What is APA?

Australia's Privacy Act is a key law that sets rules on how personal information is managed by private businesses, federal government agencies, and not-for-profits. It’s built around the Australian Privacy Principles (APPs), which cover how personal data is collected, used, stored, and shared. First introduced in 1988, the Privacy Act was updated in 2014 to include the APPs, guaranteeing stronger protections for personal information.

Where does the APA apply to?

The Privacy Act applies to federal agencies and businesses with an annual turnover of more than AUD 3 million that handle the personal information of Australian residents.

What Are the Possible Reasons for APA Penalties?

A breach of an Australian Privacy Principle is considered an "interference with an individual's privacy" and can result in regulatory action and penalties.

Who is Liable for APA Penalties?

Any ‘organization’ includes individuals, companies, partnerships, unincorporated associations, or trusts with certain exemptions like small business operators, registered political parties, and specific government entities.

What Are the APA Penalties for
Non-Compliance?

For serious and repeated privacy violations, organizations can face penalties of up to AUD 50 million, three times the benefit gained from the breach (if the court can determine it), or 30% of the company’s adjusted turnover during the breach period if the benefit's value can't be calculated. For individuals, the maximum penalty is AUD 2.5 million

Get the APA checklist for Free

Improve the effectiveness of your compliance strategy now.

Download checklist

Frequently Asked Questions

What is consent under APA?

In accordance with the Australia Privacy Act 1988, obtaining explicit consent is necessary for gathering sensitive information or for utilizing/disclosing personal data beyond its original intended purpose.
Cookie consent in Australia does not require express consent for processing non-sensitive personal information. Instead, implied consent suffices, provided individuals are notified at or before data collection. Organizations must ensure individuals understand the data's purpose and offer an opt-out option. According to the Office of the Australian Information Commissioner (OAIC), consent should be informed, voluntary, and current and specific.

What are the privacy changes in Australia?

The Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022, enacted on 12 December 2022, introduces substantial reforms to the Privacy Act Australia. These reforms aim to bolster personal information protection, amplify individual privacy rights, and foster transparency and accountability in data management. The Act introduces notable changes, such as expanding the extraterritorial scope of the Privacy Act 1988, escalating penalties for serious or repeated infringements, reinforcing the Notifiable Data Breaches Scheme, and empowering the OAIC with enhanced authority to tackle privacy breaches.

How to make my business compliant with the APA?

To assure APA compliance for your business, start by implementing clear data protection policies and procedures. One of the easiest ways to simplify compliance is by using a Consent Management Platform (CMP) like Consentmo, which is designed specifically for Shopify stores. Our app helps you manage cookie consent, data requests, and user rights, verifying your store meets APA requirements without hassle.

Is your site compliant?