Starting 10 December 2026, Australian businesses will need to explain in their privacy policy how they use AI in decisions that significantly affect customers. If your contact centre platform uses AI, for example, to route calls, score enquiries, or personalise interactions, you’ll probably need to update your privacy policy before that date.
Most privacy policies created before 2024 don’t mention automated decision-making. If your business uses modern contact centre software, it’s important to update your policy to cover this.
Key takeaways
- The new obligation sits under Australian Privacy Principle 1.7 (APP 1.7), introduced by the Privacy and Other Legislation Amendment Act 2024.
- Features like intelligent call routing, enquiry triage, and AI-powered personalisation may be included, but only where the decision could reasonably be expected to significantly affect the customer’s rights or interests. Routine routing and triage often will not meet that threshold.
- The threshold is $3 million in annual turnover, so these rules apply to many businesses, not just large enterprises.
- The main thing you need to do is update your privacy policy. You don’t have to change your systems, but the policy must accurately describe what your systems actually do. Generic or boilerplate wording will not necessarily satisfy the requirement.
- This article includes a six-step checklist to help you review and update your privacy policy.
What the new Privacy Act rules actually say
On 10 December 2024, the Privacy and Other Legislation Amendment Act 2024 received Royal Assent, introducing several significant changes to the Privacy Act 1988 (Cth). One of those changes, the introduction of APP 1.7, comes into effect on 10 December 2026.
APP 1.7 requires businesses covered by the Privacy Act to update their privacy policy to explain:
- Whether they use AI to make, or substantially inform, decisions that affect individuals
- What kinds of decisions are those
- How personal information is used in that process
This requirement is about being transparent, not about banning AI. You can still use AI, but you need to clearly inform customers how you use it.
The Australian Attorney-General’s Department is an authoritative Government source on the Privacy Act 1988 and the 2024 amendments, and is worth bookmarking as the rules approach their effective date.
Which contact centre functions are in scope
Now let’s look at what this means for businesses using contact centre software with built-in AI features.
The new rules apply when AI is used to make a decision, or to do something substantially and directly related to making a decision, that could reasonably be expected to significantly affect a person’s rights or interests. The word “significantly” matters: the mere use of AI in a process does not by itself bring it within scope. In contact centres, you need to look at each function on its facts rather than assume it is caught.
Examples that may be in scope include:
- Intelligent call routing: AI decides which agent or queue a customer goes to, based on their history, mood, or type of enquiry.
- Enquiry triage and scoring: AI sorts or prioritises incoming contacts before a person reviews them.
- Personalised interactions: AI uses customer data to adjust responses or recommendations in real time.
- Automated callbacks or outreach: AI decides when and how to follow up with a customer.
If your platform does any of these things, and most modern contact centre platforms do, you’ll probably need to update your privacy policy.
Check your platform’s documentation to see which AI features are active in your account and what customer data they use. Premier Contact Point’s AI customer service tools are built for transparency, making your review easier.
Who this applies to and what to do about it
The Australian Privacy Principles usually apply to businesses with more than $3 million in annual turnover, and to some other organisations like health service providers, Consumer Data Right participants and credit reporting bodies, no matter their size. If your business meets these criteria and uses a contact centre platform with AI, these rules apply to you.
Here’s what a practical compliance checklist looks like for a growing business:
- Check your AI features. Log in to your contact centre platform and see which AI-powered features are turned on. The most common are call routing, IVR personalisation, and automated triage tools.
- Connect AI features to customer decisions. For each AI tool, ask whether it makes, or substantially and directly contributes to, a decision that could reasonably be expected to significantly affect the customer’s rights or interests. If it does, it is likely covered. If it only changes minor aspects of the experience, it probably is not.
- Review your current privacy policy and see if it mentions AI. Most policies written before 2024 don’t cover automated decision-making in detail.
- Update your privacy policy. Make sure it clearly explains which AI processes you use, what data they rely on, and how decisions are made or influenced. You can use plain language; it doesn’t have to be technical.
- Get legal approval. A privacy lawyer or compliance adviser can check that your policy meets the APP 1.7 requirements before you publish it.
- Let your customers know about the update. Inform them that your privacy policy has changed, especially if your current terms require it.
December 2026 might seem far away, but if you have a small team, it’s best to start planning now instead of waiting until the last minute.
If you’re already using a platform that documents how its AI features work, you’re ahead of the game. Businesses using contact centre software to manage scale and consistency — as outlined in our earlier post on how growing businesses use contact centre software to scale — are precisely the ones this new requirement is designed to inform, not penalise.
Thinking about a contact centre platform?
If you’re thinking about implementing a contact centre platform in your business, or wondering whether your current one is the right fit as compliance requirements grow, it’s worth choosing one that’s transparent about how its AI features work and what they do with customer data.
Premier Contact Point is built for businesses that want enterprise-grade contact centre capabilities without the enterprise complexity. Talk to the team to see how it works in practice.
Thinking about a contact centre platform?
If you’re thinking about implementing a contact centre platform in your business, or wondering whether your current one is the right fit as compliance requirements grow, it’s worth choosing one that’s transparent about how its AI features work and what they do with customer data.
Premier Contact Point is built for businesses that want enterprise-grade contact centre capabilities without the enterprise complexity. Talk to the team to see how it works in practice.
