Navigating Australia’s Privacy Principles in Digital Marketing

With an increasing focus on data privacy across all industries, it’s natural to worry whether your Google, Meta and LinkedIn tracking tools are at risk of breaching privacy laws. 

Consumers (rightfully) want to know how their personal data is being obtained, used, and stored. 

As a result, Australia has adjusted data privacy requirements, and it’s important that businesses comply. 

Tracking tools such as Google Analytics, Meta Pixel, and LinkedIn Insight Tag are compliant with Australian privacy principles.

The key is just to use them correctly. 

And we’re going to show you how to make sure you do. 

Australia’s Privacy Act and APPs

The Privacy Act 1988 was introduced in Australia to promote and protect individual privacy and regulate how organisations handle that personal information. 

The Privacy Act includes 13 Australian Privacy Principles (APPs) that apply to some private sector organisations and government agencies.  

The 3 core elements of the APPs are:

• Regulating the collection, use, and disclosure of personal information
• Ensuring data integrity and security
• Providing individuals with access to their own personal information

The APPs are specifically targeted at businesses with over $ 3 million in annual turnover and those who handle personal information.

The most relevant APPs in digital marketing are:

• APP 1: Open and Transparent Management of Personal Information
• APP 3: Collection of Solicited Personal Information
• APP 5: Notification of the Collection of Personal Information
• APP 6: Use or Disclosure of Personal Information
• APP 7: Direct Marketing

If your business uses tracking technologies or pixels or shares data with third-party platforms, then these principles apply to your business. 

What Are Tracking Pixels and Why Do They Matter?

Tracking pixels are small, invisible images or code snippets embedded into websites, online content, or emails that gather user behaviour information.

As stated by the Office of the Australian Information Commissioner (OAIC), this information includes:

• Form inputs such as name, address, date of birth, email address and phone number
• Transaction data, such as items viewed and cart additions
• Network information (such as IP address) and geolocation data
• URL information
• Other activity data, such as pages visited, content viewed, and session duration.

The use of tracking pixels, when combined with other data-sharing tools, allows businesses to collect in-depth insights about their audience, as well as target them with personalised advertising based on the collected data.

It goes without saying that these pixels gather personal information, meaning their use falls under the scope of the Privacy Act.

Recent OAIC guidance states that tracking pixels key compliance issues focus on transparency of use, consent (where required), and securely storing gathered data.

Do I Need Consent to Use Tracking Tools?

While consent is sometimes required to use tracking pixels, tracking tools are somewhat of a different story. 

To answer directly: it depends. 

If your tracking tools are collecting personal information via tracking pixels or combining personal information with personal identifiers, then you will need to:

• Notify users of personal information collections
• Use collected data only for the purpose stated
• Allow users to opt out of direct marketing

These requirements align with APP 5, 6 and 7.

While consent may not always be required in data privacy and protection, transparency is.

If a user is unaware that their personal data is being collected and tracked for your business’s marketing purposes, you may find yourself in breach of the APPs.

So, how can we avoid being in breach of privacy?

We recommend:

• Having a Privacy Policy that is both clear and easily accessible (aligns with APP 1)
• Install a cookie banner or pop-up that explains tracking practices
• Allow users to manage their preferences

What Should My Privacy Policy Cover?

Your privacy policy should have clear, transparent language, be kept up to date, and outline the following:

• Types of personal information collected (including via tracking tools)
• How information is collected and how it is stored
• Why information is collected and its purpose
• Any third parties information is shared with (Google, Meta)
• How users can access or correct gathered information
• How to make a complaint

Privacy policies are a business’s last line of defence in protecting itself against breaching privacy laws and the Privacy Act.

Ensure you have a dedicated page on your website that covers all of the above to stay protected.

How Can I Manage Compliance Within My Digital Marketing Tools?

All digital marketing platforms enable you to manage privacy and data sharing settings. 

For example, Facebook lets you restrict data use for specific audiences or ad types. 

The way you configure these tools determines your compliance obligations.

If you collect anonymised, aggregated data, then you may not be collecting personal information under the Privacy Act.

However, if you are collecting personal information via identifiable data, your compliance requirements increase. 

It’s important to ensure your settings are configured correctly so that you understand your data privacy requirements.

The Short of It

To cut a long story short, using tools such as Google Analytics, Meta Pixel, and LinkedIn Insight Tag won’t put you in breach of Australian data privacy laws.

These tools are designed to abide by privacy policies, and as long as your privacy policy is transparent with users and clearly outlines the use of these tools, you will maintain compliance. 

Each tool's settings and how you’re using the data determine your compliance obligations.

By ensuring your privacy policy covers the relevant information and your tool configuration aligns with it, your business will be considered compliant.

You are responsible for your business’s compliance. 

While BFJ Digital can provide guidance and information regarding privacy policies and digital marketing tracking tools, it is up to you to implement solutions and maintain your privacy policy.

If you require any assistance or have any questions with your digital marketing tool configuration, please don’t hesitate to contact us.