APP 3 — collection of sensitive information requires consent
Health, religion, race, sexual orientation + similar 'sensitive' info requires consent before collection.
Who must comply
All APP entities collecting sensitive information.
What triggers it
Collecting sensitive information.
When due
At each collection event.
Evidence required
Consent records; necessity assessment; collection notice.
Max penalty
Same penalty regime; class action exposure for biometric misuse (Clearview AI, 7-Eleven, Bunnings precedents)
Summary
APP 3 restricts collection of sensitive information (health, religious beliefs, racial/ethnic origin, political opinions, criminal record, biometric data + similar) to circumstances where the individual consents + collection is reasonably necessary, or specified exceptions apply.
Enforced by
Source legislation
Topics
Source: https://oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-guidelines/chapter-3-app-3-collection-of-solicited-personal-information. Rules Mate is not a law firm. Always verify against the live regulator source before acting.