It is almost guaranteed that mobile apps will collect some form of personal information from users, so if you are building an app, you need to consider whether Australian privacy laws apply to you. This is especially important as it will determine how you collect and deal with users’ information. If you are a business which is subject to the Australian privacy laws, you will therefore have legal obligations. Failure to fulfill these obligations can result in serious penalties. This article explains when you need to comply with Australian privacy laws if you are building an app.
Australian Privacy Laws
Generally speaking, you are an APP entity if your business has an annual turnover of more than $3 million. However, startups and small businesses with a turnover of less than $3 million can also be APP entities in certain circumstances. This may be the case if:
- your app shares information with third parties for a benefit;
- you are providing a health service;
- you purchase personal information; or
- you use personal information to sell advertising through your app.
Examples of personal information your app may be collecting include:
- contact details;
- IP addresses;
- location information; or
If you are an APP entity, it is important to know if your app collects ‘sensitive information’, which is generally afforded greater protection under the Privacy Act. This is because misuse of sensitive information can result in discrimination, mistreatment and other adverse consequences.
Sensitive information is information which can be used to identify an individual’s:
- racial or ethnic origin;
- political or religious opinions or affiliations;
- membership of professional or trade association;
- sexual orientation;
- criminal record;
- health information; or
- biometric information.
Many businesses mistakenly believe they are not collecting sensitive information because they are not collecting health information. However, you must be conscious of whether the information your app is collecting can be inadvertently classed as sensitive information. For example, if your app allows users to post photos of themselves or make comments, it may be possible to identify a person’s religious affiliation or ethnic origin through those photos and comments.
If you are an APP entity building an app, you need to comply with the APPs which require businesses to deal with information in specific ways. Your obligations under the APPs include making users aware of the information you are collecting and the purpose for which you are collecting that information, as well as allowing users to access the information you are storing.
Additionally, there are further requirements if you are an APP entity which collects sensitive information. Generally, your app should only be collecting sensitive information where:
- the user consents to the collection; or
- it is reasonably necessary for the function of your business.
- the kinds of personal information that you collect and hold;
- how you collect personal information;
- how you hold personal information;
- the purposes for which you collect, hold, use and disclose personal information;
- how an individual may access their personal information and seek correction of it;
- how an individual may complain if you or a contractor breaches the APPs or a binding registered APP code; and
- whether you are likely to disclose personal information to overseas recipients, including a related body corporate, and the likely countries that you may send the information to.
Users are becoming increasingly aware of privacy and data protection and, accordingly, many will require the apps they use to be transparent about the information they collect and store, regardless of whether the law requires this transparency. This is even more likely to be the case if users are disclosing sensitive information on your platform.
Additionally, your app’s users should be able to readily access the policy and understand how you collect and use their information. If you have any questions, contact LegalVision’s online lawyers on 1300 544 755 or fill out the form on this page.
Was this article helpful?
We appreciate your feedback – your submission has been successfully received.