Reading time: 4 minutes

Schedule 1 of the Privacy Act 1988 (Cth) contains the Australian Privacy Principles (APPs). The APPs state how certain organisations or ‘APP entities’ must handle, use and manage personal information. e-Platform operators need to be especially mindful of their obligations. Below, we define ‘APP entity’ and ‘personal information’ and set out some of the privacy compliance principles affecting e-Platform operators.

What is an APP Entity?

An APP entity is an organisation (including a sole individual trader, a body corporate, partnership, an unincorporated association or a trust) that discloses personal information about an individual. The organisation must either disclose or provide the information for a benefit, service or advantage as a pre-cursor to collecting an individual’s personal information.

What is Personal Information?

Personal information can be any information or opinion, regardless of whether it’s true of not or kept in material form, about an individual whose identity is apparent or can reasonably be ascertained.

1. Collection of Solicited Personal Information

APP 1 requires APP entities to implement practices, procedures and systems to ensure they comply with the APPs. It further requires an APP entity to have mechanisms in place that enable them to deal with enquiries and complaints regarding compliance with its privacy obligations. APP 3 provides that an APP entity must not collect personal information unless it’s reasonably necessary to do so for one or more of their functions.

To comply with APPs 1 and 3, e-Platform operators should:

  • have an up-to-date privacy policy available linking from the platform;
  • set out in their terms of use that they will collect personal information;
  • take proactive steps to establish and maintain internal practices, procedures and systems that ensure team members also comply with the APPs;
  • implement practices, procedures and systems for identifying and responding to privacy breaches; and
  • implement mechanisms to ensure that agents and contractors of the e-Platform comply with the APPs.

2. Notifying Individuals

APP 5 states that an APP entity must notify an individual at or before the time that:

  • the entity collected their personal information;
  • the circumstances of that collection;
  • the purpose of the entity collecting the information; and
  • any other entity, body or person to whom the entity may disclose the information to.

An e-Platform operator should also display a notice on the main page setting out its disclosure obligations as well as ensure that all third party service providers know and comply with this requirement.

3. Use and Disclosure of Personal Information

Under APP 6, if an APP entity holds personal information for a particular purpose, it must not use or disclose the information for another purpose. This rule applies except where the individual has consented to the use or disclosure of their information. Consent can be express or implied. The Office of the Australian Information Commissioner (OAIC), who oversees the APPs, suggests that consent is relevant where:

  1. the entity has adequately informed the individual before they give consent;
  2. the individual gave their consent voluntarily;
  3. the consent is current and specific; and
  4. the individual can understand and communicate their consent.

One way for e-Platform operators to obtain express consent is by requiring them to opt into electronic correspondence to receive, for example, emails from third-party suppliers.

4. Access to and Correction of Personal Information

APP 12 provides that APP entities must give individuals access to their information within a reasonable time and without an excessive fee following a request. e-Platform operators should ensure that the request for personal information is made by the correct individual, or by a person authorised to make a request on their behalf (e.g. a legal guardian). An organisation would contravene the APPs if they were to grant the information to another individual.

Further, APP 13 states that the entity must correct the individual’s personal information if asked or if it is found to be inaccurate. e-Platform operators should allow end users to submit requests for their personal information to be updated via their accounts.

***

e-Platform operators should familiarise themselves with their privacy obligations under the APPs. If you need assistance determining whether your current policies and procedures are compliant, get in touch with our online lawyers on 1300 544 755.

Webinars

Redundancies and Restructuring: Understanding Your Employer Obligations

Thursday 7 July | 11:00 - 11:45am

Online
If you plan on making a role redundant, it is crucial that you understand your employer obligations. Our free webinar will explain.
Register Now

How to Sponsor Foreign Workers For Your Tech Business

Wednesday 13 July | 11:00 - 11:45am

Online
Need web3 talent for your tech business? Consider sponsoring workers from overseas. Join our free webinar to learn more.
Register Now

Advertising 101: Social Media, Influencers and the Law

Thursday 21 July | 11:00 - 11:45am

Online
Learn how to promote your business on social media without breaking the law. Register for our free webinar today.
Register Now

Structuring for Certainty in Uncertain Times

Tuesday 26 July | 12:00 - 12:45pm

Online
Learn how to structure to weather storm and ensure you can take advantage of the “green shoots” opportunities arising on the other side of a recession.
Register Now

Playing for the Prize: How to Run Trade Promotions

Thursday 28 July | 11:00 - 11:45am

Online
Running a promotion with a prize? Your business has specific trade promotion obligations. Join our free webinar to learn more.
Register Now

Web3 Essentials: Understanding SAFT Agreements

Tuesday 2 August | 11:00 - 11:45am

Online
Learn how SAFT Agreements can help your Web3 business when raising capital. Register today for our free webinar.
Register Now

Understanding Your Annual Franchise Update Obligations

Wednesday 3 August | 11:00 - 11:45am

Online
Franchisors must meet annual reporting obligations each October. Understand your legal requirements by registering for our free webinar today.
Register Now

Legal Essentials for Product Manufacturers

Thursday 11 August | 11:00 - 11:45am

Online
As a product manufacturer, do you know your legal obligations if there is a product recall? Join our free webinar to learn more.
Register Now

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards