Tips on how to stay safe online during the COVID-19 pandemic


How eSafety handles, manages and protects personal information.



The eSafety Commissioner is responsible for promoting online safety for all Australians.

This summary of our privacy policy outlines the key points about how eSafety handles, manages and protects personal information.

eSafety collects, holds, uses and discloses personal information to undertake the eSafety Commissioner’s functions and activities under the Enhancing Online Safety Act 2015, the Broadcasting Services Act 1992 and the Telecommunications Act 1997.

eSafety handles information in accordance with our obligations under the Privacy Act 1988, the Freedom of Information Act 1982 and the Public Governance, Performance and Accountability Act 2013.


eSafety usually collects personal information (including sensitive information) from you or your authorised representative in order to undertake a regulatory action, such as assess a complaint or manage a report, or for activities consistent with a regulatory function.

eSafety sometimes collects personal information from a publicly available source or third party, if permitted under legislation, if doing so enables us to better assess a complaint or perform another regulatory action.

Personal information may also be collected through the eSafety website and our use of social networking services, such as Facebook, Twitter and YouTube. eSafety uses this information to improve the eSafety website, receive feedback from the community and increase engagement with you.

Use and disclosure

eSafety only uses or discloses personal information for the purpose for which it was collected or in other permitted circumstances, such as where you consent for it to be used or disclosed for another purpose.

eSafety will not disclose sensitive information about you unless you agree or in other limited circumstances, such as when the eSafety Commissioner is required or authorised by law.

The Enhancing Online Safety Act 2015 lets us provide your information to specific authorities without your consent in certain circumstances, including an authority of a foreign country responsible for regulating matters relating to the capacity of children to use social media services and electronic services in a safe manner.

You may also choose to engage with us through a social networking service or our website. The companies we use for these purposes may also store information overseas.

Access and correction

You can request access to the personal information eSafety holds about you. We will provide you access in most circumstances.

You can request that eSafety correct your personal information. We will take reasonable steps to correct the information we hold about you if we consider it inaccurate, out of date, incomplete, irrelevant or misleading.

How to make a complaint

You can complain to eSafety in writing about how we have handled your personal information. eSafety will respond to your complaint within 30 days. You can contact eSafety from our contact us page.

Privacy policy

The eSafety Commissioner is responsible for promoting online safety for all Australians.

This policy describes how the eSafety Commissioner and staff assisting her (eSafety) handles, manages and protects personal information.

The Privacy Act 1988 (Cth) (the Privacy Act) contains 13 Australian Privacy Principles (the APPs) that regulate how private sector organisations and government agencies collect, use, disclose, hold and de-identify or destroy personal information, and how individuals may request to access and correct their personal information.

The Privacy Act defines personal information as information or an opinion about an identified individual or an individual who is reasonably identifiable. It also defines sensitive information, which is a subset of personal information that is generally afforded a higher level of protection than personal information. This includes health information and information relating to a person’s racial or ethnic origin and sexual orientation or practices.

The eSafety Commissioner is covered by the Privacy Act.

Collection of personal information

Purposes of collection

eSafety collects personal information if it is reasonably necessary for, or directly related to, one or more of the eSafety Commissioner’s functions or activities.

The main reasons we would collect personal information would be to:

  • handle a complaint or manage a report
  • provide education
  • conduct communication and awareness campaigns
  • run our website, or
  • correspond and engage with you through newsletters and social media.

How personal information is collected

eSafety collects personal information by lawful and fair means. eSafety usually collects personal information directly from you, for example, when you provide us your details in relation to a complaint or report through an enquiry form.

However, eSafety may obtain information about you from third parties in certain circumstances, including where:

  • the eSafety Commissioner is required or authorised by law, for example, obtaining information for the purposes of handling a complaint or report (from a complainant, parent, guardian or school)
  • the eSafety Commissioner has your consent to do so, or
  • it is not reasonably practicable to collect the information from you.

Kinds of personal information collected and held

eSafety collects personal information to enable us to carry out our regulatory functions and activities.

eSafety does not collect personal information and cannot identify corporate information through the use of the Safety by Design assessment tools.  

Further information about how non-identifiable data is collected, used and stored is available on the Safety by Design privacy page.

Complaints and reports

eSafety investigates complaints in relation to cyberbullying and in relation to offensive and illegal content. It also manages complaints in relation to image-based abuse.

The kinds of personal information collected in order to investigate these complaints and reports varies between the schemes, but generally includes:

  • your name (you may choose to make some complaints and reports anonymously)
  • your contact details (unless you choose not to provide your name)
  • your images
  • whether you reside or are a business in Australia, and/or
  • a URL that may lead to images that are personal information.

Personal information collected may also relate to the person making the complaint or report or to other parties involved, including the person alleged to have posted the material.

Investigating complaints and managing reports may require eSafety to collect sensitive information about you. This will only occur if you have consented or if the collection is otherwise permitted under the Privacy Act or the Enhancing Online Safety Act 2015.


eSafety collects and holds personal information as part of our procurement processes. This includes the names and contact details of tenderers or contracting parties and is done to ensure we comply with the Public Governance, Performance and Accountability Act 2013 (the PGPA Act) and the Commonwealth Procurement Rules.

More information on the PGPA Act and the Commonwealth Procurement Rules is available at the Department of Finance’s PGPA associated instruments and policies page.

Public consultation and engagement

eSafety engages with the public and our stakeholders through a number of mediums, including consultations, surveys, conferences and forums.

When eSafety undertakes formal consultation, the documentation will make clear the purpose of the consultation and the purpose of the collection of personal information. Generally, eSafety publishes the submissions we receive, including any personal information, unless otherwise claimed as confidential.

If you wish to make a submission anonymously or through the use of a pseudonym, you should contact eSafety to see whether it is practicable to do so. Each confidentiality claim is assessed by eSafety on a case-by-case basis.

Use of services

eSafety collects and holds personal information used to register for a service, such as an online safety program or newsletter subscription. This may include details such as name, organisation, contact details and communication preferences. This helps eSafety manage user access and provide the service requested.

Information about how your personal information will be handled and other terms and conditions for using a service will be provided before any personal information is collected.

Website traffic, cookies and analytics

eSafety uses a range of tools to collect and view our website traffic information. This includes cookies and analytics such as Google Analytics and Usabilla. This helps eSafety improve our website, customise our information and services, and conduct research and development.

The information collected by these tools may include information such as the IP address of a device, the date and time a page was visited, the pages accessed and how long pages were viewed.

eSafety does not attempt to identify users or their browsing activities, unless the user has signed up to an online service or a law enforcement agency or other government agency exercises its legal authority to inspect our internet web server logs for an investigation.

You can set browsers that will notify you before you receive a cookie. This may allow you to refuse to accept it. Users can also turn off or delete cookies. You can also opt out of the Google Analytics collection by using the Google Analytics Opt-out Browser Add-on.

The eSafety website uses both Australian Government and commercial web-hosting facilities.

Social media

eSafety uses social networking services, including Twitter, Facebook, YouTube, Instagram and Snapchat, to engage with the public. eSafety may collect your personal information if you engage with us on these services, but we will only use it to help us communicate with you and the public.

These social networking services will also handle your personal information for their own purposes in accordance with their own privacy policies.

Emails and newsletters

eSafety communicates with the public through email distribution lists and newsletters. With your consent, eSafety will collect your email and, if you provide it, other contact details when you subscribe to an eSafety mailing list. eSafety only uses this to update you on its activities and to administer the lists.


eSafety collects personal information in order to fulfil the eSafety Commissioner’s statutory functions and obligations or to undertake activities consistent with a regulatory function.

Before, at the time, or soon after collecting personal information, eSafety will provide you a notice outlining certain matters, including the purposes of collection, the consequences if personal information is not collected and whether eSafety usually discloses information of this kind to another entity.

Anonymity and use of pseudonym

eSafety will provide you the option of not identifying yourself, or using a pseudonym, unless it would be impractical for eSafety to deal with a person in that way or where a law requires or authorises eSafety to deal with individuals who have identified themselves.

Complaints related to offensive and illegal content can always be made anonymously.

Reports relating to image-based abuse do not require a complainant to provide their name.

Use and disclosure of personal information

eSafety will use or disclose personal information only for the purpose for which it was collected. eSafety will only use or disclose personal information for another purpose in certain permitted circumstances, including when:

  • you consent for eSafety to do so
  • the use or disclosure is required or authorised by or under an Australian law
  • another exception under the Privacy Act applies, including the eSafety Commissioner reasonably believes that it is reasonably necessary for one or more enforcement-related activities or a permitted general situation exists.

For example, with your consent, we might provide relevant information (like the location of the image) to the content host identified in your report to get the image taken down or use a tool that allows us to search whether your image is available in certain other locations online.

Part 9 of the Enhancing Online Safety Act permits the eSafety Commissioner to disclose information in certain circumstances and with certain conditions, including to an authority of a foreign country responsible for regulating matters relating to online safety for children, provided it is not prohibited by Part 13 of the Telecommunications Act 1997.

The eSafety Commissioner may also disclose information to an authority if satisfied that the information will enable or assist the authority to perform or exercise any of the authority’s functions or powers, provided the information was obtained as a result of a function or power conferred on the eSafety Commissioner under the Enhancing Online Safety Act or the Broadcasting Services Act.

We generally only disclose personal information overseas in order to help us fulfil a regulatory function. The Enhancing Online Safety Act lets us provide your information to certain authorities without your consent, including foreign authorities.

You may also choose to engage with us through a social networking service or our website. The companies we use for these purposes may also store information overseas.

Quality and security of personal information

eSafety takes reasonable steps to ensure the quality of the personal information we collect and disclose is accurate, up-to-date and complete.

eSafety has a range of measures in place to protect the personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure.

All information collected by eSafety is secured and managed in accordance with the Australian Government’s Protective Security Policy Framework, Information Security Manual and the Archives Act 1983. You can find further information at the National Archives of Australia’s webpage for Commonwealth Records Management).

Access to and correction of personal information

The eSafety Commissioner will consider any request you make to access, or seek the correction of, your personal information within 30 days.

eSafety will take reasonable steps to correct information we hold about you, if we consider it inaccurate, out of date, incomplete, irrelevant or misleading. You may need to demonstrate how your personal information is incorrect.

eSafety will ask you to verify your identity before it gives you access to your information or corrects it.

You also have the right under the Freedom of Information Act to request access to the documents eSafety holds. If the information eSafety holds about you is incomplete, incorrect, out-of-date or misleading, you can ask it that it be changed or annotated.

Making a complaint

eSafety manages personal information in accordance with its obligations and responsibilities under the APPs.

If you have a complaint about how eSafety has handled your personal information, you should outline your complaint in writing and lodge it with eSafety through the Contact us page.

eSafety will assess your complaint within 30 days.

If you are unhappy with how we have handled your complaint, you may be able to complain to the Office of the Australian Information Commissioner.

Contact eSafety

You can contact eSafety for more information about this privacy policy from our Contact us page.