How are consumers protected in Australia?

Australia has strict consumer laws that safeguard consumers and protect their rights against unfair, misleading or unsafe conduct by businesses.

Consumer protections

The Australian Consumer Law (ACL) sets out the national approach to consumer protection in Australia. The ACL contains a range of consumer protections, breaches of which may result in serious penalties, including:

  • civil penalties of up to A$1.1 million (for corporations) and A$220,000 (for individuals); or
  • substantiation notices, infringement notices or public warning notices.

The ACL is currently under review, with Consumer Affairs Australia and New Zealand and the Productivity Commission having released reports on the law’s operation and enforcement in April 2017.

Major recommendations from the reports include increasing financial penalties for breach, the introduction of a general requirement to ensure the safety of a product before market, and changes to consumer guarantees.

The Australian Competition and Consumer Commission (ACCC) is the relevant regulator at the national level and enforces consumer protection laws vigorously. State and Territory consumer regulators may also enforce consumer protection laws at the relevant level.

Key protections

  • The ACL prohibits conduct in trade or commerce that is misleading or deceptive or likely to mislead or deceive. This can include misleading and false advertising, names and market practices such as look-alike products.
  • The ACL prohibits “unfair” contracts. The rule is limited to standard form contracts that involve an individual acquiring a good or service wholly or predominately for personal, domestic or household use or consumption.
  • The ACL gives “consumers” the benefit of a number of non-excludable guarantees and warranties in respect of goods and services. The guarantees include that the goods are fit for purpose and of acceptable quality, and that services are rendered with due care and skill.

Country of origin labelling

New laws on country of origin labelling were introduced to the ACL in 2016 and 2017.

The ACCC’s guidance for food labelling and KWM’s InCompetition blog:


Product liability

Federal law makes manufacturers and importers strictly liable for injury caused by defective or unsafe goods.

It also empowers the relevant federal minister to make safety standards, issue a recall notice, publish a written safety warning notice or introduce a minimum standard of information relating to specified goods or services.

Product liability may also arise under tort and contract, and the Sale of Goods Acts in the States.

Methods of enforcement

  • Product recalls are governed by the Competition and Consumer Act 2010 (Cth) and industry protocols.
  • Class actions in relation to product liability claims are available to groups of seven or more consumers if the claim arises out of similar circumstances giving rise to common issues.
  • Reporting requirements apply under which suppliers of consumer goods and product-related services who become aware of death or serious injury or illness caused by the use or foreseeable misuse of that good or service generally must report it to the minister within 48 hours of becoming aware.

Industry specific codes

Traders entering the Australian market should ensure that they receive advice on any codes specific to their industry.

  • The ACCC regulates mandatory industry codes for franchising, horticulture, oil, wheat ports and unit pricing.
  • There are also voluntary codes developed by industry or the ACCC. An example of an ACCC developed voluntary code is the Food and Grocery Code of Conduct.
  • Codes may be prescribed under other legislation. For instance, the Australia New Zealand Food Standards Code applies to businesses involved in the production, processing and/or marketing of food.


Australian privacy law regulates the collection, storage, use and disclosure of personal information by organisations carrying on business in Australia, and the rights of individuals to access information held about them.

An organisation subject to the Privacy Act 1988 (Cth) (Privacy Act) must publish a privacy policy, and establish complaints handling and access procedures.

Obligations are set out in the Australian Privacy Principles to which the following are subject:

  • most Australian and Norfolk Island Government agencies;
  • all private sector and not-for-profit organisations with an annual turnover of more than A$3 million; and
  • all private health service providers and some small businesses.

Special rules also apply to:

  • the use and disclosure of credit information by credit providers and credit reporting agencies;
  • the collection and use of tax file numbers;
  • the collection of sensitive information, including information about health, race, sexual preference, criminal record, and religion or political affiliation; and
  • sending personal information outside Australia.

There are a number of broad exemptions under the Privacy Act, such as an employee records exemption and an exemption for small businesses.

Office of the Australian Information Commissioner:

Interactions with the EU data regime

The European Union (EU) does not recognise the Australian data regime as providing EU-equivalent protection. As a result, EU data cannot be transferred into Australia without taking additional steps (such as a contractual undertaking).


The Spam Act 2003 (Cth) and associated regulations govern the sending of electronic messages with a commercial purpose to persons in Australia.

An electronic message includes email, SMS, MMS and instant messaging, but excludes voice calls and faxes.

The prohibition on sending commercial electronic messages does not apply to the sending of an electronic message which is purely factual and not for the purpose of promoting or selling goods or services.

Do Not Call Register

Australia also has a Do Not Call Register on which individuals, emergency services and government bodies can place their phone or fax numbers without charge. The listing will remain valid for a minimum of eight years.

It is an offence to make an unsolicited marketing call, or send an unsolicited marketing fax, to a number on the Register unless consent has been given.

When can commercial electronic messages be sent?

A person or organisation can only send a commercial electronic message if:

  • the recipient has consented to receiving messages (consent can be express or can be inferred from the recipient’s conduct or the parties’ relationship);
  • it contains a statement detailing an electronic means of unsubscribing from receiving messages in the future; and
  • it identifies the sender and contains the sender’s contact details.

Substantial penalties may apply for repeat offenders. The supply, acquisition or use of email address harvesting technology is also an offence.

Australian Communications and Media Authority: