Australian Privacy Act Policy Generator
A privacy policy aligned with the 13 Australian Privacy Principles (APPs) and OAIC guidance — not a US template with "Australia" added.
- Structured around the 13 Australian Privacy Principles
- OAIC named as complaint authority
- APP 8 cross-border disclosure obligations addressed
The Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) govern personal information handling for entities with Australian operations or Australian customers. The APPs are structurally different from GDPR — different consent definitions, different cross-border rules, different complaint authority (OAIC). A "privacy policy compliant with all major frameworks" template usually has a sentence about "Australia" tacked on and misses the actual APP structure. This page generates a policy structured around the APPs with OAIC complaint pathway and cross-border disclosure obligations addressed properly.
Disclosures grounded in the actual statutory text.
APP 1 — open and transparent management
The privacy policy itself is mandated under APP 1.3. Must describe what kinds of personal info are collected and held, how it's collected, the purposes, how an individual can access / correct, and how to complain to the OAIC.
APP 3 / APP 5 — collection notice
Personal info may only be collected if reasonably necessary for the entity's functions or activities (APP 3). At or before collection, the individual must be notified of specific matters (APP 5) — identity, contact, purpose, consequences of not collecting, etc.
APP 6 — use and disclosure
Personal info collected for one purpose can only be used for that purpose (or a related secondary purpose the individual would reasonably expect). Cross-promotion to a different purpose requires consent.
APP 8 — cross-border disclosure
Before disclosing to an overseas recipient, take reasonable steps to ensure the recipient does not breach the APPs. Carries forward liability — the Australian entity is generally accountable for an overseas recipient's breach. This is stricter than GDPR transfer mechanisms.
APP 11 — security
Reasonable steps to protect personal info from misuse, interference, loss, unauthorized access, modification, disclosure. Destroy or de-identify when no longer needed (APP 11.2).
OAIC complaint pathway
The right to complain to the Office of the Australian Information Commissioner (OAIC). Include OAIC contact info and a description of the internal complaint pathway first.
Where Australian Privacy Act templates usually go wrong.
US/EU template with "Australia" added
A GDPR-structured policy with a sentence saying "we also comply with Australian Privacy Act". OAIC doesn't treat this as compliance; the APPs have their own structure that should drive the policy organization.
No APP 8 cross-border carry-forward
APP 8 is strict — the Australian entity remains accountable for overseas recipient breaches. Templates usually miss this and rely on generic "we use safeguards" language.
Wrong complaint authority
Policies that mention only "an EU supervisory authority" or "the FTC" miss the OAIC. Australian users need to know they can complain to the OAIC.
Ready to generate your Australian Privacy Act privacy policy?
A 2-minute wizard with the Australian Privacy Act jurisdiction pre-selected. Free preview shows the first three sections — pay $2 only if you want to unlock the full document.
Questions about Australian Privacy Act compliance.
Other jurisdictions, same privacy policy.
Generate your Australian Privacy Act privacy policy now.
Free preview, no signup. Two minutes through the wizard. Only pay if you want to unlock the full document.