University of Melbourne · S1 2026 · FACULTY OF LAW

LAWS70082 · Privacy Law

- one subject, every graph, every model, every mark
50% final exam · hurdle14 Chapters4-page Bible
Our own words - no uploaded lecturer files
Built to mirror S1 2026 · updated this semester
Chapter 5 of 7 · LAWS70082

Australian Privacy Principles

The 13 Australian Privacy Principles in Schedule 1 of the Privacy Act 1988 (Cth) are the operative rules for handling personal information — the black-letter engine of any take-home problem. They group into five Parts: transparency and anonymity (APP 1–2); collection (APP 3–5); use and disclosure (APP 6–9); integrity (APP 10–11); and access and correction (APP 12–13). The drilled method is to clear the two gates first — is the actor an APP entity (s 6C; not exempt under s 6D / s 7B), and is the data personal / sensitive / health information (s 6, s 6FA; Telstra)? — then march through the APPs in order, pinpoint-citing the sub-clause (e.g. APP 6.2, APP 11.2) and naming the key exception, and noting that each breach is an interference with privacy (s 13) with possible s 13G exposure. APP 6 (use/disclosure) and APP 11 (security) are the workhorses; several exemptions are flagged as live reform targets. The take-home is open-resource, so you work with the OAIC APP Guidelines supplied on Canvas.

In this chapter

What this chapter covers

  • 01The two gates: APP entity (s 6C) + personal information (s 6; Telstra)
  • 02Part 1 (APP 1–2): transparency, open management, anonymity/pseudonymity
  • 03Part 2 (APP 3–5): collection — solicited, unsolicited, notification
  • 04Part 3 (APP 6–9): use & disclosure — APP 6 the workhorse; direct marketing; cross-border (APP 8)
  • 05Part 4 (APP 10–11): data quality and security — APP 11 the workhorse
  • 06Part 5 (APP 12–13): access and correction
  • 07Pinpoint-citing the sub-clause and naming the exception
  • 08Each breach = an interference (s 13); flag s 13G
Worked example · free

Worked example: marching the APPs on a disclosure

Q [5 marks]. An online retailer (an APP entity) collected email addresses to process orders, then sold the list to a third-party advertiser without telling customers. Identify the APPs most likely breached and the enforcement consequence.
  • +1Clear the gates: the retailer is an APP entity (s 6C), and emails tied to customers are personal information (s 6; Telstra) — the APPs apply.
  • +1APP 6 (use & disclosure): selling the list is a disclosure for a secondary purpose (advertising) unrelated to the primary purpose (order processing) and outside the customer’s reasonable expectations — a likely APP 6.1 breach absent an exception.
  • +1APP 5 / APP 1: failing to notify the collection purpose (APP 5) and lacking an open, transparent privacy policy covering the sale (APP 1) are further breaches.
  • +1APP 7 (direct marketing): if the advertiser markets to the list, APP 7 is engaged — direct marketing has its own opt-out rules.
  • +1Enforcement: each breach is an interference with privacy (s 13); a pattern of selling data may be serious or repeated under s 13G, exposing the retailer to civil penalties.
The clearest breach is APP 6 (disclosure for an unexpected secondary purpose), with APP 5/APP 1 notification-and-transparency breaches and APP 7 if the list is marketed to; each is an interference under s 13, and a repeated practice opens s 13G civil-penalty exposure.
Glossary

Key terms

The two gates
The threshold both APP questions clear before the principles bite: (1) the actor is an APP entity (s 6C, not exempt under s 6D / s 7B), and (2) the thing handled is personal / sensitive / health information (s 6, s 6FA; Telstra). Fail a gate and no APP applies.
APP 6 (use and disclosure)
The workhorse principle: personal information collected for a primary purpose may generally only be used or disclosed for that purpose, unless a secondary use falls within the individual’s reasonable expectations or an exception applies. Most problems turn on APP 6.
APP 11 (security)
The integrity workhorse: an APP entity must take reasonable steps to protect personal information from misuse, interference, loss and unauthorised access, and to destroy or de-identify it when no longer needed. The principle most data-breach scenarios engage.
APP 8 (cross-border disclosure)
Before disclosing personal information to an overseas recipient, an APP entity must take reasonable steps to ensure the recipient complies with the APPs — and generally remains accountable for the recipient’s handling. The principle for offshore-transfer facts.
Pinpoint citation
The marking-relevant habit of citing the exact sub-clause (APP 6.2, APP 11.2) and naming the operative exception, rather than the bare principle — the difference between a passing and a strong open-resource answer.
FAQ

Australian Privacy Principles FAQ

How do I structure an APP problem answer?

Clear the two gates (APP entity + personal information), then march the APPs in order through the five Parts, stopping only at the ones the facts engage. For each, state the rule with its number, name the key exception, apply it, then note the breach is an interference (s 13) and flag s 13G. Order and pinpoint citation are what markers reward.

Which APPs come up most?

APP 6 (use and disclosure) and APP 11 (security) are the workhorses, with APP 5 (notification), APP 3 (collection), APP 7 (direct marketing) and APP 8 (cross-border) close behind. Most fact patterns are an APP 6 or APP 11 issue dressed in different facts.

Can I just quote the APP from the Guidelines?

The take-home is open-resource and the OAIC APP Guidelines are supplied, so use them — but the marks are for applying the principle to the facts with pinpoint citation, not copying the text. Lift the rule, then argue it; name the exception and decide whether it is satisfied.

Do sensitive or health information change the analysis?

Yes — sensitive information (incl. health, s 6FA) attracts heightened collection and use rules (e.g. stricter consent for collection under APP 3). Spot it early, because the higher bar changes whether an APP is breached.

Study strategy

Exam move

Learn the five Parts as a checklist so you can march APP 1 to APP 13 in order without missing one, and make APP 6 and APP 11 second nature since most problems are one of them. Practise the two gates as a reflex opening move, and train pinpoint citation (APP 6.2, APP 11.2) plus naming the exception — the habit that separates strong open-resource answers. Close each breach with the enforcement tag: interference (s 13), then s 13G if serious or repeated, then the NDB scheme if data was breached. Keep the OAIC APP Guidelines tabbed so you can lift the rule fast and spend your time applying it.

A+Everything unlocked
Unlocks this Bible + all 29 of your University of Melbourne subjects - and 1,000+ Bibles across every Australian university.
Sia - your LAWS70082 tutor, unlimited, worked the way the exam marks it
The full 4-page Bible + practice bank with worked solutions
Chrome extension - sync your LMS so Sia knows your deadlines
Bilingual EN / Chinese on every Bible and every Sia answer
$25/ month
30-day money-back · cancel in one tap · how it works
Unlock the full LAWS70082 Bible + 29 University of Melbourne subjects解锁完整 LAWS70082 Bible + University of Melbourne 29 门科目
$25/mo