DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

🇦🇺 Asia-Pacific

Cookie consent in Australia

Consent and privacy law in Australia

In short
Australia's Privacy Act 1988 is built around 13 Australian Privacy Principles and enforced by the OAIC. It applies to organisations with at least 3 million Australian dollars in turnover plus certain others, so many small businesses are exempt, a notable difference from the GDPR. Consent is required mainly for sensitive information, while much processing relies on notice and reasonable expectation. After major breaches, penalties were sharply increased to up to 50 million Australian dollars or 30 percent of adjusted turnover. A multi-stage reform is underway to modernise the law, including a fair and reasonable test and stronger individual rights. Cookies that identify users are personal information.
Authority
Office of the Australian Information Commissioner (OAIC)
Status

Privacy Act 1988 with the Australian Privacy Principles, under active reform

Primary law
Privacy Act
Languages

en

Who must comply

Australian Government agencies and private-sector organizations with over AU$3 million annual turnover, plus some smaller businesses, that handle personal information of people in Australia.

Penalties

Up to 50 million Australian dollars or 30 percent of adjusted turnover for serious breaches

Key obligations

  • Comply with the Australian Privacy Principles
  • Obtain consent for collecting sensitive information
  • Provide a clear privacy policy and collection notice
  • Give individuals access to and correction of their data
  • Notify eligible data breaches to the regulator and affected individuals

Local guidance

  • Apply the 13 Australian Privacy Principles
  • Obtain consent mainly for sensitive information
  • Check whether the small business exemption applies
  • Track the ongoing Privacy Act reform

How ConsentX helps

  • Consent capture for sensitive information
  • Direct-marketing opt-out controls
  • Collection notice in the banner
  • Access and correction request workflow
  • Region rule engine tuned for Australia
Get started free
yoursite.com
🇦🇺 Australia

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Australia using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Australia.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Australia requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Australia audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Are small businesses covered by Australia's Privacy Act?+

Many are not. The Privacy Act generally applies to organisations with at least 3 million Australian dollars in annual turnover, plus certain others, so a number of small businesses are currently exempt.

What are the maximum penalties in Australia?+

After reforms following major breaches, penalties for serious or repeated breaches rose to up to 50 million Australian dollars or 30 percent of adjusted turnover, whichever is higher.

Governing law

🇦🇺 Privacy Act

Other countries in Asia-Pacific

🇮🇳 भारत🇸🇬 Singapore🇹🇭 ประเทศไทย🇨🇳 中国🇯🇵 日本🇰🇷 대한민국🇳🇿 New Zealand / Aotearoa🇮🇩 Indonesia🇻🇳 Việt Nam🇲🇾 Malaysia🇵🇭 Pilipinas