Australian Privacy Act 1988 — How to Use It to Remove Content from Google

The Australian Privacy Act 1988 is one of the primary legal tools available to Australian individuals for addressing personal information published without consent in Google search results and on third-party websites. Most Australians are unaware of the specific rights the Privacy Act gives them in relation to online content, and most reputation management providers operating in the Australian market do not apply these rights effectively as part of their removal process. This guide covers exactly what the Privacy Act provides, how to use it for content removal in 2026, and where its limits are.

What the Privacy Act 1988 Provides for Individuals

The Privacy Act 1988 and the thirteen Australian Privacy Principles it contains regulate how Australian Government agencies and private sector organisations collect, use, store, and disclose personal information about individuals. The principles most directly relevant to online content removal are APP 10, which requires that personal information held about an individual be accurate, up-to-date, and complete, and APP 13, which gives individuals the right to request correction of personal information held about them that is inaccurate, out of date, incomplete, misleading, or not relevant.

For data broker sites and people-search platforms publishing personal information about Australian individuals — addresses, phone numbers, family member names, employment history, and background history — these principles create a legal basis for requesting that the information be corrected or deleted. An organisation that publishes personal information about an individual has obligations under the Privacy Act regardless of whether the individual consented to that publication, and failure to comply with a legitimate correction or deletion request can be reported to the Office of the Australian Information Commissioner for investigation.

When the Privacy Act Applies to Online Content

The Privacy Act applies to private sector organisations with an annual turnover of more than $3 million Australian and to smaller organisations in specific categories including those that collect sensitive information or trade in personal information. Most data broker sites, background check platforms, and people-search services that publish information about Australian individuals are covered by the Privacy Act either because of their size or because they specifically trade in personal information.

For organisations where the Privacy Act applies, individuals have the right to request access to personal information held about them and to request correction where that information is inaccurate, out of date, incomplete, misleading, or irrelevant. Where the organisation is a data broker or people-search platform, this right directly supports requests to delete or update profiles containing personal information. The organisation must respond to a correction request within 30 days under Australian privacy law, either by making the requested correction or by providing written reasons for refusing and informing the individual of their right to complain to the OAIC.

How to Make a Privacy Act Correction or Deletion Request

A Privacy Act correction request should identify the specific organisation and the specific personal information you want corrected or deleted, explain why the information is inaccurate, out of date, incomplete, misleading, or irrelevant, and request the specific action you want — correction to accurate information, or deletion of the profile entirely. The request should also note that you are making it under the Australian Privacy Act 1988, APP 13, and that you expect a response within 30 days. Sending the request by email to the organisation’s privacy officer or nominated contact for privacy matters creates a record and establishes the 30-day response clock.

Where an organisation refuses your correction or deletion request or does not respond within 30 days, you can lodge a complaint with the OAIC. The OAIC investigates complaints, can require organisations to comply with correction requests, and can recommend remedies including correction, deletion, and apology. OAIC complaints are free to lodge and can produce meaningful pressure on organisations that ignored direct correction requests.

Privacy Act Requests and Google

The Privacy Act applies to organisations operating in Australia and to foreign organisations that collect or hold personal information about Australian individuals from Australian-based activities. Google LLC’s Australian operations bring it within the scope of the Privacy Act for Australian data subjects, and individuals can make Privacy Act-based requests to Google in relation to personal information it holds or processes about them — including indexing of personal information in Google search results.

In practice, Privacy Act requests to Google are most effective in combination with Google’s own personal information removal processes, rather than as standalone requests. Where content qualifies under Google’s own removal policies — personal information that creates specific harm risks — a Privacy Act basis strengthens the request. Where content does not qualify under Google’s standard policies, a Privacy Act request alone is unlikely to produce de-indexing. The most effective approach is to combine Privacy Act requests to source platforms, Privacy Act requests to Google supported by documentation, and where applicable, eSafety Commissioner complaints under the Online Safety Act 2021 for content that meets the threshold for serious harm.

The eSafety Commissioner and the Online Safety Act 2021

For content that goes beyond privacy concerns into territory that causes serious harm — non-consensual intimate imagery, targeted cyber abuse, and other categories covered by the Online Safety Act 2021 — the eSafety Commissioner provides a regulatory pathway with real enforcement teeth. The eSafety Commissioner can issue removal notices to platforms requiring removal of qualifying content, and non-compliance with eSafety notices carries significant civil penalties. For individuals dealing with seriously harmful content that may not qualify under the Privacy Act’s correction and deletion framework, the eSafety Commissioner provides an additional pathway that operates independently of whether the platform has Australian operations.

How Privacy Act Content Removal Affects AI Tool Representations

Personal information published on data broker sites and background check platforms feeds not just Google search results — it feeds AI tool responses. ChatGPT, Perplexity, and Google AI Overviews draw from these sources when generating answers about individuals. Successfully deleting a data broker profile under the Privacy Act reduces your exposure in both traditional Google search results and AI-generated answers about your name — the same source deletion addresses both simultaneously. For Australian individuals where AI tool representations are also a concern, Privacy Act-based data broker deletion is therefore a high-leverage first step that improves multiple dimensions of online reputation simultaneously.

ORM Agency applies the Australian Privacy Act 1988 as part of our standard personal reputation management process for Australian clients — including structured APP 13 correction and deletion requests to data brokers, OAIC complaint processes where requests are refused, and eSafety Commissioner complaint submissions for qualifying content. Email info@ormagency.co for a free confidential assessment of your Privacy Act removal options.

Frequently Asked Questions

Does the Australian Privacy Act apply to all websites publishing information about me?
No. The Privacy Act applies to private sector organisations meeting the turnover threshold or falling within specific categories. Small businesses below the threshold and non-commercial websites may not be covered. The eSafety Commissioner’s pathways under the Online Safety Act apply to online platforms regardless of Privacy Act coverage for qualifying harmful content.

How long does a Privacy Act correction request take?
Organisations must respond within 30 days. The OAIC complaint process where requests are refused or ignored takes longer — typically months for investigation and resolution.

Can I use the Privacy Act to remove news articles about me?
The Privacy Act is most applicable to data broker profiles and commercial publishers of personal information. News articles published by media organisations are subject to the media exemption in the Privacy Act, which limits its application to journalism published in good faith. Australian defamation law is typically the more appropriate framework for addressing harmful news content.

Does the Privacy Act help with AI tool representations?
Privacy Act deletion of data broker profiles reduces the source material AI tools draw from about you, which over time reduces your AI-level personal information exposure. It does not directly compel AI tools to update their responses.

Related Services:

Reputation Management Australia — full Australian reputation management service.
Negative Content Removal Australia — for targeted removal of specific harmful content.
Physician Reputation Management Australia — for doctors and healthcare professionals.
AI Reputation Management — for managing what AI tools say about you.

About the Author

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like these