← Back to Debrief
Industry Trends

Australia's Privacy Act Is About to Cover 100,000 More Businesses. Most of Them Are Not Ready.

Australian privacy law is catching up to the rest of the world. The businesses that prepared early will have a competitive advantage over those scrambling to comply.

Filip Ivanković··3 min read
3 min read

The Australian government has signalled that the Privacy Act's small business exemption will begin phasing out from July 2026, linked to anti-money laundering reforms. More than 100,000 businesses that were previously exempt will come under the Act's coverage.

This is one of four major privacy developments hitting Australian businesses in 2026. The others: mandatory disclosure requirements for automated decision-making systems from December 10, a Children's Online Privacy Code to be registered by December 10, and a landmark tribunal decision redefining what "collection" means for data processing.

The automated decision-making rules require any business using computer programs for decisions that significantly impact individuals to disclose what systems they deploy, what decisions those systems make and what personal information they process. If you use AI-driven lead scoring, personalised pricing or automated ad targeting, these rules apply.

The Children's Online Privacy Code applies to any digital service "likely to be accessed by children," even if designed for adults. It includes limits on direct marketing, deletion rights and age assurance requirements.

100,000+

Australian businesses will come under Privacy Act coverage for the first time when the small business exemption phases out from July 2026

Why it matters

For Australian marketers, these changes affect how you collect data, how you target audiences and how you use automation. The small business exemption removal is the broadest change. If your business has annual revenue under $3 million, you were previously exempt from most Privacy Act obligations. That exemption is ending.

The automated decision-making disclosure rules have direct implications for marketing technology. Lead scoring, dynamic pricing, programmatic ad buying, AI-powered segmentation and personalisation engines all qualify as automated decision-making systems. If your martech stack makes decisions that affect individuals, you need to disclose that.

The Children's Online Privacy Code affects any business with a website or app that children might access. That is not limited to children's brands. E-commerce sites, content publishers and social platforms all fall within scope if children are "likely" to use them.

Entities deploying tracking pixels are now responsible for how those pixels collect and share data, even when a large platform provides the code. If Meta's pixel on your site collects data in ways that breach the Privacy Act, that is your problem.

What to do about it

Audit your data collection practices now. If you are a small business, you need a privacy policy, consent mechanisms and data handling procedures before July.
Document your automated decision-making. List every system that makes decisions affecting individuals. Prepare disclosure statements for each.
Review your pixel and tracking setup. Understand what data your Meta, Google and TikTok pixels collect and where it goes.
Assess whether children could access your site. If yes, prepare for the Children's Online Privacy Code requirements.
Get legal advice early. These changes are complex and the penalties for non-compliance are significant.

Privacy compliance is no longer optional for small Australian businesses. The window to prepare is narrowing.

ShareLinkedInX

Debrief

Get the next one

No spam. No fluff. Just the next article, straight to your inbox.

Filip Ivanković
Filip IvankovićFounder, New Rebellion

10+ years leading performance marketing across agencies and in-house teams in Australia. Writes about the gap between marketing activity and commercial outcomes, and what it takes to close it.

LinkedInAll articles →

Keep reading

All articles →
Industry Trends

TikTok's Australian E-Commerce Push Is Accelerating. The Platform Wants to Be Where You Buy, Not Just Browse.

TikTok is expanding its e-commerce features in Australia with in-app checkout, live shopping and creator affiliate programs. Social commerce is not a future trend. It is here.

1 min readRead →
Industry Trends

Budget 2026 Just Landed. Here Is What Actually Matters for Australian Small Businesses.

The 2026-27 Federal Budget includes permanent $20K instant asset write-off, loss carry-back for companies under $1B revenue, R&D cap raised to $200M, and expanded venture capital incentives. The practical implications for SMEs and startups.

1 min readRead →
Industry Trends

Dentsu Has Killed Merkle in Australia and New Zealand. The Salesforce Team Is Being Sold Off.

Dentsu is retiring the Merkle brand in ANZ, folding 50 staff into the parent business and selling the 130-person Salesforce practice to US holding company Enduring Ventures. The simplification trend in agency holding companies continues.

1 min readRead →

Related industries on Atlas

Government & Public Sector Marketing
Marketing Score: 67.1

From New Rebellion

Get your scorecard
Your marketing, benchmarked against your industry.
Atlas
Benchmarks across 70+ Australian industries.
How We Score
6 dimensions. Industry-specific weights.

If this resonated

Let's talk about your marketing

30 minutes with a senior strategist. No pitch deck, no obligation. Just an honest conversation about what you need.

Get your scorecardExplore benchmarks