Skip to content
LegalVision

Building an App: How Do I Comply With Privacy Obligations?

Avatar photo

By Sophie Mao
Practice Leader

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn
Summarise with: ChatGPT logo ChatGPT Perplexity logo Perplexity Microsoft Copilot logo Microsoft Copilot
Table of Contents

It is almost guaranteed that mobile apps will collect some form of personal information from users, so if you are building an app, you need to consider whether Australian privacy laws apply to you. This is especially important as it will determine how you collect and deal with users’ information. If you are a business which is subject to the Australian privacy laws, you will therefore have legal obligations. Failure to fulfill these obligations can result in serious penalties. This article explains when you need to comply with Australian privacy laws if you are building an app.

Australian Privacy Laws

In Australia, the Privacy Act 1988 contains principles on privacy protection called the Australian Privacy Principles (APP). These principles are binding for APP entities.

Generally speaking, you are an APP entity if your business has an annual turnover of more than $3 million. However, startups and small businesses with a turnover of less than $3 million can also be APP entities in certain circumstances. This may be the case if:

  • your app shares information with third parties for a benefit;
  • you are providing a health service;
  • you purchase personal information; or
  • you use personal information to sell advertising through your app.

Examples of personal information your app may be collecting include:

  • names;
  • contact details;
  • IP addresses;
  • location information; or
  • photos.

Sensitive Information

If you are an APP entity, it is important to know if your app collects ‘sensitive information’, which is generally afforded greater protection under the Privacy Act. This is because misuse of sensitive information can result in discrimination, mistreatment and other adverse consequences.

Sensitive information is information which can be used to identify an individual’s:

  • racial or ethnic origin;
  • political or religious opinions or affiliations;
  • membership of professional or trade association;
  • sexual orientation;
  • criminal record;
  • health information; or
  • biometric information.

Many businesses mistakenly believe they are not collecting sensitive information because they are not collecting health information. However, you must be conscious of whether the information your app is collecting can be inadvertently classed as sensitive information. For example, if your app allows users to post photos of themselves or make comments, it may be possible to identify a person’s religious affiliation or ethnic origin through those photos and comments.

Continue reading this article below the form
Loading form

Privacy Obligations

If you are an APP entity building an app, you need to comply with the APPs which require businesses to deal with information in specific ways. Your obligations under the APPs include making users aware of the information you are collecting and the purpose for which you are collecting that information, as well as allowing users to access the information you are storing.

Additionally, there are further requirements if you are an APP entity which collects sensitive information. Generally, your app should only be collecting sensitive information where:

  • the user consents to the collection; or
  • it is reasonably necessary for the function of your business.

Privacy Policy

If you are an APP entity because you meet the requirements, you must have a publicly available privacy policy as provided for under the Privacy Act. Your policy should be readily accessible to all users of your app and set out:

  • the kinds of personal information that you collect and hold;
  • how you collect personal information;
  • how you hold personal information;
  • the purposes for which you collect, hold, use and disclose personal information;
  • how an individual may access their personal information and seek correction of it;
  • how an individual may complain if you or a contractor breaches the APPs or a binding registered APP code; and
  • whether you are likely to disclose personal information to overseas recipients, including a related body corporate, and the likely countries that you may send the information to.

Even if you are not an APP entity which is subject to the Australian privacy laws, it is still good business practice to have a privacy policy. You should ensure it is compliant with the benchmark of privacy protection set out in the APPs.

Users are becoming increasingly aware of privacy and data protection and, accordingly, many will require the apps they use to be transparent about the information they collect and store, regardless of whether the law requires this transparency. This is even more likely to be the case if users are disclosing sensitive information on your platform.

Key Takeaways

If you are an APP entity building an app which is collecting sensitive information, you should comply with your privacy obligations. Otherwise, you risk severe fines for breaching the Privacy Act. Even if you are not an APP entity, it is best practice to have a privacy policy to gain the trust of your users.

Additionally, your app’s users should be able to readily access the policy and understand how you collect and use their information. If you have any questions, contact LegalVision’s online lawyers on 1300 544 755 or fill out the form on this page.

Register for our free webinars

Demystifying M&A: What Every Business Owner Should Know

Online
Understand the essentials of mergers and acquisitions and protect your business value. Register for our free webinar.
Register Now

Social Media Compliance: Safeguard Your Brand and Avoid Common Pitfalls

Online
Avoid legal pitfalls in social media marketing and safeguard your brand. Register for our free webinar.
Register Now

Building a Strong Startup: Ask a Lawyer and Founder Your Tough Questions

Stone & Chalk Tech Central, Level 1 - 477 Pitt St Haymarket 2000
Join LegalVision and Bluebird at the Spark Festival to ask a lawyer and founder your startup questions. Register now.
Register Now

Construction Industry Update: What To Expect in 2026

Online
Stay ahead of major construction regulatory changes. Register for our free webinar.
Register Now
See more webinars >
Sophie Mao

Sophie Mao

Read all articles by Sophie

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

Does Your Business Trade in Personal Information?

What Should I Do to Protect Customers’ Personal Information?

How Can I Protect My Clients’ Personal Information and Meet My Privacy Obligations?

Differences Between the EU General Data Protection Regulation (GDPR) and the Australian Privacy Principles (APPs)

We’re an award-winning law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards