apac
Australia
Australia's Privacy Act and APP framework cover federal privacy obligations with active reform proposals.
Editorial caveat
Structured values summarize official materials for research and planning. They are reviewed by humans before publication and should not be treated as legal advice.
high confidence, Strong current baseline with reform watch needed.
Breach
- Breach deadline (hours)
- 720
- Breach notification required
- Yes
Marketing
- Cookie consent rule
- No single cookie law, but consent expectations arise under privacy and marketing guidance.
Transfers
- Cross-border transfer restricted
- Yes
- Data localization required
- No
Governance
- DPO required
- No
- Impact assessment required
- No
- Records of processing required
- No
Identity
- Effective date
- 2014-03-12
- Effective status
- in-force
- Last amended
- 2024-11-29
- Law status
- active
Scope
- Extraterritorial application
- Yes
- Private sector coverage
- Yes
- Public sector coverage
- Yes
- Territorial scope
- Applies to APP entities and certain overseas organizations carrying on business in Australia.
Legal Basis
- Legal bases
- Requires legal basis
- No
Enforcement
- Maximum fine
- Serious or repeated interferences can trigger penalties exceeding AUD 50 million under recent reforms.
- Private right of action
- No
- Regulator or enforcement authority summary
- OAIC
Definitions
- Personal data definition
- Information or an opinion about an identified individual, or an individual who is reasonably identifiable.
- Sensitive data recognized
- Yes
Rights
- Right of access
- Yes
- Right to appeal
- Yes
- Right to deletion
- No
- Right to object
- No
- Right to portability
- No
- Right to erasure or delete summary
- Limited deletion / de-identification pathways
- Right to rectification or correction summary
- Correction right
Official sources
- OAIC privacy guidanceSecondary official material • en • html
- Federal Register of LegislationPrimary official law • en • html