Reading time: 4 minutes

In Australia, there are a number of tech companies, startups included, that use cloud services to assist with the organising of their business data. As these cloud services are essentially 3rd parties that store data, the Australian Privacy Law governs their conduct. In particular, Australian Privacy Law impacts cloud services whenever personal information is being disclosed. This means that small businesses engaging these cloud services will be required to incorporate compliance policies that align with Australian Privacy Law requirements, namely where personal information is shared.

Tech companies should give some consideration to the privacy compliance requirements when dealing with cloud services. When in doubt, contact a tech lawyer to get in-depth advice on how to remain compliant with the APPs.

What defines ‘personal information’?

Under the APPs, the disclosure, use, and collection of, “personal information” is regulated. Personal information is defined as anything that can identify an individual. Someone’s identity can be determined depending on several factors, including the following:

  • Where the information is being kept;
  • How the information is being used; and
  • To what extent the holder of the informations is capable of analysing this information.

What defines ‘collection’?

Generally, when information is both collected and disclosed, the APPs will apply. This means that by holding information on record, whether digitally or otherwise, the criterion of “collection” will be satisfied. For example, when visitors to your company site enter their information to ‘Sign up’, the digital storage of this information is regarded as a ‘collection’ under the law. Other forms of collection include receiving referrals, calls, emails etc., and recording these details in the process.


Simply collecting personal information is not sufficient to warrant the application of the APPs. There are other factors that must be considered, including the size of the tech company.

If the business makes more than $3 million annually, it will have to comply with the APPs. Those that make less than this threshold will not be required to meet the APPs regulations, unless some exception applies. For tech companies, ‘disclosure’ is the most pertinent exception. If these smaller tech companies do any of the following, they will have to comply with the APPs:

  • Disclose someone’s personal information to get some advantage, service or benefit; or
  • Give someone an advantage, service or benefit in exchange for personal information (that relates to another individual.

The exception to this exception is based on having the individual’s consent or being authorised by law to do so.

Ask a tech lawyer to assist you in determining whether or not you are disclosing anyone’s personal information by using a cloud service.

What defines ‘disclosure’ and ‘use’?

A tech company sometimes uses or discloses personal information. According to the APPs, the difference between the two concepts comes down to whether or not the tech company has ‘effective control’ of the personal information.

In other words, if you have effective control over the information, you will be using that information. This means that disclosure requires:

  • Sharing the personal information with outside entities; and
  • Losing effective control over the personal information.

It was very common for tech businesses to contract someone to manage their analytics, hosting and support for their business’ information stored using a cloud service. By giving the contractor access to the business’ information, the company will be deemed to have disclosed this information if they do not still have effective control over it.

What defines ‘effective control’?

It is not always an easy term to define, but some guidance is offered by the APPs. The following will be taken into account when determining whether or not the company has retained effective control over the personal information:

  1. The binding nature of the contract on both parties;
  2. The cloud service provider’s access to the personal information is conditional in that it may only handle the information in order to provide the service;
  3. The contractor is also required (under his or her contract) to abide by the requirements of the cloud service provider;
  4. The business’ capacity to recover, modify, or gain access to the information;
  5. Whether any others have access to the information and why; and
  6. How easy it is to delete the information from the cloud service provider’s data.


The important lesson to take away here is that even the smaller tech companies may have to comply with the APPs and have a tech lawyer assist with strengthening the compliance measures they are currently taking, such as Privacy Policies, consent forms and notifications. Contact LegalVision on 1300 544 755 and speak with one of our tech lawyers to get a better understanding of how the Australian Privacy law guidelines apply to your tech business.


Redundancies and Restructuring: Understanding Your Employer Obligations

Thursday 7 July | 11:00 - 11:45am

If you plan on making a role redundant, it is crucial that you understand your employer obligations. Our free webinar will explain.
Register Now

How to Sponsor Foreign Workers For Your Tech Business

Wednesday 13 July | 11:00 - 11:45am

Need web3 talent for your tech business? Consider sponsoring workers from overseas. Join our free webinar to learn more.
Register Now

Advertising 101: Social Media, Influencers and the Law

Thursday 21 July | 11:00 - 11:45am

Learn how to promote your business on social media without breaking the law. Register for our free webinar today.
Register Now

Structuring for Certainty in Uncertain Times

Tuesday 26 July | 12:00 - 12:45pm

Learn how to structure to weather storm and ensure you can take advantage of the “green shoots” opportunities arising on the other side of a recession.
Register Now

Playing for the Prize: How to Run Trade Promotions

Thursday 28 July | 11:00 - 11:45am

Running a promotion with a prize? Your business has specific trade promotion obligations. Join our free webinar to learn more.
Register Now

Web3 Essentials: Understanding SAFT Agreements

Tuesday 2 August | 11:00 - 11:45am

Learn how SAFT Agreements can help your Web3 business when raising capital. Register today for our free webinar.
Register Now

Understanding Your Annual Franchise Update Obligations

Wednesday 3 August | 11:00 - 11:45am

Franchisors must meet annual reporting obligations each October. Understand your legal requirements by registering for our free webinar today.
Register Now

Legal Essentials for Product Manufacturers

Thursday 11 August | 11:00 - 11:45am

As a product manufacturer, do you know your legal obligations if there is a product recall? Join our free webinar to learn more.
Register Now

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards