children’s Online Privacy) Code 2026 (Code), which crystallises expectations around how personal information of children must be collected and handled under the Privacy Act 1988 (Cth) (Privacy Act).
The Code applies on
Continue Reading Australia: Exposure draft of Children’s Online Privacy Code signals tougher standards
Australia’s world-first social media “ban” has been in the global spotlight since its introduction in late 2025. As other jurisdictions look to follow suit, parents and tech giants alike continue to grapple with a key question: how will the ban be practically enforced?
Application of the “social media ban”
On 10 December 2025, the Online
Continue Reading Australia’s Social Media “Ban” and the eSafety Commissioner’s Social Media Minimum Age Regulatory Guidance
From 1 July 2026, entities that use an alphanumeric sender ID for SMS/MMS messages in Australia must register that ID on the SMS Sender ID Register.
Sender IDs are used to send SMS/MMS messages from a named entity (i.e. a name displayed at the top of a text message to show who the message is
Continue Reading Australia: Return to Sender ID: Businesses must register “branded identifiers” used in Australian SMS messages
Australian Clinical Labs (ACL) has been ordered to pay AUD5.8 million for breach of the Privacy Act 1988 (Cth) (Privacy Act) following a 2022 cyber incident which impacted the personal information of over 223,000 individuals. This is the first ever civil penalty proceeding under the Privacy Act.
ACL was held to
Continue Reading Australian Clinical Labs ordered to pay AUD5.8 million following cyber incident
Three years after its investigation commenced, the Office of the Australian Information Commissioner (OAIC) has found that retail giant Kmart Australia Limited (Kmart) breached the Privacy Act 1988 (Cth) (Privacy Act) through its use of facial recognition technology (FRT) in 28 retail stores between June 2020 and
Continue Reading Australia: Facial Recognition Technology Continues to Breach Australian Privacy Act
What is data scraping?
Data scraping is an automated process through which computer programs extract vast amounts of data from the internet at a faster rate than manual data collection methods.
Some businesses scrape data for internal purposes, such as generating leads, or to create products and services available for public use, such as price
Continue Reading Australia: Scraping the barrel – when data scraping breaches the Privacy Act
