By Sagar Shankaran, Founder of CallSphere
The Privacy and Other Legislation Amendment Act 2024 turns on APP 1 automated-decision transparency December 10, 2026. The OAIC will publish detailed guidance. AI voice and chat agents need a privacy-policy refresh now.
Key takeaways
Australia's Privacy Act reform arrived in tranches. The first tranche — the Privacy and Other Legislation Amendment Act 2024 — flips automated-decision-making transparency live on 10 December 2026. APP 1 Privacy Policies need new sections by then.
The Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) bind APP entities — agencies and most private organisations with annual turnover over A$3M, plus health-information handlers. The Privacy and Other Legislation Amendment Act 2024 (POLA Act), enacted in 2024, brought the first tranche of long-promised reforms. Among them, amendments to APP 1.3 require an APP entity to include in its Privacy Policy: a statement that the entity uses computer programs to make or substantially assist in making decisions that may have a legal or similarly significant effect on individuals; the kinds of personal information used; the types of decisions made; and the categories of decisions that may significantly affect rights or interests. Effective date: 10 December 2026.
The OAIC will publish detailed guidance on the new APP 1 obligations in 2026. Existing OAIC guidance on AI emphasises privacy by design, accuracy of AI-generated personal information including hallucinations, and consent for sensitive-information training. The Privacy Act Review Final Report recommended a future right to request meaningful information about automated decisions; the second tranche of reforms is expected to deliver that. The OAIC has expanded enforcement powers, civil penalties up to A$50M for serious or repeated interference with privacy, and a notifiable-data-breach scheme.
Hear it before you finish reading
Talk to a live CallSphere AI voice agent in your browser — 60 seconds, no signup.
By 10 December 2026, every APP-bound voice and chat operator must update its Privacy Policy with the four ADM-transparency elements. Practically: enumerate the workflows that use AI to make or substantially assist a decision; describe the personal information inputs; describe the decision types; and call out the categories with significant effect. The OAIC's privacy-by-design expectation extends to model selection, retention, and accuracy controls. Sensitive information training requires consent. Hallucinations producing inaccurate personal information are a risk under APP 10 (quality of personal information) and trigger correction obligations under APP 13.
CallSphere — 37 agents, 90+ tools, 115+ DB tables, 6 verticals, 50+ businesses, 4.8/5, HIPAA and SOC 2 aligned — generates Australian APP-aligned privacy-policy sections automatically from each tenant's workflow inventory. The accuracy-control layer flags low-confidence outputs and re-prompts before storing claims about a person; correction requests under APP 13 are handled within the tenant CRM. Sensitive-information consent flows are gated. Pricing $149 / $499 / $1,499; 14-day trial; 22% affiliate; see /pricing and /contact; about us at /about.
flowchart LR
A[AU Caller] --> B[Voice Agent]
B --> C[APP 1 Notice]
C --> D[ADM Section]
D --> E[Inputs + Types]
B --> F[APP 10 Accuracy]
F --> G[APP 13 Correction]
Does APP apply to small businesses? Most are exempt below A$3M turnover, with exceptions for health-information handlers, contractors of agencies, and commercial-data sellers.
Is voice metadata personal information? Often yes — combined with other data it identifies an individual.
Still reading? Stop comparing — try CallSphere live.
CallSphere ships complete AI voice agents per industry — 14 tools for healthcare, 10 agents for real estate, 4 specialists for salons. See how it actually handles a call before you book a demo.
What counts as significant effect? The OAIC will detail this; legal or similarly significant outcomes such as eligibility, employment, finance, education, healthcare access typically qualify.
Are hallucinations breaches? Inaccurate personal information that an entity creates or stores triggers APP 10 quality and APP 13 correction obligations.
Is consent the basis for AI training? For sensitive information, yes. For other personal information, lawful collection and reasonable expectations apply.
Written by
Sagar Shankaran· Founder, CallSphere
Sagar Shankaran is the founder of CallSphere, where he builds production AI voice and chat agents deployed across healthcare, hospitality, real estate, and home services. He writes about agentic AI, LLM engineering, and shipping voice agents that handle real calls in production.
See how AI voice agents work for your industry. Live demo available -- no signup required.
Learn how Australian businesses can deploy VoIP calling platforms while meeting ACMA, Do Not Call Register, and Privacy Act requirements for compliant operations.
Agentic AI in Education in Australia: a 2026 field report on what production agentic AI teams are shipping, where the stack is converging, and the regulatory + ma...
Agentic AI in Legal in Australia: a 2026 field report on what production agentic AI teams are shipping, where the stack is converging, and the regulatory + market...
Agentic AI in Customer Support in Australia: a 2026 field report on what production agentic AI teams are shipping, where the stack is converging, and the regulato...
Agentic AI in Real Estate in Australia: a 2026 field report on what production agentic AI teams are shipping, where the stack is converging, and the regulatory + ...
Agentic AI in Healthcare in Australia: a 2026 field report on what production agentic AI teams are shipping, where the stack is converging, and the regulatory + m...
© 2026 CallSphere LLC. All rights reserved.