Reading time: 4 minutes

Schedule 1 of the Privacy Act 1988 (Cth) contains the Australian Privacy Principles (APPs). The APPs state how certain organisations or ‘APP entities’ must handle, use and manage personal information. e-Platform operators need to be especially mindful of their obligations. Below, we define ‘APP entity’ and ‘personal information’ and set out some of the privacy compliance principles affecting e-Platform operators.

What is an APP Entity?

An APP entity is an organisation (including a sole individual trader, a body corporate, partnership, an unincorporated association or a trust) that discloses personal information about an individual. The organisation must either disclose or provide the information for a benefit, service or advantage as a pre-cursor to collecting an individual’s personal information.

What is Personal Information?

Personal information can be any information or opinion, regardless of whether it’s true of not or kept in material form, about an individual whose identity is apparent or can reasonably be ascertained.

1. Collection of Solicited Personal Information

APP 1 requires APP entities to implement practices, procedures and systems to ensure they comply with the APPs. It further requires an APP entity to have mechanisms in place that enable them to deal with enquiries and complaints regarding compliance with its privacy obligations. APP 3 provides that an APP entity must not collect personal information unless it’s reasonably necessary to do so for one or more of their functions.

To comply with APPs 1 and 3, e-Platform operators should:

  • have an up-to-date privacy policy available linking from the platform;
  • set out in their terms of use that they will collect personal information;
  • take proactive steps to establish and maintain internal practices, procedures and systems that ensure team members also comply with the APPs;
  • implement practices, procedures and systems for identifying and responding to privacy breaches; and
  • implement mechanisms to ensure that agents and contractors of the e-Platform comply with the APPs.

2. Notifying Individuals

APP 5 states that an APP entity must notify an individual at or before the time that:

  • the entity collected their personal information;
  • the circumstances of that collection;
  • the purpose of the entity collecting the information; and
  • any other entity, body or person to whom the entity may disclose the information to.

An e-Platform operator should also display a notice on the main page setting out its disclosure obligations as well as ensure that all third party service providers know and comply with this requirement.

3. Use and Disclosure of Personal Information

Under APP 6, if an APP entity holds personal information for a particular purpose, it must not use or disclose the information for another purpose. This rule applies except where the individual has consented to the use or disclosure of their information. Consent can be express or implied. The Office of the Australian Information Commissioner (OAIC), who oversees the APPs, suggests that consent is relevant where:

  1. the entity has adequately informed the individual before they give consent;
  2. the individual gave their consent voluntarily;
  3. the consent is current and specific; and
  4. the individual can understand and communicate their consent.

One way for e-Platform operators to obtain express consent is by requiring them to opt into electronic correspondence to receive, for example, emails from third-party suppliers.

4. Access to and Correction of Personal Information

APP 12 provides that APP entities must give individuals access to their information within a reasonable time and without an excessive fee following a request. e-Platform operators should ensure that the request for personal information is made by the correct individual, or by a person authorised to make a request on their behalf (e.g. a legal guardian). An organisation would contravene the APPs if they were to grant the information to another individual.

Further, APP 13 states that the entity must correct the individual’s personal information if asked or if it is found to be inaccurate. e-Platform operators should allow end users to submit requests for their personal information to be updated via their accounts.


e-Platform operators should familiarise themselves with their privacy obligations under the APPs. If you need assistance determining whether your current policies and procedures are compliant, get in touch with our online lawyers on 1300 544 755.


Australia’s Global Talent Visa: How to Attract Top Talent

Thursday 7 October | 11:00 - 11:45am

Understand how to navigate Australia’s complex migration system to attract top overseas talent with our free webinar.
Register Now

5 Essential Contracts for your Online Business

Thursday 14 October | 11:00 - 11:45am

Learn which key contracts will best protect your online business with our free webinar.
Register Now

Key Considerations When Buying a Business

Thursday 11 November | 11:00 - 11:45am

Learn which questions to ask when buying a business to avoid legal and operational pitfalls, so you can hit the ground running. Join our free webinar.
Register Now

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards

  • 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year - Australasian Law Awards
  • 2019 Most Innovative Firm - Australasian Lawyer