Privacy policy AI disclosure Australia December 2026 laptop
AI · Australia · automated decisions · Privacy Act · Privacy Policy · Small Businesses ·

Does Your Privacy Policy Mention AI? New Rules Land December 2026

Your privacy policy has sat untouched since the day you launched. It does its job, it's on your site, and you haven't thought about it since. Totally normal. 

Here's why it's worth a look now. From 10 December 2026, Australian rules change, and some businesses will need their privacy policy to spell out how they use AI. If you've started leaning on AI, that policy gathering dust could soon be out of date. Let's get you ahead of it. 

Table of Contents 

What Is Changing on 10 December 2026 

As part of Australia's privacy reforms, new automated decision-making rules are being added to APP 1, the first of the Australian Privacy Principles. They sit in clauses 1.7 to 1.9, and they all take effect on 10 December 2026. 

Here's the gist. The rules apply if you've set up a computer program to make, or to substantially help make, a decision that could significantly affect someone, using their personal information. That's exactly why transparent rules are needed. The whole point is transparency. People have a right to know when a machine is shaping decisions about them. 

If that's you, clause 1.8 sets out what your privacy policy has to spell out: the kinds of personal information the program uses, and the kinds of decisions it makes or helps make. Clause 1.9 makes the net wide. A decision counts whether it helps or hurts the person, and it covers everyday things like their contract rights or their access to a service. 

The detail will keep developing, and the OAIC is the place to watch for guidance. The direction, though, is locked in. AI use is moving from invisible to disclosed. 

What Privacy Policy AI Disclosure in Australia Actually Means 

Disclosure sounds technical. It's actually simple. It means being upfront, in writing, about how AI fits into the way you handle people's information and decisions. 

For most small businesses, the AI you use won't fall into the high-stakes automated-decision category the new rule targets. But the smart response isn't to wait and find out the hard way. It's to make sure your privacy policy honestly reflects how you collect, use, and process personal information, including with AI tools. A policy that tells the truth about your data practices is the goal, regardless of which exact rule applies. 

And transparency isn't just compliance. It's trust. Customers are increasingly wary of how their data is used. A clear policy turns that worry into confidence. 

Does This Apply to Your Business? 

The honest answer is that it depends on what you do and how you use AI. The new APP 1.7 requirement targets significant automated decisions, which many small businesses won't be making. 

But two things make this relevant to almost everyone. First, the broader privacy reforms are tightening obligations across the board, and the Government plans to remove the small business exemption many rely on. Second, if you use AI with personal information at all, your privacy policy should already reflect that, because being accurate about your data practices is a core privacy obligation, not a new one. We cover the bigger picture in our guide on AI and Australian privacy law. 

So the practical takeaway is the same whether the new rule technically captures you or not. Your privacy policy needs to be current and honest about AI. 

Why a Copied Privacy Policy Will Not Save You 

It's tempting to grab a privacy policy from another website and swap in your business name. Quick, free, done. It's also one of the riskiest shortcuts you can take. 

A copied policy describes someone else's data practices, not yours. It won't mention your AI tools, your data flows, or your particular obligations. If it says you do things you don't, or skips things you do, it can mislead your customers and leave you exposed. An inaccurate privacy policy can be worse than having none, because it makes promises you're quietly breaking. 

Add the 2026 changes and the copy-paste approach looks even shakier. A generic policy from two years ago won't reflect rules that didn't exist when it was written. 

How to Future-Proof Your Privacy Policy Now 

  • Map your AI use. Write down which tools touch personal information and how. 

  • Use a current, Australian-specific policy built around the Privacy Act, not an overseas template. 

  • Be honest about data practices, including collection, storage, and any AI processing. 

  • Review it yearly, and after any new tool or process. Set a reminder. 

  • Watch the OAIC for guidance as the December 2026 rules take shape. 

FAQ 

Do I have to mention AI in my privacy policy? 

From 10 December 2026, some businesses will need to disclose AI use in significant automated decisions. Even if that exact rule doesn't capture you, your policy should accurately reflect any AI that touches personal information. 

When do the new privacy rules start? 

The APP 1.7 to 1.9 disclosure requirements take effect on 10 December 2026, as part of Australia's wider privacy reforms. 

Can I just update my existing policy myself? 

You can, if it's accurate and built for Australian law. The safest path is a current, professionally drafted policy you can tailor to your business. 


Update the Document Before the Deadline Does It for You 

Privacy policies aren't set-and-forget anymore. The rules are moving, AI is everywhere, and your customers are paying attention. A policy that's accurate today and ready for December 2026 is a small job that saves a big headache. 

The Foundd Legal Privacy Policy is drafted for Australian law and built to reflect how modern businesses actually use data. Tailor it to your business once, and keep it current. Or purchase the full Website Kit and your terms and disclaimer are sorted too. 

The Cost of Waiting Until December 2026 

It's tempting to file this under later. The deadline is months away, and your policy still loads on your site. Why rush? 

Because the cost of waiting isn't the deadline. It's everything that happens before it. Every month your policy is inaccurate is a month your customers are told something untrue about how you handle their data. If a complaint or a breach lands in that window, a stale policy makes it worse, not better. The deadline is just the day the law catches up to a problem you already have. 

Getting ahead is the cheap option. A current, accurate policy costs you a small job today and removes a looming one later. Waiting only works until the day it very much doesn't. 

Shop Our Templates Here


About the Author

Riz

Riz is the Founder & Director of Foundd Legal, a lawyer with 20+ years' experience and a long history of building online and ecommerce businesses. 

She helps creatives and online business owners protect and grow their businesses with clear, practical legal tools that actually make sense. 

LEARN MORE ABOUT RIZ

SIGN UP TO OUR FREE BUSINESS CHECKLIST

Disclaimer 

We do our best to keep this content accurate and up to date, but laws change, interpretations evolve, and the internet isn't perfect. Occasionally, information may be outdated or contain errors. 

This content is for general information only and isn't legal advice. If you choose to rely on it, you do so at your own discretion. For advice specific to your business, you'll need support tailored to your situation. 

All rights reserved. © Foundd Legal Pty Ltd

Back to Legal Resources blog

You may also like

View all
Privacy policy AI disclosure Australia December 2026 laptop
Does Your Privacy Policy Mention AI? New Rules Land December 2026
Australian creative business owner reviewing legal documents before EOFY
What every creative business owner should review before 30 June
AI privacy law Australia small business laptop privacy policy
Using AI in Your Small Business? What Australian Privacy Law Actually Says
AI design copyright infringement Australia designer comparing images
Could Your AI-Generated Design Be Copying Someone Else?
AI logo trade mark Australia founder branding studio
A Logo Made by AI Could Put Your Trade Mark at Risk
AI clause freelance contract Australia laptop desk
Using AI to Make Client Work? Your Contract Needs an AI Clause
Page Bg

Explore our legally legit templates!

Page Bg
Shop all templates