Today, Australians are more globally connected than ever before due to rapid advances in technology. We perform our privacy and freedom of information regulatory functions in a complex and changing domestic and global environment. Engagement with the international community is essential to ensuring that domestic frameworks are fit for purpose and align with best practice.
The global digital economy is transforming markets and government services, and increasing practices such as cross-border data sharing, tracking and profiling. The integration of digital devices into our daily life, alongside rapid advances in artificial intelligence (AI), machine learning algorithms and biometrics (including facial recognition technology, or FRT) has implications for both privacy and information access rights.
As an independent regulator, the OAIC seeks to meet the needs of the Australian community by regulating privacy and freedom of information under the Privacy Act 1988, the Freedom of Information Act 1982 and the Australian Information Commissioner Act 2010. International engagement helps us regulate effectively by keeping us informed about trends and developments in other jurisdictions. It ensures that the privacy and information access advice we provide to government is informed by knowledge of the global environment.
We engage with other privacy and information access regulators through international networks and forums to share knowledge and exchange information. We work together to find solutions to common challenges facing regulators. Through active engagement in key international networks the OAIC can influence and shape the global regulatory environment.
The OAIC’s international work complements and informs our domestic work, advances our key activities and contributes to our purpose and vision.
To protect personal information in the global digital economy, privacy and information regulators need to work together. Collaboration between global regulators promotes consistent data protection standards and the secure flow of personal information across borders.
Australia continues to lead and engage in international regulatory collaboration, particularly through our involvement in the Global Privacy Assembly (GPA) and the International Conference of Information Commissioners (ICIC). The OAIC is also a member of several other global networks.
MOUs with international data protection agencies
The OAIC has entered into MOUs with a number of overseas data protection authorities. Under these arrangements, we exchange information and best practice to enhance the protection of personal data.
The MOU between the OAIC and the ICO was one the mechanisms that facilitated the joint investigation into Clearview AI Inc. in 2020–21. The investigation examined the personal information handling practices of Clearview AI Inc., focusing on the company’s use of ‘scraped’ data and biometrics of individuals.
Global Cross-Border Privacy Rules
In August 2022, Australia joined the Global Cross-Border Privacy Rules (CBPR) System. See the Australian Government announcement.
The Global CBPR is a multilateral initiative which aims to better facilitate the flow of data across borders.
Privacy Act review
Australian individuals, government and businesses are engaging in a globalised and rapidly evolving data driven environment, while also navigating a range of regulatory compliance frameworks. Interoperability is fundamental to advancing a consistent regulatory approach, minimising compliance burden and securing Australia’s place in the digital economy.
It is important for privacy regulation to create appropriate and interoperable frameworks that enable the efficient movement of data across borders, while providing strong protections for Australians’ personal information.
The OAIC’s submissions to the Attorney-General’s Department’s Review of the Privacy Act identified global interoperability as a key element needed to support effective privacy regulation over the next decade. The OAIC recommended reforms that were informed by international policy, standards and models for data protection and privacy to ensure our laws continue to connect around the world and that Australians’ data is protected wherever it flows.
Media releases and statements
The OAIC publishes media releases to provide information about important developments in privacy and information access.
From time to time, we publish joint statements with domestic and international regulators to provide information about MOUs, joint investigations and other matters.
To find media release and statements related to the OAIC’s international work, go to Newsroom and select International.
In July 2020, the OAIC and the UK Information Commissioner’s Office (ICO) opened a joint investigation into the personal information handling practices of Clearview AI Inc., focusing on the company’s use of ‘scraped’ data and biometrics of individuals. The joint investigation considered Clearview’s compliance with the Privacy Act 1988 and the UK Data Protection Act 2018. It was conducted under the GPA’s Global Cross-border Enforcement Cooperation Arrangement and the MOU between the OAIC and the ICO.
On 14 October 2021, the Information Commissioner determined that Clearview AI breached Australians’ privacy by scraping their biometric information from the web and disclosing it through a facial recognition tool.
View OAIC determination on AustLII
Clearview subsequently appealed the Australian Information Commissioner’s decision to the Administrative Appeals Tribunal of Australia (AAT), however, the AAT rejected the appeal and found in favour of the OAIC.
See AAT decision Clearview AI Inc and Australian Information Commissioner  AATA 1069 (8 May 2023)
At the 44th Global Privacy Assembly held in Türkiye in October 2022, the OAIC and the Information Commissioner’s Office (UK) won a GPA Privacy Award in the dispute resolution and enforcement category for the joint investigation into Clearview AI.