Before or at the time personal information is collected from
users, entities must notify users of the matters set out in APP 5.
These matters include the types of information that will be
collected, how information will be collected, who information will
be disclosed to, and whether information will be sent overseas.
use short form notices – these are notices that
are no longer than a single screen and explain what data will be
collected from users, and whether information will be shared with
other parties. They should also link to the entity's full
provide consent notices – if consent is required
for a specific collection or disclosure of personal information, a
targeted notice should be provided to users which allows them to
consent to the collection or disclosure;
provide a 'privacy dashboard' – this
allow users to adjust their privacy setting by offering a privacy
dashboard that is easy and straightforward to use;
get creative – try to avoid large slabs of text
by using other techniques such as graphics, colour and sound to
draw users' attention to important privacy matters.
Recording acknowledgement and consent
Consider how you will maintain appropriate evidence that notice
of the APP 5 matters was given to users at the appropriate time and
that users consented (where necessary) to specific collections and
disclosures. Tick-boxes built into the app can record the
user's acknowledgement that they have read the privacy
notifications outlined above, and/or consent to certain collections
The OAIC expects you to generally highlight privacy practices
and obtain acknowledgement and consent during the download or
purchase process and also upon first use. You can also use
tick-boxes to provide users with the opportunity to 'opt
out' of receiving direct marketing material, as required by APP
You may need to make additional privacy disclosures and obtain
additional consents after the app is downloaded, depending on the
app's functions. For example, if the app accesses a user's
calendar information, the first time that this function is
activated the user should be notified that their calendar data is
going to be collected and be able to opt out of this feature.
Under APP 1, entities must also have a clearly expressed and
the kind of personal information that the entity collects and
how the entity collects and holds personal information;
the purposes for which the entity collects, holds, uses and
discloses personal information;
how an individual may access their personal information and
seek the correction of such information;
how an individual may complain about a breach of the APPs, or a
registered APP code (such as the Credit Reporting Code), and how
the entity will deal with such a complaint;
whether the entity is likely to disclose personal information
to overseas recipients, and if so, the countries in which such
recipients are likely to be located (if practicable).
ensure that it includes the handling of personal information that
is collected via the mobile app.
informed of the changes in advance and told exactly what aspects of
changes, you may need to obtain the user's consent (for
example, via a tick-box).
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The legal rights and wrongs of taking photos can be confusing, so what does the law say about photos in a public place?
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).