Peter A Clarke

The Privacy Commissioner has released the 2026 survey into Australian Community Attitudes to Privacy. The Privacy Commissioner conducts  a survey annually.  As with previous years it reveals that Australians value their privacy and are concerned about modern practices which interfere with that privacy.  Not surprisingly the concerns are greater now than 5 years ago and the trust lower.

The Commissioners’ foreward provides:

Australians’ expectations about privacy continue to sharpen as the information ecosystem becomes more complex, data-intensive and difficult to navigate. The 2026 Australian Community Attitudes to Privacy Survey (ACAPS) points to a community that places a high value on privacy, but does not consistently experience privacy protections as workable in practice. Trust is uneven across sectors, and wariness of emerging technologies is increasing, particularly in terms of fairness, accountability and the practical ability to exercise rights. Australians want greater transparency, more proportionate collection of personal information, and a fairer go when using digital services.

The right to privacy and the right to access information are protected and promoted by the Office of the Australian Information Commissioner (OAIC). The ACAPS findings go to broader issues beyond privacy such as information access and encompass the full range of the OAIC’s regulatory 2025-26 priorities, which include a focus on rebalancing power and information asymmetries, and rights preservation in new and emerging technologies. This survey builds on the cross-jurisdictional 2025 Information Access Study, which showed Australians expect accountability, transparency, and clear access to government information – particularly where technology such as artificial intelligence (AI) is being used to support automated decisions.

Just as technology is proving to be a means to rapidly transmit information its deployment is impacting public trust. This is because data handling is arguably not keeping pace with community expectations, and hampering Australians’ engagement in the digital economy. Greater confidence in how personal information is handled would increase Australians’ willingness to use digital services or programs that require sharing personal information. Around two-thirds (68%) say they would be more likely to use such digital services if they felt their data was handled fairly and responsibly.

ACAPS shows that while 93% say protecting personal information is important to them and 87% say they are more concerned about privacy than 5 years ago, many do not feel able to act on that concern day-to-day. Consent is often experienced as a gateway: 65% say sharing information rarely or never feels like a genuine choice and 68% say the same about consent. A substantial proportion of the community (78%) report very little or no real control over how their personal information is collected and used, and 52% say they accept sharing because they might otherwise miss out on essential services or opportunities. This points to persistent power and information asymmetries not addressed by notice and consent alone.

Australians also draw clear fairness boundaries. Only 10% say organisations’ real-world data practices are usually fair, while 35% say they are mostly or always unfair. Fairness concerns appear to concentrate around disproportionate collection, limited or unrealistic opt-out, and situations where benefits are perceived to flow mainly to organisations. There is strong rejection of practices associated with data brokerage and advertising technology, alongside expectations for stronger limits on collection, retention and secondary uses. Australians feel that when an entity collects their personal information for one reason, it is often not fair or reasonable for them to use it for another reason. For example, 93% say it is not fair and reasonable for an entity to use the personal information they collected to provide a product or service to train AI models. The survey also indicates a strong boundary around using personal information to train AI systems after a service they have received has ended (71% say this is unacceptable), reinforcing the importance of purpose limitation and lifecycle controls.

Expectations are clear for new and emerging technologies. AI is a widely recognised privacy risk (69%), trust in AI companies is low (4%), and acceptance of AI uses involving personal information appears contingent on protections that make high impact uses transparent and contestable. Australians most frequently prioritise a right to human review (81%), limits on how personal information is retained by third-party providers (80%), and being told when AI is being used (79%). This underscores the importance of the forthcoming automated decision-making (ADM) transparency obligation, which will require regulated entities to disclose the use of AI and ADM in their privacy policies from December 2026.

As the government sector expands its use of technology to inform decision making and deliver services, preservation of information access rights is increasingly important.

This emphasis on transparency was mirrored in the 2025 Information Access Study that found a significant majority of Australians (86%) also agree that the government must publicly report on any technology used to inform freedom of information decision-making (including AI and automated decision-making). The OAIC’s January 2026 report into ADM highlighting transparency obligations under the FOI Act shows that much needs to be done to ensure Australians are aware of how their information is used by government agencies. As a responsive regulator, the OAIC is focused on strengthening the information governance of the Australian Public Service and ensuring timely access to government information. In providing the ADM Report and guidance to government agencies, the OAIC recognises the efficiency and productivity gains that can be delivered through technology to a community that is confident to engage with digital services and better equipped to exercise related rights, including seeking a review of a government agency decision.

ACAPS highlights the gap between formal rights and lived experience. Two in 5 Australians (40%) say they do not really know what data organisations hold about them or how to access it, and only 11% say they can easily access their data and request corrections or deletion. Even where concerns arise, action is not assured: 64% had concerns in the past year, but 52% did not raise them, often because they felt it would not make a difference (56%), would be too hard or time-consuming (51%), or they did not know how (40%). This reinforces the importance of clear, timely and accessible pathways for access and redress.

Australians demand transparency, both in understanding their privacy rights, how their information is used, and in embracing their right to access that information. Improving transparency will strengthen the community’s already active engagement with these systems and safeguard a healthy, informed and vibrant democracy.

Some of the findings are:

• 93% say protecting personal information is important to them, and 87% say they are more concerned about their privacy than they were 5 years ago
• Almost all respondents (98%) say organisations that collect, use or share personal information should be responsible for protecting privacy even if no immediate harm occurs, with 86% viewing this responsibility as very strong.
• Around two-thirds (68%) say they would be more likely to use digital services requiring personal information if they believed their data was handled fairly and responsibly
• Nearly all (96%) say some conditions should be in place before AI is used
• Around 7 in 10 Australians (71%) consider it somewhat or very uncomfortable for organisations to use personal information originally provided for a service to train AI systems after that service has been completed.
• Acceptance is lowest for automated eligibility or risk-based decisions, such as loan approvals or benefit eligibility, with only one-quarter (25%) viewing this as acceptable
• 78% report very little or no control over how their personal information is collected and used
• regarding consent, 65% say sharing information rarely or never feels like a genuine choice and 68% say the same about 52% say they accept sharing because they might otherwise miss out on essential services or opportunities
• Around 9 in 10 Australians (92%) say data collection can be acceptable under certain conditions, particularly where:
  • the purpose is clear (69%),
  • consent or opt-in is available (68%),
  • collection is limited to what is necessary (66%), and
  • the ability to opt out of non-essential collection (61%).
• 73% (vs 64% in 2023) experienced a privacy concern in the past 12 months
• The most common concerns were being unable to unsubscribe from marketing (41% vs 25% in 2023) and having information used for unsolicited direct marketing (38% vs 21% in 2023)
• Among those who experienced a concern, 70% (vs 55% in 2023) reported more scams/spam, 46% (vs 53% in 2023) reported loss of trust and 39% reported loss of control
• Around three-quarters (77%) of Australians whose data was involved in a breach experienced at least one form of harm, while exposure to scams and spam increased and was the most common impact (62% vs 52% in 2023).
• Only 10% say organisations’ real-world practices are usually fair, while 35% say they are mostly or always unfair
• Around 9 in 10 say it is not fair and reasonable to use personal information for selling/trading personal information (96% vs 87% in 2023), online tracking, profiling and targeted advertising to children (96% vs 89% in 2023) or other vulnerable individuals (95% vs 88%), unnecessary location tracking (94% vs 87%), training AI models/products (93%), significant AI-informed decision (91% vs 70%), differential pricing (91%), or targeted advertising based on sensitive data (91% vs 84% in 2023). Around 7 in 10 (71%) consider it unacceptable for organisations to use personal information provided for a service to train AI systems after the service has been completed
• Individuals view the provision of basic identifiers to access a service as reasonable, but 92% say there are some types of information organisations should never collect. Information about sexual orientation (72%) and biometrics (71%) feel excessive or unjustified in most situations, regardless of the organisation or purpose
• Trust remains highest for health service providers (74%) and government agencies (68%), but has fallen across insurance, telecommunications, technology, retail and real estate sectors since Trust is lowest for social media companies (3% vs 14% in 2023), data brokers and AI companies (4%).
• 40% do not really know what data organisations hold about them or how to access it, while 11% say they can easily access their data and request corrections or deletion
• 64% had concerns in the past year, but 52% did not raise them. Among non-complainants, 56% said it would not make a difference, 51% said it would be too hard/time-consuming, and 40% did not know how. Among those who did complain, only 9% said the issue was resolved to their satisfaction
• Confidence in privacy complaint handling varies by sector, with banks and financial institutions (46%), health services (42%) and government agencies (41%) rated highest, and very low confidence in online retailers (4%) and social media platforms (3%).
• 93% support a legal right to request deletion of personal information, and there is strong support for extending equivalent privacy obligations to currently exempt sectors
• The biggest privacy risks identified by Australians include:
  • data breaches (82%, up from 74% in 2023)
  • organisations not storing personal information securely (77%, up from 60% in 2023)
  • scammers attempting to access personal information (75%, up from 71% in 2023)
  • organisations sending information overseas (70%, up from 50% in 2023)
  • concern about AI systems using personal information (69%, up from 43% in 2023).

  Together, these findings suggest that perceived privacy risks are linked to weaknesses in organisational systems, poor information handling and security by organisations, and harmful actions by outside parties.

The Privacy Commissioner identifies her regulatory priorities as:

1. Making privacy choices fairer and easier to understand
2. Protecting privacy rights as new technologies develop
3. Improving how government manages information
4. Ensuring timely access to information and effective pathways

The conclusions the Privacy commissioner draws

For the community, the results reinforce that privacy risks are experienced as practical, everyday issues in the form of spam and scams, marketing friction, uncertainty about who holds what data, and limited ability to meaningfully opt out. The strong emphasis on control, fairness and accountability suggests Australians expect organisations to implement privacy safeguards that work in the moment decisions are made, not only through long-form policies or complex consent flows. High support for deletion and concern about secondary uses (including AI training) indicates an expectation that organisations should not repurpose personal information indefinitely or in ways that are difficult to see, contest or reverse

For industry, the findings point to a sustained ‘trust gap’ for sectors that rely heavily on data-driven business models, particularly where collection feels excessive, benefits appear one-sided, or there is no realistic alternative to participation. The results suggest that building trust is likely to depend on:

• • clearly limiting collection and retention to what is reasonably necessary and proportionate
  • constraining secondary uses (especially high-impact uses and uses involving sensitive information)
  • giving people practical choices that do not require trading away access to essential services in exchange for the secondary use or disclosures of their personal information
  • providing complaint, access and correction pathways that are easy to find, easy to access, predictable and effective.

Where AI and biometrics are used, community acceptance appears strongly conditional on transparency, contestability (including human review), and clear boundaries around training, sharing, retention and secondary use