apac
Australia
Australia's Privacy Act and APP framework cover federal privacy obligations with active reform proposals.
Editorial caveat
Structured values summarize official materials for research and planning. They are reviewed by humans before publication and should not be treated as legal advice.
Breach
- Breach deadline (hours)
- 720
- Breach notification required
- Yes
Marketing
- Cookie consent rule
- No single cookie law, but consent expectations arise under privacy and marketing guidance.
Transfers
- Cross-border transfer restricted
- Yes
- Data localization required
- No
Governance
- DPO required
- No
- Impact assessment required
- No
- Records of processing required
- No
Identity
- Effective date
- 2014-03-12
- Effective status
- in-force
- Last amended
- 2024-11-29
- Law status
- active
Scope
- Extraterritorial application
- Yes
- Private sector coverage
- Yes
- Public sector coverage
- Yes
- Territorial scope
- Applies to APP entities and certain overseas organizations carrying on business in Australia.
Legal Basis
- Legal bases
- Requires legal basis
- No
Enforcement
- Maximum fine
- Serious or repeated interferences can trigger penalties exceeding AUD 50 million under recent reforms.
- Private right of action
- No
Definitions
- Personal data definition
- Information or an opinion about an identified individual, or an individual who is reasonably identifiable.
- Sensitive data recognized
- Yes
Rights
- Right of access
- Yes
- Right to appeal
- Yes
- Right to deletion
- No
- Right to object
- No
- Right to portability
- No
Official sources
- OAIC privacy guidanceofficial-regulator • en • html
- Federal Register of Legislationofficial-law • en • html