MOU between the Office of the Australian Information Commissioner and the eSafety Commissioner in relation to co-operation and information sharing

Parties

1 The relevant parties to this agreement are:

• Information Commissioner as represented by the Office of the Australian Information Commissioner (OAIC)
• eSafety Commissioner as represented by the Office of the eSafety Commissioner (eSafety).

Purpose

2 This Memorandum of Understanding (MOU) states the mutual understanding of, and principles that underpin, the working relationship between the parties.

3 The MOU is to:

• guide and facilitate the parties’ collaboration, cooperation and mutual assistance in the performance of their respective statutory functions; and
• provide transparency about the parties’ efforts to coordinate activities and minimise duplication.

4 Both parties recognise the need for, and will use best efforts to give effect to, the purposes through collaboration and cooperation in the course of discharging their respective statutory functions and objectives. In doing so, the parties commit to act in accordance with their legal obligations.

Scope

5 The MOU is not intended to create binding legal, financial or other resource obligations on either party.

6 The MOU is not intended to be exhaustive in the subject matters within its scope. The parties may enter into any other arrangements for cooperation and collaboration to the full extent permitted by the law.

7 The parties recognise that each party has its own legislative obligations and tools which will guide the manner in which their regulatory functions can be performed.

Liaison

8 The agencies will hold at least one organisation head level meeting each annual year for the purposes of reviewing the operation of this MOU.

9 The parties will designate liaison contact officers to facilitate communication and exchange of information between the parties. However, this is not intended to prevent communication occurring between the parties as the need arises through other staff members. Each party may change its liaison contact officers at its discretion and will advise the other party before, or as soon as practicable after, any change. The liaison contact officers at the time of signing the MOU are listed at Appendix A.

10 The parties will establish direct lines of communication through liaison contact officers who will communicate regularly for the purposes of this MOU.

11 The parties will liaise to progress matters as relevant to each party’s regulatory responsibilities, to improve the efficiency and effectiveness of information sharing allowed by law, and to identify and discuss opportunities for joint educational, compliance, enforcement, and/or training activities as relevant to each party’s regulatory responsibilities.

12 The parties agree that, where timing and resources allow, they will use reasonable and best endeavours as mutually appropriate to consult with each other on publication of policy guidance and any other related materials.

Confidentiality and security of information

13 Both parties will ensure that requests for exchange, and the provision, of information between them accord with the exercise of their respective powers and functions including compliance with:

• the authorised disclosure provisions under their respective enabling legislation; and
• other applicable laws including the Privacy Act 1988 and the Australian Information Commissioner Act 2010.

14 Both agencies acknowledge that there may be instances when information cannot be exchanged for operational reasons or due to applicable laws, confidentiality, secrecy and/or non-disclosure obligations.

15 Both agencies recognise that Division 3, Part 4 of the Privacy Act 1988contains key provisions relevant to reporting and information sharing by the Information Commissioner.

16 Similarly, both agencies recognises that Part 15 of the Online Safety Act 2021contains key provisions relevant to information sharing by the eSafety Commissioner.

17 At the time of disclosure, the party providing the information will specify to the recipient party under which provision of the relevant legislation they are sharing the information and any relevant constraints or handling requirements.

18 The recipient party will take all reasonable measures to protect the information received under this MOU from unauthorised access, use or disclosure. It will keep the information secure and confidential in accordance with all applicable statutory obligations on either party or both parties.

19 Noting section 33A(5) of the Privacy Act 1988, if the recipient party intends to disclose information received from the providing party to any third-party government agency, it will give the providing party an opportunity to provide its views on the proposed disclosure:

• in its initial request to the providing party for the information, where practicable; and
• prior to any such disclosure.

20 If information provided under this MOU becomes the subject of a subpoena, freedom of information request, or similar legal process requiring disclosure of information, the recipient party will notify the providing party as soon as reasonably practicable to enable the providing party to advise on any intended action, including third party consultation, relating to the release, disclosure, publication or production of such information.

21 If information provided under this MOU becomes the subject of any inadvertent or unauthorised disclosure, the recipient party will, as soon as reasonably practicable, notify the providing party of the details of the disclosure, in addition to any legal obligations the recipient party may have in relation to the matter.

Areas of collaboration

22 The areas of collaboration and information exchange under this MOU include, but are not limited to, mutual assistance, joint regulatory action (where mutually appropriate) and/or exchange of information concerning:

• eSafety’s powers and functions in relation to the Online Safety Act 2021, as well as associated regulations, standards and codes of practice.
• OAIC’s powers and functions under the Australian Information Commissioner Act 2010, and (relevantly) the Privacy Act 1988, and monitoring compliance with Part 4A of the Online Safety Act 2021, as well as other related legislation, regulations and guidelines.

23 Subject to any legal constraints, collaboration and information exchange between the parties will be prioritised where:

• a party is exercising a power or function which permits or compels referral or monitoring of a matter by the other party;
• a party has information or intelligence that indicates potential serious or systemic non-compliance with the regulatory requirements relating to the functions of either or both parties;
• any other matters identified for priority attention from time-to-time and agreed by the parties.

Referrals and information sharing about complaints

24 There may be instances where one party receives complaints, reports, enquiries or notifications that are best dealt with by the other agency, or another party with legal or administrative responsibility over the matter. In these circumstances, where appropriate to do so and in accordance with legal obligations, the parties will share information about the matter and enable the transfer of a matter, subject to clause 25.

25 Where a matter concerns a complaint received from a member of the public by a party, the party will give consideration to whether it is appropriate to obtain the consent of the complainant before sharing information, unless disclosure is legally required.

Commencement, review and termination

26 The MOU will take effect when signed by organisation heads, on the date it is signed by the party last to sign (Effective Date).

27 The MOU will be reviewed annually consistent with clause 8. Either party may in writing to the other request a variation of the MOU at any time. A variation is made when agreed in writing by both parties. All variations will be recorded in the change register at Schedule A.

28 If there is a disagreement over any matter within the scope of this MOU, the parties will seek to resolve it at the liaison contact officer level. If this is not possible, each liaison contact officer will discuss the matter together with their direct managers, with a view to resolution. As a last resort, any disagreement or matter will be referred to organisation heads for resolution.

29 A party may terminate this MOU by its organisation head giving 30 days written notice to the other organisation head. The termination will take effect at the end of the 30-day period unless otherwise arranged by the parties.

30 The MOU will remain in force unless terminated under clause 29, or if circumstances arise so as to require the execution of a new MoU.

Signatures

Signed by organisation head, eSafety Commissioner:
Name: Julie Inman Grant

Date: February 4, 2026

Signed by organisation head, Office of the Australian Information Commissioner:
Name: Elizabeth Tydd

Date: 30 January, 2026

Appendix A

The following liaison contact officers are the first point of contact for consultation and information sharing between eSafety and the OAIC in relation to this MoU: