Does Privacy Act 1988 — Automated Decision-Making Reforms require Transparency & Disclosure?

Australia • enacted

Yes — 1 provision

Requirements at a glance

This regulation imposes 5 specific requirements for Transparency & Disclosure across 1 provision:

Automated Decision-Making Transparency (APP 1.7/1.8) #

Obligation:
Transparency
enacted
Effective:
Dec 10, 2026
Risk tier:
all
Scope:
providers, deployers
sleepercross-domainupcoming
Australia's Privacy Act reforms make AI transparency mandatory through privacy law — not AI-specific legislation. Any organization using personal information in automated decisions must update its privacy policy to describe, in general terms, the kinds of personal information used and the kinds of decisions made or substantially assisted by ADM. Even "human in the loop" doesn't exempt you if the algorithm plays a substantial role.

Requirements

RequirementDetails
Privacy policy disclosureMust disclose kinds of personal information used in ADM
Decision type disclosureMust describe kinds of decisions made solely or substantially by automated systems
Kinds-of-data/decisions disclosurePrivacy policy must describe, in clear terms, the kinds of personal information used in ADM and the kinds of decisions made or substantially assisted by ADM (APP 1.7-1.9) — not a causal or plain-language explanation of how the AI reaches a decision
Influential factors (practitioner best-practice, not statutory)Some practitioner guidance recommends disclosing factors that most significantly influence ADM outcomes as a best practice; this is not a requirement under the text of APP 1.7-1.9
Substantial role testApplies even when human reviews if AI is essential part of the process

Penalties

ViolationFine
Serious breachSignificant civil penalties per Privacy Act enforcement provisions
View full regulation View obligation Obligation matrix