OAIC Updates Privacy Guidance on Personal Information Collection
Released on 13 May 2026, the updated guidance includes new examples and practical advice relating to artificial intelligence, facial recognition technology, tracking pixels, data scraping and data broking practices.
A major focus of the update is data minimisation, reinforcing that organisations and agencies should only collect personal information that is reasonably necessary for their functions and activities. The OAIC emphasises that over-collection increases privacy, security and data breach risks.
The guidance also expands on:
- Fair and lawful collection practices
- Collection of sensitive information and consent requirements
- Risks associated with automated collection technologies
- Use of third parties and offshore data handling arrangements
- Reasonable expectations around the collection and use of personal information
Importantly, the OAIC notes that publicly available information online is not automatically free to collect and use without regard to privacy obligations or community expectations.
For records and information management professionals, the updated guidance highlights the growing importance of privacy-by-design, proportional data collection, transparency and strong governance controls in increasingly AI-driven and data-intensive environments.