What does “trade in personal information” mean?

Australian Capital Territory
New South Wales
Northern Territory
South Australia
Western Australia
All Australian States + Territories

What does “trade in personal information” mean?

A business or NFP is “trading” in Personal Information if it collects from or discloses to someone else, an individual’s Personal Information for a benefit, service or advantage.

A benefit, service or advantage can be any kind of financial payment, concession, subsidy or some other advantage or service.

For example: Buying a mailing list without first getting the consent of all the individuals on that list, or disclosing customer details to someone else for some commercial (monetary or otherwise) gain.

If you trade in Personal Information you will have to comply with the Australian Privacy Principles in the Privacy Act.

Complying with the Privacy Act does not prevent you from collecting Personal Information for your business needs, but it does mean you must follow the rules about how to handle that information.

If you are unsure whether you are using Personal Information to sell advertising, you should seek Independent Legal Advice.

Exemptions may apply where “consent” has been obtained for small businesses with turnover of $3 million or less that are not considered an APP entity for any other reason (refer to the second set of criteria discussed above). However even in this case, your should have an easy-to-read Privacy Policy so that you can ensure that you obtain clear informed consent as required.

In order to avoid any question regarding whether valid “consent” has been obtained in accordance with the requirements of the Privacy Act, it is recommended that you be as clear and transparent as possible in your Privacy Policy about what Personal Information you are collecting, what you are doing with it, and the reasons why.

It’s also highly recommended you request that the user actively indicate consent by having them take an affirmative action such as ticking a checkbox or clicking a button. This can be facilitated by adding a checkbox with a link to the privacy policy to your data collection forms, and by using something like a site banner to alert and collect your users’ consent to tracking technologies such as cookies.

iubenda’s Cookie Solution makes setting up a site banner and linking to the Privacy Policy pretty easy. You can read more about the Cookie Solution here as well as how to customize your site banner here.


This FAQ was written by James D. Ford GAICD | Principal Solicitor, Blue Ocean Law Group℠.

Important Notice:

This FAQ is intended for general interest + information only.

It is not legal advice, nor should it be relied upon or used as such.

We recommend you always consult a lawyer for legal advice specifically tailored to your needs & circumstances.