AustraliaData & Privacy
GDPR, CCPA, data subject requests, privacy rights
25 questions
✅
Consent & Purpose
(4)A business is collecting my personal information without explaining why. Is this allowed?
No, it is not allowed. Australian law requires businesses to clearly explain why they collect your personal information before or at the time of collection.
A company shared my health information with a third party without my consent. What can I do?
You can complain to the Office of the Australian Information Commissioner (OAIC), seek correction or deletion of your information, and in some cases apply for compensation. The Privacy Act 1988 (Cth) prohibits unauthorised disclosure of health information.
A website collected my biometric data (facial recognition) without asking. Is this a privacy breach?
Yes, collecting your facial recognition data without consent is likely a privacy breach under Australia’s Privacy Act, which requires notice and consent for handling sensitive biometric information.
A company is using my personal information for a purpose different from what they told me. Is this a breach?
Yes, it is likely a breach of the Privacy Act 1988 (Cth) if a company uses your personal information for a purpose different from the one they disclosed at collection, unless an exception applies.
⚠️
Data Breaches
(4)A company suffered a data breach exposing my personal details. Are they required to notify me?
Yes, if the breach is likely to result in serious harm to you, the company must notify you and the OAIC within 30 days under Australia’s Notifiable Data Breaches (NDB) scheme.
A business didn't properly secure my credit card details and they were stolen. What action can I take?
You can complain to the OAIC, seek compensation from the business, and report the breach to your financial institution — businesses must notify you and the OAIC if your credit card data is compromised under the Privacy Act.
A company experienced a serious data breach but didn't report it to the Privacy Commissioner. What happens?
The company may face a civil penalty of up to $2.1 million for failing to notify the OAIC of an eligible data breach under the Privacy Act.
My former employer leaked my personal data to a new employer without consent. What's my remedy?
You may complain to the Office of the Australian Information Commissioner (OAIC) and seek compensation if the leak breached the Privacy Act 1988 (Cth), as your former employer likely mishandled your personal information without consent.
🔍
Access & Correction
(2)I asked a company to delete my personal data but they refused. Do they have to comply?
Yes, in most cases Australian companies must comply with a valid request to delete your personal data under the Privacy Act 1988, unless an exception applies.
I want to know what personal information a company holds about me. Do I have a right to access it?
Yes, you have a legal right to access your personal information held by most Australian companies under the Privacy Act 1988.
👁️
Surveillance
(5)My employer recorded my phone calls without telling me. Is this legal?
In most cases, it is illegal for your employer to record your phone calls without your knowledge or consent in Australia.
Someone accessed my stored text messages without authorization. What law protects me?
Your stored text messages are protected under the Telecommunications Act 1997 (Cth), which prohibits unauthorised access to stored communications, including SMS.
My company's IT department reads employees' personal emails on work devices. Is this lawful?
It may be unlawful for your company to read personal emails on work devices without consent, as it could breach privacy laws and workplace surveillance rules.
Can the police access my phone metadata without a warrant in Australia?
Yes, in many cases Australian police can access phone metadata without a warrant under the Telecommunications Act and related laws.
My phone conversations are being intercepted by a private investigator hired by my spouse. Is this legal?
No, it is illegal for a private investigator to intercept your phone conversations in Australia without your consent, as this breaches the Telecommunications (Interception and Access) Act 1979.
📧
Spam & Marketing
(4)A marketing company keeps sending me spam emails despite unsubscribing multiple times. What are my rights?
You have the right to stop unsolicited marketing emails under Australia’s Spam Act, and the sender must honour your unsubscribe request within 5 business days.
A company sent a commercial text message without including sender details. Is this against the law?
Yes, it is against the law in Australia for a company to send a commercial text message without including clear sender identification.
I received a spam email with no unsubscribe option. How do I report this?
You can report spam emails with no unsubscribe option to the Australian Communications and Media Authority (ACMA) via their online complaint form.
A social media platform is collecting excessive data beyond what's needed. Can I complain?
Yes, you can complain to the Office of the Australian Information Commissioner (OAIC) if a social media platform collects more personal information than necessary for its functions.
🏛️
Government Agencies
(2)My personal information held by a government agency is incorrect. How do I get it fixed?
You can request a correction in writing to the government agency holding your information under the Privacy Act 1988. They must respond within 30 days and correct it if the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
A government department shared my tax records with another agency. When is this allowed?
A government department in Australia may share your tax records with another agency only if permitted by law — for example, under the Taxation Administration Act 1953 for debt recovery, or under specific authorisations in the Privacy Act 1988 or other legislation.