Compliance for E-commerce & online retail
Online retailers and marketplaces. Captured by ACL, Privacy Act, and unfair contract terms regime.
Published obligations that apply to e-commerce & online retail (7)
- criticalCWLTHNotifiable Data Breach (NDB) scheme
Under the NDB scheme, APP entities must notify the OAIC and affected individuals of an eligible data breach likely to cause serious harm — assessed within 30 days.
- highCWLTHPublish a Privacy Policy compliant with APP 1
Every APP entity needs a clearly-expressed Privacy Policy covering APP 1.4 requirements.
- highCWLTHAvoid unfair contract terms in standard form consumer & small business contracts
From November 2023, unfair contract terms carry pecuniary penalties — up to $100M per term (from 28 March 2026).
- highCWLTHHonour consumer guarantees under the Australian Consumer Law
Goods and services supplied to consumers come with automatic statutory guarantees that cannot be excluded.
- highCWLTHNotify ACCC of a voluntary recall within 2 days
Suppliers must notify the ACCC within 2 days of initiating a voluntary consumer product recall.
- highCWLTHComply with the Spam Act 2003 (consent, identify, unsubscribe)
All commercial electronic messages must have consent, identify the sender, and offer a working unsubscribe.
- highCWLTHWash outbound marketing lists against the Do Not Call Register
Lists must be washed within 30 days of the call/SMS unless valid consent.