What Legal Requirements do Australian Websites need to comply with?

Legal Requirements for Australian businesses & their websites.

If you own & operate a business in Australia and maintain a website, you might be required to comply with some or all of the following Australian laws. If you’re not sure - get professional legal advice (and I’ll include some tips on how to do that at the end)!

As a former lawyer, I want to reassure you that we aren’t all bad or greedy people 😅.

Getting professional & formal legal advice that is tailored to YOU and YOUR personal circumstances is an essential step for small business owners…but what do you even need advice on?! Maybe it surprises you to learn there are legal requirements for your website?

Let’s dive in.

PS: There are a few links in the post to other businesses - none of these links are affiliated or sponsored, just stuff I found helpful :)

1 / Do you need a Privacy Policy?

If your small creative businesses is registered as a sole trader, is owned and operated in Australia, and you have an annual turnover of less than $3 million, you may not need to comply with the Privacy Act 1988 (Cth), which means you might not be legally required to have a Privacy Policy.

However - even if you’re not legally be required to have one, it can still be a good idea as they can help increase trust & confidence in your business.

Your business might be required to have a Privacy Policy if it:

• generates more than $3 million in turnover annually;

• operates as a Health Service Provider, which can include:

  • allied health professionals;

  • a complementary medicine therapist (such as acupuncture, aromatherapy, Chinese medicine, chiropractic, herbs, naturopathy, massage and many more);

  • a general practitioner or a medical practitioner;

  • an online health service (such as counselling, advice, medicines), a telehealth business or a health mail order business;

  • facilities such as pathology labs, IVF clinic, aged care, hospitals, blood & tissue banks;

  • dentists & pharmacists;

  • a health service provided in the non-government sector (such as a phone counselling service or drug and alcohol service);

  • a disability service provider (where they handle health information);

  • a gym or weight loss clinic;

  • a private school or a childcare centre.

• Businesses that provides services as part of a commonwealth contract;

• Business that sells or purchases personal information.

STILL Not sure if the privacy act applies to your small business?

The Office of the Australian Information Commissioner (OAIC) has put together a helpful and thorough checklist you can walk through to help you determine if your business is required to comply with the Privacy Act.

What should go in a Privacy Policy?

If you’re required to have a Privacy Policy it must include things like:

• who owns & manages the website;

• how the website owner will collect personal information from a user;

• how the website owner will store & use that personal information;

• who that personal information might be disclosed to';

• how a user can access and correct their personal information;

• how complaints about breaches of privacy will be handled.

Your Privacy Policy must be clear, concise and easily accessible on your website.

Where can you get a Privacy Policy from?

Here are some good resources you can look at:

• TermsFeed.com - you can customise it to apply with Australian laws, and you can generate a basic Privacy Policy for free;

• GetTerms.io has a template you can purchase.

• Business Victoria has a free Privacy Policy template you can find here.

Not Affiliated or Sponsored and I can’t guarantee the contents of these templates :)

2 / Do Australian businesses need to comply with the GDPR?

You might have seen these letters “GDPR” floating around the internet, and maybe you’ve heard that it’s a European privacy law - but did you know that it can also apply to your Australian business?

The GDPR stands for “General Data Protection Regulation” and is a set of regulations about privacy and data protection (similar to our Australian Privacy Act 1988) developed by the European Union (EU).

However - it doesn’t only apply to businesses operating within the EU. It actually applies to any business, worldwide, that collects the personal information and/or data of individuals residing within the European Union.

Here are a few examples of when the GDPR might apply to your small business:

• if you conduct business online, or offer goods or services that can/could be purchased by EU citizens - this is especially relevant for digital goods which could be purchased by anyone in the world;

• you collect cookies (using something like Facebook Pixel or Google Analytics) - people from all across the world could access your website;

• if you collect subscribers / ask people to sign up to your newsletter from anywhere in the world.

This is pretty broad, and even the smallest business might need to comply with the GDPR.

For a simple explanation and examples on the differences between Australia’s privacy laws and the GDPR, I found this article from OpenLegal helpful.

Making sure your business is compliant with the GDPR doesn’t stop at your Privacy Policy, there are a few extra steps you need to take. Shalini from Love Your Legals has put together an incredibly helpful GDPR compliance checklist you can download here.

Where can you get a GDPR compliant Privacy Policy from?

You can purchase GDPR compliant Privacy Policies from places such as LoveYourLegals.com.au or TermsFeed.com or GetTerms.io.

3 / Australian Spam Laws

Australian businesses must comply with the Spam Act 2003 and the Spam Regulations.

If you plan to send marketing emails, text messages, you must get consent (express or implied) and make sure that every single one of your marketing correspondence follows a few simple rules.

Getting Consent

The Spam Act allows you collect consent on an express of implied basis (but express consent is best).

If you want to send electronic direct mail (EDMs aka you want to engage in email marketing) the Spam Act requires you to obtain express consent. This can be given by:

• people ticking a box next to a specific statement such as “I consent to being contacted with information from time to time”;

• people entering their email address into something like a “Subscribe to our newsletter” form.

Implied consent is not as reliable, but you can infer that someone has consented to receiving marketing messages from you if you can prove that person has an ongoing relationship with your business and the marketing is directly related to that relationship - such as a bank marketing a different type of savings account with a higher interest rate.

A person does not give implied/inferred consent just because they bought something from your business.

If you collect personal information (such as email addresses) from people as part of the sales process, this authorises you to contact them with information about their order. It does not give you permission to start emailing them in the future with promotions or other offers, unless your sales process includes an opt-in button where people can expressly consent to their email address being used by your business for those purposes.

Rules for your Marketing Correspondence

Once you’ve received consent, you must make sure that every message you send out complies with the following:

• it identifies you as the sender;

• contains your contact details;

• makes it easy to unsubscribe.

4 / Australian Consumer Laws

The Australian Consumer Law (“ACL”) is designed to protect the rights and interests of consumers when purchasing goods and services, from things like:

• Misleading and deceptive conduct;

• Goods having safety defects;

• Unfair contract terms.

It’s regulated by the Australian Competition and Consumer Commission (ACCC) and applies to all Australian businesses, irrespective of size or industry.

It covers a lot of things, such as when you are and aren’t obligated to provide refunds, what you can and can’t contract out of, what kind of behaviour you can and can’t engage in etc.

Because it’s such a lengthy topic, this post won’t cover the specifics (except for the one below about Terms and Conditions) but this article from business.gov.au is a great starting point if you’d like to learn the basics.

5 / Do you need a Terms & Conditions Policy?

The ACL (Australian Consumer Law) requires businesses in Australia to provide certain information to your customers. If your business is classified as “e-commerce” meaning you sell products/services online, you are required by the ACL to have a Terms and Conditions policy, available on your website.

Your website Terms & Conditions are basically a contract between you and people who access your website, that is meant to protect you both. It’s meant to reassure your customers that you will comply with the ACL, any specific (and lawful) amendments to ACL terms.

You T&Cs should also protect you, and cover various topics such as:

• when refunds are (and aren’t) available;

• what happens if goods are damaged during delivery;

• what warranties might apply to your goods/services;

• having indemnity and limitation of liability clauses that essentially limit and reduce your risk of legal exposure;

• stating that your Intellectual Property is protected under relevant laws;

• dispute resolution process and what jurisdiction of the laws that governs disputes (eg, if you’re a Victorian business you can specify that Victorian laws apply, which means if your customer is location in Queensland, they have to pursue any legal action in Victoria).

Where can you get a Terms & Conditions policy from?

There are heaps of free templates available from a quick internet search, but if you’ve got no legal background - how do you know if it’s actually protecting you?

You can hire a lawyer to draft a comprehensive and very personalised Terms & Conditions policy for you, but this might be out of your budget for the general solopreneur or small business owner.

I have previously used TermsFeed.com to purchase my Terms & Conditions policies and generally find them to be pretty good & affordable, but because it’s just an online wizard generator where you have to select what terms & clauses you need, there’s still the chance you might miss something important.

For something a bit more comprehensive, you could check out these Terms & Conditions offered by LoveYourLegals.com.au.

What if I don’t have a T&C policy?

The ACCC regularly reviews websites and it can & does impose fines on businesses whose T&Cs are not compliant with the ACL.

Having a Terms & Conditions policy on your website can also help improve your SEO 😉.

Can I copy + paste your Terms & Conditions policy?

If your budget is really tight, it might be tempting to copy someone else’s Terms & Conditions policy and just replace it with your own contact details. However, this is actually illegal as you’re breaching the Intellectual Property rights of another business or company. Because T&Cs can be really detailed and include lots of things, how would you know that the T&Cs your copying are actually relevant to your business and will protect you and your consumers?

The ACCC also has the ability to fine businesses who post duplicate information especially if you’ve got a lot of stuff in your T&Cs which isn’t relevant to your business.

The next best option is to purchase a template written by an Australian solicitor, however the only way to guarantee your T&Cs are correct is to have them personally written and/or have your template looked over by a solicitor in your relevant jurisdiction.

6 / Finding a lawyer.

Sometimes knowing what to Google can be the hardest part, but a combo of “Your Location + Small Business Lawyer” should get you off to a good start.

Do you need to see a big, fancy, expensive city lawyer? No. Small firms are just as great.

When you call to book an appointment, simply ask the receptionist if they have any lawyers who can give you some advice about your small business, and help them with drafting a contract (if you need one) and other related documents.

As for how much it costs, that’s variable and will depend on your solicitor’s rates. Most solicitors charge an hourly rate of $330-$550+ but for short term jobs such as drafting a contract, many solicitors will be able to give you a lump sum quote/estimate. Before they start any work they are also legally required to give you a quote and a document called a Costs Agreement, which should clearly state all the relevant information about the estimated costs.

If you live in Victoria, the Legal Institute of Victoria has a free referral service to a large number of law firms in Victoria (for any kind of legal issue). This referral service gives you a free 30 minute consultation with a lawyer to discuss your needs, which gives you a great opportunity to find a lawyer, ask them some general questions and find out how much it would cost for them to draft your T&Cs or read your template and give you some personalised advice about whether the template covers your specific business. Just select the “Consumer Law” category and you should be able to find someone who can help you.

You could look into some online legal companies such as LawBase or SprintLaw but I have never used them and cannot personally vouch for them.

Did you find this helpful?

If you found this helpful, I’d love to hear from you as this inspires me to keep creating and sharing content like this with you.

You would also be helping me reach more people by sharing this image on social media, and with your friends.

Elle ⚡

|| DISCLAIMER ||

Before relying on the information on this website, seek independent advice from a qualified lawyer or accountant. The information contained in this website is general information only and is provided purely for your convenience. The information has been provided without taking into consideration the personal circumstances of any user, and the information is not to substitute professional advice. Any reliance you place on such information is therefore strictly at your own risk.