---
title: "Australia Privacy Act 2026 — APP 1 ADM Transparency on December 10"
description: "The Privacy and Other Legislation Amendment Act 2024 turns on APP 1 automated-decision transparency December 10, 2026. The OAIC will publish detailed guidance. AI voice and chat agents need a privacy-policy refresh now."
canonical: https://callsphere.ai/blog/vw6f-australia-privacy-act-2026-admt
category: "AI Strategy"
tags: ["Australia", "Privacy Act", "APP 1", "ADM", "OAIC"]
author: "CallSphere Team"
published: 2026-04-08T00:00:00.000Z
updated: 2026-05-07T16:46:08.816Z
---

# Australia Privacy Act 2026 — APP 1 ADM Transparency on December 10

> The Privacy and Other Legislation Amendment Act 2024 turns on APP 1 automated-decision transparency December 10, 2026. The OAIC will publish detailed guidance. AI voice and chat agents need a privacy-policy refresh now.

> Australia's Privacy Act reform arrived in tranches. The first tranche — the Privacy and Other Legislation Amendment Act 2024 — flips automated-decision-making transparency live on 10 December 2026. APP 1 Privacy Policies need new sections by then.

## What the law says

The Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) bind APP entities — agencies and most private organisations with annual turnover over A$3M, plus health-information handlers. The Privacy and Other Legislation Amendment Act 2024 (POLA Act), enacted in 2024, brought the first tranche of long-promised reforms. Among them, amendments to APP 1.3 require an APP entity to include in its Privacy Policy: a statement that the entity uses computer programs to make or substantially assist in making decisions that may have a legal or similarly significant effect on individuals; the kinds of personal information used; the types of decisions made; and the categories of decisions that may significantly affect rights or interests. Effective date: 10 December 2026.

The OAIC will publish detailed guidance on the new APP 1 obligations in 2026. Existing OAIC guidance on AI emphasises privacy by design, accuracy of AI-generated personal information including hallucinations, and consent for sensitive-information training. The Privacy Act Review Final Report recommended a future right to request meaningful information about automated decisions; the second tranche of reforms is expected to deliver that. The OAIC has expanded enforcement powers, civil penalties up to A$50M for serious or repeated interference with privacy, and a notifiable-data-breach scheme.

## What AI voice/chat must do

By 10 December 2026, every APP-bound voice and chat operator must update its Privacy Policy with the four ADM-transparency elements. Practically: enumerate the workflows that use AI to make or substantially assist a decision; describe the personal information inputs; describe the decision types; and call out the categories with significant effect. The OAIC's privacy-by-design expectation extends to model selection, retention, and accuracy controls. Sensitive information training requires consent. Hallucinations producing inaccurate personal information are a risk under APP 10 (quality of personal information) and trigger correction obligations under APP 13.

## CallSphere posture

CallSphere — 37 agents, 90+ tools, 115+ DB tables, 6 verticals, 50+ businesses, 4.8/5, HIPAA and SOC 2 aligned — generates Australian APP-aligned privacy-policy sections automatically from each tenant's workflow inventory. The accuracy-control layer flags low-confidence outputs and re-prompts before storing claims about a person; correction requests under APP 13 are handled within the tenant CRM. Sensitive-information consent flows are gated. Pricing $149 / $499 / $1,499; [14-day trial](/trial); 22% [affiliate](/affiliate); see [/pricing](/pricing) and [/contact](/contact); about us at [/about](/about).

```mermaid
flowchart LR
A[AU Caller] --> B[Voice Agent]
B --> C[APP 1 Notice]
C --> D[ADM Section]
D --> E[Inputs + Types]
B --> F[APP 10 Accuracy]
F --> G[APP 13 Correction]
```

## Compliance checklist

1. Inventory every workflow that uses AI to make or substantially assist a decision with significant effect.
2. Update the Privacy Policy with the four APP 1.3 ADM elements before 10 December 2026.
3. Document the personal-information inputs per workflow.
4. Catalogue the decision types and categories with significant effect.
5. Adopt the OAIC privacy-by-design checklist for new model rollouts.
6. Capture consent for sensitive-information processing and training.
7. Implement APP 10 accuracy controls — verify, re-prompt, log corrections.
8. Stand up an APP 13 correction workflow within 30 days.
9. Track the second tranche of reforms — meaningful-information right is expected.
10. Maintain notifiable-data-breach response within the 30-day assessment window.

## FAQ

**Does APP apply to small businesses?**
Most are exempt below A$3M turnover, with exceptions for health-information handlers, contractors of agencies, and commercial-data sellers.

**Is voice metadata personal information?**
Often yes — combined with other data it identifies an individual.

**What counts as significant effect?**
The OAIC will detail this; legal or similarly significant outcomes such as eligibility, employment, finance, education, healthcare access typically qualify.

**Are hallucinations breaches?**
Inaccurate personal information that an entity creates or stores triggers APP 10 quality and APP 13 correction obligations.

**Is consent the basis for AI training?**
For sensitive information, yes. For other personal information, lawful collection and reasonable expectations apply.

## Sources

- Office of the Australian Information Commissioner (OAIC): [https://www.oaic.gov.au/](https://www.oaic.gov.au/)
- Privacy Act 1988 — federal register of legislation: [https://www.legislation.gov.au/Details/C2024C00006](https://www.legislation.gov.au/Details/C2024C00006)
- Privacy and Other Legislation Amendment Act 2024: [https://www.legislation.gov.au/C2024A00126/latest/text](https://www.legislation.gov.au/C2024A00126/latest/text)
- OAIC APP 1 Open and Transparent Management Guidance: [https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-guidelines/chapter-1-app-1-open-and-transparent-management-of-personal-information](https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-guidelines/chapter-1-app-1-open-and-transparent-management-of-personal-information)
- OAIC Submission on AGD Government ADM Use: [https://www.oaic.gov.au/engage-with-us/submissions/agd-consultation-paper-use-of-automated-decision-making-by-government](https://www.oaic.gov.au/engage-with-us/submissions/agd-consultation-paper-use-of-automated-decision-making-by-government)

---

Source: https://callsphere.ai/blog/vw6f-australia-privacy-act-2026-admt