The Office of the Australian Information Commissioner (OAIC) has published an exposure draft of the landmark Privacy (Children’s Online Privacy) Code 2026 (Code), which crystallises expectations around how personal information of children must be collected and handled under the Privacy Act 1988 (Cth) (Privacy Act).
The Code applies on
Continue Reading Australia: Exposure draft of Children’s Online Privacy Code signals tougher standards
Australia’s world-first social media “ban” has been in the global spotlight since its introduction in late 2025. As other jurisdictions look to follow suit, parents and tech giants alike continue to grapple with a key question: how will the ban be practically enforced?
Application of the “social media ban”
On 10 December 2025, the Online
Continue Reading Australia’s Social Media “Ban” and the eSafety Commissioner’s Social Media Minimum Age Regulatory Guidance
From 1 July 2026, entities that use an alphanumeric sender ID for SMS/MMS messages in Australia must register that ID on the SMS Sender ID Register.
Sender IDs are used to send SMS/MMS messages from a named entity (i.e. a name displayed at the top of a text message to show who the message is
Continue Reading Australia: Return to Sender ID: Businesses must register “branded identifiers” used in Australian SMS messages
Australian Clinical Labs (ACL) has been ordered to pay AUD5.8 million for breach of the Privacy Act 1988 (Cth) (Privacy Act) following a 2022 cyber incident which impacted the personal information of over 223,000 individuals. This is the first ever civil penalty proceeding under the Privacy Act.
ACL was held to
Continue Reading Australian Clinical Labs ordered to pay AUD5.8 million following cyber incident
Three years after its investigation commenced, the Office of the Australian Information Commissioner (OAIC) has found that retail giant Kmart Australia Limited (Kmart) breached the Privacy Act 1988 (Cth) (Privacy Act) through its use of facial recognition technology (FRT) in 28 retail stores between June 2020 and
Continue Reading Australia: Facial Recognition Technology Continues to Breach Australian Privacy Act
What is data scraping?
Data scraping is an automated process through which computer programs extract vast amounts of data from the internet at a faster rate than manual data collection methods.
Some businesses scrape data for internal purposes, such as generating leads, or to create products and services available for public use, such as price
Continue Reading Australia: Scraping the barrel – when data scraping breaches the Privacy Act
On 29 November 2024, the Australian Senate passed the Privacy and Other Legislation Amendment Bill 2024 (Cth) (the Privacy Act Bill). This follows the passage of the Cyber Security Act 2024 (Cth), and other cyber-security related amendments, on 25 November 2024.
The majority of the amendments to the Privacy Act 1988 (Cth) will
Continue Reading Australia: Privacy Act amendments and Cyber Security Act become law
“Ethically challenging” and “the most intrusive option” – these are some of the words Australia’s Privacy Commissioner used to describe facial recognition technology (FRT), and its use by national hardware retailer Bunnings.
The Office of the Australian Information Commissioner (OAIC) has released the findings of its much-awaited investigation into the use of FRT
Continue Reading Australia: In-Store Facial Recognition Tech Breached Privacy Act
It has been a busy month for cyber and privacy regulation in Australia. On the heels of the proposed amendments to the Privacy Act 1988 released just under a month ago (see our summary here), three further draft Bills relating to cyber security were released this week.
The key takeaways from the new Bills
Continue Reading Australia’s Cyber Security Strategy in action – three new draft laws published
