Reading time: 5 minutes

New Zealand (NZ) and Australian businesses do a lot of work together, and your business may be a part of that. For example, you may have offices there or sell your goods to Australian customers online. When you do so, your NZ business likely handles the personal information of Australian citizens, raising potential privacy law concerns. Therefore, you may need to follow Australian privacy law, depending on the extent that you do business in Australia. For some guidance, this article will explain whether your New Zealand business needs to comply with Australian privacy law.

Who Does Australian Privacy Law Apply To?

Australian privacy law is managed with a Privacy Act. Similarly to Australia, NZ privacy law is also managed with its own Privacy Act. There may also be local privacy laws according to the state or territory you are operating in. This law protects personal information, which under the Australian definition means any:

  • information about an identifiable individual; and
  • opinion about an identifiable individual, whether it is true or not.

The Act also protects sensitive information as a separate category.

Unlike New Zealand, not every business in Australia that handles personal information needs to observe the Privacy Act’s requirements. For private businesses, you have the legal obligation to follow the Privacy Act if you have an annual turnover of at least AU $3 million. You may still need to comply even if you have a lower turnover if you:

  • handle health information;
  • trade in personal information; or
  • are a Commonwealth contractor.

Similar to the NZ Privacy Act, the Australian Privacy Act operates on principles you need to observe when handling personal information, in order to comply with privacy law. They also require a privacy policy and that you include specific information in this policy.

Does the Australian Privacy Act Apply to My Business?

In New Zealand, our Privacy Act applies to anyone that carries on business in the country. Consequently, this means that overseas agencies that base their offices outside of New Zealand need to comply with our privacy laws. Even businesses that do not have a physical presence in the country may come under this rule if they profit in New Zealand or receive monetary payment for their goods/services.

Australia has a similar rule that may apply to your business if you have Australian business connections. Their Privacy Act applies to any entity that has an “Australian link”. This phrase is a broad term, which can apply to your business if:

  • you are an Australian citizen;
  • you established your business in Australia;
  • your central management is in Australia; or
  • you carry on business while collecting/holding personal information in Australia.

Carrying on business involves some kind of regular commercial activity with the aim of making a profit. Different factors will contribute to assessing whether or not you carry on business in Australia, which depend on the factual nature of your business. These factors include:

  • whether you have offices/facilities in Australia;
  • having a fixed local agent that acts on your behalf for business matters in Australia;
  • selling your goods or services to people online to people in Australia;
  • registering trade marks in Australia; or
  • managing or assessing business/purchase orders in Australia.

For example, using the personal information of your Australian customers to pay for goods online and facilitate deliveries means that you will likely have an Australian link. Therefore, you need to look into your Australian privacy obligations if you meet the other requirements.

Cross Border Disclosures

Even if you do not qualify as having enough of an Australian link, businesses from NZ may still need to heed Australian privacy law if you engage with Australian businesses.

Like New Zealand businesses, Australian businesses that share personal information overseas need to ensure the third party they share it with handles that information appropriately. If an Australian business partner shares the personal information of its customers with you, they will likely have contractual safeguards designed to protect that information. If you do not comply with these rules, then they are usually accountable under Australian privacy law.

Therefore, they will take steps to protect their own liability when sharing personal information with your business. You may have to observe special procedures when dealing with this personal information and provide proof of your security measures. Otherwise, there may be contractual penalties. 

These rules are very similar to New Zealand’s own. Therefore, there is likely to overlap in the steps you need to take to meet both New Zealand privacy law and your contractual requirements.

Key Takeaways

If you carry out business in Australia, you may have enough of an “Australian link” that requires you to comply with the Privacy Act. However, the Australian Privacy Act only applies to entities with an annual turnover of more than AU $3 million or meet other requirements, such as trading in personal information. If you qualify under these definitions, then you need to take steps to meet your Australian privacy law obligations. If you would like more information or help with your privacy concerns in Australia as a New Zealand business, contact LegalVision’s privacy lawyers on 0800 005 570 or fill out the form on this page.

Frequently Asked Questions

Who does the New Zealand Privacy Act apply to?

The New Zealand Privacy Act applies to any organisation that handles personal information. This definition applies to businesses and organisations in New Zealand, as well as overseas agencies that do business in New Zealand.

What qualifies as an Australian link?

Whether your business has enough of an Australian link will depend on your factual circumstances. For example, if you carry out sufficient business activities in Australia, such as selling goods to Australian customers online, then you likely will qualify.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2020 Excellence in Technology & Innovation – Finalist – Australasian Law Awards 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice – Winner – Australasian Lawyer 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2021 Law Firm of the Year - Australasian Law Awards 2021 Law Firm of the Year - Australasian Law Awards
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards