Australia
Privacy Act 1988 and Australian Privacy Principles (APPs)
Australia's Privacy Act 1988, together with the Australian Privacy Principles, governs the handling of personal information including biometric data. The OAIC determined that Clearview AI breached Australian privacy law in 2021. A major review of the Privacy Act is underway, with proposed reforms including a direct right of action for individuals, a children's online privacy code, and a tort for serious invasion of privacy.
Key Provisions
- Personal information includes biometric data under APP definitions
- Collection must be reasonably necessary and by lawful, fair means
- Notice required when collecting personal information (APP 5)
- OAIC found Clearview AI violated Privacy Act for collecting Australians' biometric data
- Proposed Privacy Act reforms would add statutory tort for serious privacy invasion
- Government Identity Matching Services regulated by separate intergovernmental agreement
Your Biometric Rights
- Right to access personal information held by organizations (APP 12)
- Right to correction of personal information (APP 13)
- Right to complain to the OAIC
- Right to anonymity and pseudonymity where practicable (APP 2)
- Right to not have data used for direct marketing without consent
Penalties for Non-Compliance
Up to AUD $50 million, three times the value of benefit obtained, or 30% of adjusted turnover (whichever is greatest). OAIC can accept enforceable undertakings and pursue civil penalties.
Our Removal Process
We submit access and deletion requests under the Privacy Act and APPs. The OAIC's determination against Clearview AI establishes a strong precedent for facial data removal. We file requests with each operator and escalate to the OAIC if needed.
Get Protected