Personal information collection notice
eSafety may collect personal information if it is reasonably necessary for, or directly related to, one or more of the Commissioner’s functions or activities under the Online Safety Act 2021 (the Act).
Many of the functions of the Commissioner are set out in section 27 of the Act, and include:
- to promote online safety for Australians
- to support and encourage the implementation of measures to improve online safety for Australians
- to coordinate activities of Commonwealth Departments, authorities and agencies relating to online safety for Australians
- to collect, analyse, interpret and disseminate information relating to online safety for Australians
- to support, encourage, conduct, accredit and evaluate educational, promotional and community awareness programs that are relevant to online safety for Australians
- to make, on behalf of the Commonwealth, grants of financial assistance in relation to online safety for Australians
- to support, encourage, conduct and evaluate research about online safety for Australians
- to publish (whether on the internet or otherwise) reports and papers relating to online safety for Australians
- to give the Minister for Communications, Urban Infrastructure, Cities and the Arts (Minister) reports about online safety for Australians
- to advise the Minister about online safety for Australians
- to consult and cooperate with other persons, organisations and governments on online safety for Australians
- to advise and assist persons in relation to their obligations under the Online Safety Act
- to monitor compliance with the Online Safety Act and promote compliance with it
- to formulate, in writing, guidelines or statements that recommend best practices for persons and bodies involved in online safety for Australians and are directed towards facilitating the timely and appropriate resolution of incidents involving material provided on a social media service, relevant electronic service or designated internet service, and to promote those guidelines and statements.
The Commissioner also has powers and functions under:
- section 581 (2A) of the Telecommunications Act 1997 (Cth)
- sections 474.35 and 474.36 of the Criminal Code Act 1995.
If we need to disclose your information to another person or entity, including an overseas entity, we will usually discuss this with you first. The Act also lets us provide your information to certain authorities without your consent in certain circumstances.
In order to action the removal of harmful content, our staff will collect personal information, and may contact you to assess, manage and resolve complaints, reports and conduct formal investigations. We may also collect personal information when conducting a review of a decision under our internal review scheme.
eSafety also collects personal information for the purpose of responding to enquiries. Whilst all enquiries will be directed to the section of eSafety that is best placed to assist, we may contact you if we require additional information.
Workshops, focus groups, interviews, training sessions, online learning programs and online services provided by eSafety may also require the collection of personal information. For example, this may be to assist with organising workshops and scheduling sessions, to validate registration or to allow you to evaluate our work through follow up surveys.
Public events such as the eSafety conference, Safer Internet Day and other promotional, education, information, public relations and media engagement activities may also require eSafety to collect personal information, particularly for registration and evaluation.
From time to time we may also use your image or voice where recordings or photos are taken with your consent for use in audio, visual and other publications such as brochures, booklets, videos, reports, press releases, social media posts or other promotional activities.
By signing up to any of our events, programs or services, you consent to eSafety collecting and collating data, to be used in an aggregated form, which allows us to review our programs and outputs and analyse uptake and performance. This consent extends to eSafety sharing your details with our service providers, who may have overseas storage practices.
Website traffic, cookies and analytics used by eSafety may also collect information such as the IP address of a device, the date and time a page was visited, the pages accessed and how long pages were viewed. eSafety does not attempt to identify users or their browsing activities, unless the user has signed up to an online service or a law enforcement agency or other government agency exercises its legal authority to inspect our internet web server logs for an investigation. You can set browsers that will notify you before you receive a cookie. This may allow you to refuse to accept it. Users can also turn off or delete cookies. You can also opt out of the Google Analytics collection by using the Google Analytics Opt-out Browser Add-on. The eSafety Commissioner’s website uses both Australian Government and commercial web-hosting facilities.
The “Your Online Journey” and “Get Started” apps have been developed for the eSafety Commissioner and are available to download from the Google Play and Apple app stores. These app stores may provide eSafety anonymous general data about how many units have been downloaded. eSafety does not collect personal information or analytics from these apps.
Specific information about some of our programs
In addition to the above information which forms part of the general collection notification, we have provided some specific details below about how we use personal information for some of our programs.
Trusted eSafety Provider Program
Personal information is collected for the Trusted eSafety Provider (TEP) Program in order to:
- consider an application for endorsement or to contact applicants should eSafety require additional information about an application
- provide information about a TEP’s program to the public on the eSafety website
- contact endorsed TEPs
- undertake review of a TEP’s program content, endorsement status or other program related matters
- administer any other aspect of the TEP Agreement or TEP Program.
Online Safety Grants Program
Personal information is collected for the Online Safety Grants Program in order to:
- consider and resolve applications for grants funding
- document and manage any real or apparent conflicts of interest among members of the Online Safety Grants Program Assessment Panel in assessing applications and making recommendations for grant funding
- record acknowledgement of obligations by members of the Online Safety Grants Program Assessment Panel and those who apply for or receive grants funding
- consult and engage with providers and participants of programs that receive grants funding
- enable evaluation of programs that receive grants funding and analyse their uptake and performance
- promote programs that receive grants funding through the collection and use of providers’ and participants’ images and voices for use in audio, visual and other publications such as brochures, booklets, videos, reports, press releases and social media posts
- contact you should eSafety require additional information in relation to your engagement with the Online Safety Grants Program.
Safety by Design assessment tools
eSafety does not collect personal information and cannot identify corporate information through the use of the Safety by Design assessment tools.
Further information about how non-identifiable data is collected, used and stored is available on the Safety by Design privacy page.
Privacy Act Obligations
The Privacy Act 1988 (Cth) (Privacy Act) imposes obligations on eSafety in relation to the collection, security, quality, access, use and disclosure of personal information. These obligations are detailed in the Australian Privacy Principles.
We will only use or disclose your information for another purpose with your consent or if permitted by the Privacy Act. If we need to disclose your information to another person or entity, including an overseas entity, we will usually discuss this with you first. The Act and the Privacy Act also let us provide your information to certain authorities without your consent in certain circumstances.
We are also required to follow mandatory reporting requirements.
Last updated: 15/06/2023