Data Privacy & Digital Rights

Australia operates under the Privacy Act 1988 (Cth) + state legislation. OAIC enforces. The eSafety Commissioner under the Online Safety Act 2021 has world-leading image-based-abuse takedown power.

Covered in this guide:

Australia's data-protection framework is the Privacy Act 1988 (Cth) + the Australian Privacy Principles (APPs). Regulator: Office of the Australian Information Commissioner (OAIC). The Notifiable Data Breaches scheme has applied since February 2018. For NCII, Australia has the eSafety Commissioner under the Online Safety Act 2021 — a world-leading regulator with takedown power for image-based abuse (24-hour removal notices). State criminal offences (e.g., NSW Crimes Act s.91Q) also apply.

Key Laws

Privacy Act 1988 (Cth)

Privacy Act 1988 (Cth); Australian Privacy Principles (APPs)

Federal data-protection framework. 13 APPs cover collection, use, disclosure, quality, security, access, correction. Regulator: OAIC. Civil penalties up to AUD 50 million for serious or repeated breaches (since 2022 reforms).

Online Safety Act 2021 (Cth)

Online Safety Act 2021 (Cth)

Establishes the eSafety Commissioner as a national regulator for online safety. Image-based abuse scheme: 24-hour removal notices for non-consensual intimate imagery. Adult cyber abuse scheme; cyberbullying scheme for children. World-leading model.

Notifiable Data Breaches scheme

Part IIIC of Privacy Act 1988 (Cth) — in force February 2018

Mandatory data-breach notification to OAIC and affected individuals where there is a likely risk of serious harm. Failure to notify is a serious breach attracting civil penalties.

Removing Non-Consensual Intimate Imagery (NCII)

Australia has one of the world's strongest NCII frameworks. The eSafety Commissioner under the Online Safety Act 2021 can issue 24-hour removal notices for non-consensual intimate imagery to providers...

Read more

Your Rights Under the Privacy Act 1988 (Cth)

Australia's data-protection framework is the Privacy Act 1988 (Cth) + the 13 Australian Privacy Principles (APPs). APP 6 (access), APP 12 (correction), APP 11 (security), APP 13 (cross-border transfer...

Read more

Cyberstalking and Online Harassment Under the Online Safety Act and Criminal Code

Cyberstalking in Australia is covered at multiple levels. Criminal Code Act 1995 (Cth) s.474.17 criminalises using a carriage service to menace, harass, or cause offence — penalties up to 5 years' imp...

Read more

You came here to know your rights — help someone else know theirs.

Support This Mission