Some estimates predict that by the year 2020, over 26 billion electronic devices all over the world will be able to connect to the internet. While the statistic no doubt excites technology aficionados, the products and services that comprise the ‘Internet of Things‘ could significantly affect our privacy. Privacy requirements are a major issue for commercial entities whose business is part of the Internet of Things. This article discusses the recent report, what it means for these businesses and how they can meet their privacy obligations.

Global Privacy Enforcement Network Report

The Global Privacy Enforcement Network has (GPEN) recently released the results of its global sweep of products and services making up the Internet of Things, some of which are used daily by Australians. GPEN is an organisation made up of 26 national privacy enforcement authorities. These enforcement authorities, including the Australian Privacy Commissioner, scrutinised the privacy policies of over 300 businesses around the world. Australians use the devices and services of approximately 45 of these entities regularly. The Australian Report revealed some concerning statistics:

  • 71% did not explain properly how they stored information (no privacy policy);
  • 69% did not adequately explain how consumers could delete their information off the device; 
  • 38% did not include easily identifiable contact details in cases where a customer had a privacy concern; and
  • 91% did not advise a customer to customise their privacy settings.

Also, the Australian businesses assessed in the sweep did not typically inform customers about how the organisations managed their information. Over 50% did not adequately explain how they collected, used and disclosed data.

In response to these findings, the Australian Privacy Commissioner reminded Australians that while the Internet of Things provides some great products and convenience, consumers should not integrate the technology into their lives before considering whether they are comfortable with how their personal data is collected and managed. The Commissioner recommended all consumers check the business’ privacy policy before using any device.

This report and the Commissioner’s words are a timely reminder to all businesses who fall under the Australian Privacy Principles that they are obliged to have a clearly expressed and up-to-date privacy policy. Even if an entity does not formally have to comply with the APP, it is best practice for them to ensure that consumers know how a particular business handles their data. This can increase confidence and trust on the part of customers.

Australian Privacy Principles

The Australian Privacy Principles (APP) are located in Schedule 1 of the Privacy Act 1988 (Cth) (The Act). A business must comply with the APP if they are an APP entity under the Act. APP 1 requires all APP entities to manage their personal information openly and transparently. They must put in place practices, procedures and systems relating to their activities that ensure the business complies with the APP (and any relevant APP Code) and can deal with customer queries and complaints about their compliance with an APP or relevant Code. APP 1.3 mandates that all APP entities have a clearly expressed and up-to-date privacy policy which lets consumers know about that business’ management of personal information. Under the Act, personal information refers to information or an opinion about an identified individual or a person reasonably identifiable irrespective of whether it is true or not or whether it is recorded in a material form or not.

At a minimum, a privacy policy must include information about the type of personal information an entity collects and retains and include how it collects and holds that data. It must specify the purposes for which the entity collects, holds, uses and discloses personal information as well as how a person can access retained information about themselves and correct it. The policy should also detail how a person can complain about a breach of the APP or a registered APP Code applicable to the entity and how the entity will manage that complaint. If a business is likely to disclose personal information to an overseas recipient, their policy must set out how this information and data will be managed.

The entity must by law take all reasonable steps in the circumstances to ensure that its policy is available at no cost and in an appropriate form. Making a policy available on an business’s website is a common means of assuring that consumers can access it. 

Key Takeaways

The recent survey of devices and services that make up the Internet of Things reveals that many businesses in the area do not provide a privacy policy correct under the prescribed form. It serves as a reminder that all entities covered by the Australian Privacy Principles must have an up-to-date and clearly expressed privacy policy. The consequences of non-compliance with privacy requirements can not only result in action from governing bodies but also leaves businesses vulnerable to privacy breaches and litigation. If you’d like to speak with a lawyer about your business’s privacy obligations, get in touch with LegalVision today. Questions? Call us on 1300 544 755 or fill out the form on this page.

COVID-19 Business Survey
LegalVision is conducting a survey on the impact of COVID-19 for businesses across Australia. The survey takes 2 minutes to complete and all responses are anonymous. We would appreciate your input. Take the survey now.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. For just $199 per month, membership unlocks unlimited lawyer consultations, faster turnaround times, free legal templates and members-only discounts.

Learn more about LVConnect

Carole Hemingway
Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.
Our Awards
  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2019 NewLaw Firm of the Year - Australian Law Awards 2019 NewLaw Firm of the Year - Australian Law Awards
  • 2020 Fastest Growing Law Firm - Financial Times APAC 500 2020 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review 2020 AFR Fast 100 List - Australian Financial Review
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards
  • Most Innovative Law Firm - 2019 Australasian Lawyer 2019 Most Innovative Firm - Australasian Lawyer
Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at

View Privacy Policy