Rules Mate

APP 3 collection of sensitive information

APP 3 bars collecting sensitive information — health, race, religion, sexual orientation and more — without consent. What counts as sensitive, the exceptions and penalties.

criticalcurrentongoing

Who must comply

All APP entities collecting sensitive information.

What triggers it

Collecting sensitive information.

When due

At each collection event.

Evidence required

Consent records; necessity assessment; collection notice.

Max penalty

Same penalty regime; class action exposure for biometric misuse (Clearview AI, 7-Eleven, Bunnings precedents)

Summary

APP 3 restricts collection of sensitive information (health, religious beliefs, racial/ethnic origin, political opinions, criminal record, biometric data + similar) to circumstances where the individual consents + collection is reasonably necessary, or specified exceptions apply.

Enforced by

Source legislation

Topics

privacyappsensitive-information

Related obligations

Frequently asked questions

Who must comply with APP 3 collection of sensitive information?
All APP entities collecting sensitive information.
What triggers APP 3 collection of sensitive information?
Collecting sensitive information.
When is APP 3 collection of sensitive information due?
At each collection event.
What is the maximum penalty for APP 3 collection of sensitive information?
Same penalty regime; class action exposure for biometric misuse (Clearview AI, 7-Eleven, Bunnings precedents)
What evidence is required for APP 3 collection of sensitive information?
Consent records; necessity assessment; collection notice.

Source: https://oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-guidelines/chapter-3-app-3-collection-of-solicited-personal-information. Rules Mate is not a law firm. Always verify against the live regulator source before acting.