§24 · Lane 7 — Australian Regulatory Primary Instruments

OAIC — Privacy and Generative AI Training

OAIC (2024) · OAIC Guidance

Guidance Tier 1 Lane 7 Stable URL
Read on publisher · Stable URL

Bibliographic data

Title
OAIC Guidance (October 2024) — Privacy and developing and training generative AI models
Authors / Issuing body
Office of the Australian Information Commissioner (OAIC)
Venue / Publisher
Office of the Australian Information Commissioner
Year
2024
Designation
Guidance
Licence
Stable URL — refer to publisher for full licence terms.
Canonical link
https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/guidance-on-privacy-and-developing-and-training-generative-ai-models

How to cite

OAIC (2024). OAIC Guidance (October 2024) — Privacy and developing and training generative AI models. Office of the Australian Information Commissioner. https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/guidance-on-privacy-and-developing-and-training-generative-ai-models.

The OAIC's October 2024 position on the privacy obligations of entities developing or training generative AI models using personal information. Sets out OAIC expectations on data collection, training-data composition, lawfulness, and the application of APP 3 (collection) and APP 6 (use and disclosure) to model training.

Why it matters for NETEVO

The development-side counterpart to §23 — together the two OAIC guidance documents saturate the privacy surface for AI both as procurement target and as build target.

First, this guidance binds NETEVO clients who train their own models on data containing personal information — typically large AU enterprises with proprietary training datasets. The guidance is the AU regulatory anchor for any in-house model-development governance control.

Second, the guidance is the AU privacy-law counterweight to global model-training-data critiques. Where the EU AI Act (§33) and US scholarship address training-data lineage in part as a copyright matter and in part as a privacy matter, the OAIC guidance specifies the AU privacy reading directly.

Third, the guidance pairs with §11 (42005 impact assessment), §12 (23894 risk management), and §29 (DISR Voluntary AI Safety Standard) for the development-lifecycle governance stack — design-stage controls anchored on AU regulator expectations rather than on importing US/EU norms.

Where NETEVO applies this

Related audiences

Related resources in this lane