Schedule 1 of the Privacy Act 1988 (Cth) contains the Australian Privacy Principles (APPs). The APPs state how certain organisations or ‘APP entities’ must handle, use and manage personal information. e-Platform operators need to be especially mindful of their obligations. Below, we define ‘APP entity’ and ‘personal information’ and set out some of the privacy compliance principles affecting e-Platform operators.

What is an APP Entity?

An APP entity is an organisation (including a sole individual trader, a body corporate, partnership, an unincorporated association or a trust) that discloses personal information about an individual. The organisation must either disclose or provide the information for a benefit, service or advantage as a pre-cursor to collecting an individual’s personal information.

What is Personal Information?

Personal information can be any information or opinion, regardless of whether it’s true of not or kept in material form, about an individual whose identity is apparent or can reasonably be ascertained.

1. Collection of Solicited Personal Information

APP 1 requires APP entities to implement practices, procedures and systems to ensure they comply with the APPs. It further requires an APP entity to have mechanisms in place that enable them to deal with enquiries and complaints regarding compliance with its privacy obligations. APP 3 provides that an APP entity must not collect personal information unless it’s reasonably necessary to do so for one or more of their functions.

To comply with APPs 1 and 3, e-Platform operators should:

  • have an up-to-date privacy policy available linking from the platform;
  • set out in their terms of use that they will collect personal information;
  • take proactive steps to establish and maintain internal practices, procedures and systems that ensure team members also comply with the APPs;
  • implement practices, procedures and systems for identifying and responding to privacy breaches; and
  • implement mechanisms to ensure that agents and contractors of the e-Platform comply with the APPs.

2. Notifying Individuals

APP 5 states that an APP entity must notify an individual at or before the time that:

  • the entity collected their personal information;
  • the circumstances of that collection;
  • the purpose of the entity collecting the information; and
  • any other entity, body or person to whom the entity may disclose the information to.

An e-Platform operator should also display a notice on the main page setting out its disclosure obligations as well as ensure that all third party service providers know and comply with this requirement.

3. Use and Disclosure of Personal Information

Under APP 6, if an APP entity holds personal information for a particular purpose, it must not use or disclose the information for another purpose. This rule applies except where the individual has consented to the use or disclosure of their information. Consent can be express or implied. The Office of the Australian Information Commissioner (OAIC), who oversees the APPs, suggests that consent is relevant where:

  1. the entity has adequately informed the individual before they give consent;
  2. the individual gave their consent voluntarily;
  3. the consent is current and specific; and
  4. the individual can understand and communicate their consent.

One way for e-Platform operators to obtain express consent is by requiring them to opt into electronic correspondence to receive, for example, emails from third-party suppliers.

4. Access to and Correction of Personal Information

APP 12 provides that APP entities must give individuals access to their information within a reasonable time and without an excessive fee following a request. e-Platform operators should ensure that the request for personal information is made by the correct individual, or by a person authorised to make a request on their behalf (e.g. a legal guardian). An organisation would contravene the APPs if they were to grant the information to another individual.

Further, APP 13 states that the entity must correct the individual’s personal information if asked or if it is found to be inaccurate. e-Platform operators should allow end users to submit requests for their personal information to be updated via their accounts.


e-Platform operators should familiarise themselves with their privacy obligations under the APPs. If you need assistance determining whether your current policies and procedures are compliant, get in touch with our online lawyers on 1300 544 755.

COVID-19 Business Survey
LegalVision is conducting a survey on the impact of COVID-19 for businesses across Australia. The survey takes 2 minutes to complete and all responses are anonymous. We would appreciate your input. Take the survey now.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. For just $199 per month, membership unlocks unlimited lawyer consultations, faster turnaround times, free legal templates and members-only discounts.

Learn more about LVConnect

Vanja Simic
Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.
Our Awards
  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2019 NewLaw Firm of the Year - Australian Law Awards 2019 NewLaw Firm of the Year - Australian Law Awards
  • 2020 Fastest Growing Law Firm - Financial Times APAC 500 2020 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review 2020 AFR Fast 100 List - Australian Financial Review
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards
  • Most Innovative Law Firm - 2019 Australasian Lawyer 2019 Most Innovative Firm - Australasian Lawyer
Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at

View Privacy Policy