artificial intelligence law

New OAIC guidance on Artificial Intelligence

by

reviewed by

Malcolm Burrows

On 21 October 2024, the Office of the Australian Information Commissioner (OAIC) published two (2) new guides on artificial intelligence (AI), purportedly in effort to make privacy compliance easier for business.[1]

What does the OAIC AI guidance provide?

The first guide is claimed to ‘make it easier for businesses to comply with their privacy obligations when using commercially available AI products and help them select an appropriate product‘.

The second guide claims to provide ‘guidance to developers using personal information to train generative AI models‘.  Both guides include checklists for readers, and together they aim to provide comprehensive coverage of the entire AI process, from development in the second guide to deployment in the first guide.[2]

2024-11-04-ai-development-to-deployment

Image Source: Department of Industry, Science and Resources, Safe and responsible AI in Australia: Proposals paper for introducing mandatory guardrails for AI in high-risk settings, September 2024.

Guidance on privacy and the use of commercially available AI products

The first guide claims to set itself apart from the main regulatory legislation for privacy, that being the Privacy Act 1988 (Cth), by instead of targeting all uses of AI which involve the handling of personal information as the Privacy Act does, the guide focuses particularly on the use of generative AI tools and general-purpose AI tools.

The key points from the first guide state:

  • “Privacy obligations will apply to any personal information input into an AI system, as well as the output data generated by AI (where it contains personal information);
  • businesses should update their privacy policies and notifications with clear and transparent information about their use of AI;
  • if AI systems are used to generate or infer personal information, including images, this is a collection of personal information and must comply with APP 3;
  • if personal information is being input into an AI system, APP 6 requires entities to only use or disclose the information for the primary purpose for which it was collected; and
  • as a matter of best practice, the OAIC recommends that organisations do not enter personal information, and particularly sensitive information, into publicly available generative AI tools.”

The checklists provided by the first guide include a:

Guidance on privacy and developing and training generative AI models

The second guide aims to assist in compliance with the Privacy Act, along with assisting Australian Privacy Principle (APP) entities in complying with specifically with APPs 1, 3, 5, 6 and 10.

The key points of the second guide state that:

  • “Developers must take reasonable steps to ensure accuracy in generative AI models;
  • just because data is publicly available or otherwise accessible does not mean it can legally be used to train or fine-tune generative AI models or systems;
  • developers must take particular care with sensitive information, which generally requires consent to be collected;
  • where developers are seeking to use personal information that they already hold for the purpose of training an AI model, and this was not a primary purpose of collection, they need to carefully consider their privacy obligations; and
  • where a developer cannot clearly establish that a secondary use for an AI-related purpose was within reasonable expectations and related to a primary purpose, to avoid regulatory risk they should seek consent for that use and/or offer individuals a meaningful and informed ability to opt-out of such a use.”

The second guide provides a checklist for privacy considerations when training AI models.[4]

Conclusion

In conclusion, the new guidance from the OAIC can be used as a resource to assist businesses and developers navigating privacy compliance in artificial intelligence.  By providing practical checklists for selecting AI products and training generative AI models, these guides can help organisations meet their obligations under the Privacy Act.  Emphasising responsible use and transparency, the OAIC’s recommendations aim to foster trust and accountability as AI technology continues to evolve.

Links and further references

Legislation

Privacy Act 1988 (Cth)

Further information about artificial intelligence

If you need advice on the existing guidance about artificial intelligence, contact us for a confidential and obligation-free and discussion:

[1] OAIC (21 Oct 2024) New AI guidance makes privacy compliance easier for business, https://www.oaic.gov.au/news/media-centre/new-ai-guidance-makes-privacy-compliance-easier-for-business.
[2] Ibid.
[3] OAIC (21 Oct 2024) Guidance on privacy and the use of commercially available ai products, https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/guidance-on-privacy-and-the-use-of-commercially-available-ai-products.

[4] OAIC (21 Oct 2024) Guidance on privacy and developing and training generative ai models, https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/guidance-on-privacy-and-developing-and-training-generative-ai-models.


Related insights about artificial intelligence

  • NSW announces proposed criminalisation of AI deepfakes

    NSW announces proposed criminalisation of AI deepfakes

    In response to an April 2025 NSW parliamentary report which identified gaps in the State’s Crimes Act 1900 (NSW) (NSW Crimes Act), the Minns Labour Government have announced their intention to criminalise the creation and distribution of sexually explicit deepfakes and intimate images.

    Read more …

  • Minister rules out copyright exemptions for AI

    Minister rules out copyright exemptions for AI

    On 6 August 2025, during an interview on ABC News Breakfast, the Minister for Industry, Mr Tim Ayres, addressed the Federal Government’s position on the regulation of artificial intelligence (AI) in Australia.  At approximately four (4) minutes and fifty-three (53) seconds into the segment, the Minister confirmed that there are “no plans to make changes”…

    Read more …

  • Malcolm Burrows on ABC’s “Legal Eagles” segment – artificial intelligence law

    Malcolm Burrows on ABC’s “Legal Eagles” segment – artificial intelligence law

    On 30 July 2025, Malcolm Burrows appeared live on Katherine Feeney’s ABC Radio program, “Legal Eagles” as the Technology and Intellectual Property Lawyer to discuss legal issues associated with the adoption of artificial intelligence.

    Read more …

  • Risks when implementing retrieval-augmented generation systems

    Risks when implementing retrieval-augmented generation systems

    Retrieval-augmented generation (RAG) is an artificial intelligence (AI) system architecture that combines large language models (LLMs), such as GPT-4, with external data retrieval processes.

    Read more …

  • Canva – who owns the artwork created by users?

    Canva – who owns the artwork created by users?

    The general rule about ownership of copyright in a literary or artistic work is that copyright vests in the ‘original author’, as per section 35(2) of the Copyright Act 1968 (Cth) (Copyright Act).  From there, ownership depends on whether or not the original author is doing the work within the scope of their employment, in…

    Read more …

  • New OAIC guidance on Artificial Intelligence

    New OAIC guidance on Artificial Intelligence

    On 21 October 2024, the Office of the Australian Information Commissioner (OAIC) published two (2) new guides on artificial intelligence (AI), purportedly in effort to make privacy compliance easier for business.

    Read more …

  • Artificial Intelligence defined – why no uniform approach?

    Artificial Intelligence defined – why no uniform approach?

    Artificial Intelligence (AI) is commonly thought of as the capacity of computer systems to execute tasks that usually need human intelligence, such as learning, reasoning, and making decisions.[1]  It covers a range of specialised fields, each focusing on different functions.  For example, machine learning allows computers to learn from data, computer vision enables them to…

    Read more …

  • Updated USPTO guidelines on AI assisted inventions

    Updated USPTO guidelines on AI assisted inventions

    In response to the Biden administration’s Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence on 30 October 2023, which outlined policies and principles to promote responsible Artificial Intelligence innovation and competition, the United States Patent and Trademark Office (USPTO) issued inventorship guidance for artificial intelligence (AI) assisted inventions.  These…

    Read more …

  • Australian Court: AI can’t be “inventor” in Australian patent

    Australian Court: AI can’t be “inventor” in Australian patent

    The Federal Court of Australia has made a groundbreaking ruling on the patentability of works created by Artificial Intelligence. Explore the implications of this decision and what it could mean for the future of patent law.

    Read more …

Send this to a friend