New Report on Limits of “Consent” in Australia’s Data Protection Law

Authors: Dominic Paulger and Elizabeth Santhosh

Elizabeth Santhosh is a current law student at Singapore Management University and an FPF Global Privacy intern.


Today, the Future of Privacy Forum (FPF) and Asian Business Law Institute (ABLI), as part of their ongoing joint research project: “From Consent-Centric Data Protection Frameworks to Responsible Data Practices and Privacy Accountability in Asia Pacific,” are publishing the fifth in a series of detailed jurisdiction reports on the status of “consent” and alternatives to consent as lawful bases for processing personal data in Asia Pacific (APAC). 

This report provides a detailed overview of relevant laws and regulations in Australia, including: 

notice and consent requirements for processing personal data;the status of alternative legal bases for processing personal data which permit processing of personal data without consent if the data controller undertakes a risk impact assessment (e.g., legitimate interests); andstatutory bases for processing personal data without consent and exceptions or derogations from consent requirements in laws and regulations,

The findings of this report and others in the series will inform a forthcoming comparative review paper which will make detailed recommendations for legal convergence in APAC.

Australia’s Data Protection Landscape

The cornerstone of Australia’s federal data protection framework is the Privacy Act of 1988, which was passed in 1988, commenced in 1989, and gives effect to the Organisation for Economic Co-operation and Development’s (OECD) 1980 Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, as well as Australia’s obligations under international human rights law

Read more

Explore the site

More from the blog

Latest News