OAIC Puts Big Tech, Government, & AI on Notice in 2025–26 Privacy Crackdown

Key Takeaways

• Four Priority Areas Identified: The OAIC’s 2025–26 focus includes rebalancing power imbalances, preserving rights in emerging tech, strengthening public sector information governance, and improving access to government-held information.
• Spotlight on High-Risk Sectors: The OAIC is targeting rental, credit reporting, and data brokerage sectors, as well as ad tech practices like pixel tracking and excessive personal data retention.
• Emerging Technologies Under Scrutiny: Facial recognition, biometric scanning, and location-tracking tools, especially when used by government, will face heightened regulatory attention.
• Public Sector Transparency in Focus: The OAIC will examine government use of private messaging apps, FOI compliance, and administrative decision-making to rebuild trust in public institutions.
• Stronger Enforcement of Privacy Protections: The OAIC aims to hold both industry and government accountable for opaque or unfair data practices, particularly in the online environment and AI use.

Deep Dive

The Office of the Australian Information Commissioner (OAIC) has released its regulatory action priorities for 2025–26, and it’s not just a laundry list of goals. It’s a signal flare, aimed squarely at the sectors and technologies where trust, transparency, and privacy are at risk.

From the growing use of surveillance tech to persistent power imbalances in the data economy, the OAIC is drawing a firm line that privacy rights aren’t negotiable, and neither is timely access to government information.

“We’re focusing our resources on the things that matter most and on the regulatory problems that pose the most harm,” said Australian Information Commissioner Elizabeth Tydd. “Through this approach we can create the right framework to deliver innovation and support economic and productivity gains.”

This year’s action plan highlights four key areas of concern, each reflecting a broader societal shift in how information is used, withheld, or abused.

First up: power and information asymmetries. The OAIC is turning a critical eye toward sectors that quietly shape the data economy, like property rentals, credit reporting, and data brokering, where individuals often have little insight into how their information is collected and shared. Also on the radar, the murky world of ad tech and tracking pixels, as well as the growing role of artificial intelligence in eroding privacy rights.

It’s not just what data is collected, it’s how long it’s kept, how it’s used, and how hard it is to access government-held records that should be in the public domain.

Rights in a World of Facial Recognition and AI

If 2024 was the year biometrics went mainstream, 2025 is shaping up to be the year regulators push back. The OAIC says it will keep a close watch on facial recognition and biometric scanning, as well as location tracking tools embedded in apps, vehicles, and everyday devices. These technologies, while often marketed as convenient, raise fundamental questions about consent, oversight, and proportionality.

When it comes to AI and automated decision-making, particularly by government, there’s an added layer of concern. “We recognize that community confidence and trust will contribute to a healthy democracy and positively impact the economy,” said Commissioner Tydd. That means regulators will be watching how decisions get made, not just what outcomes they produce.

In a refreshingly introspective move, the OAIC is also focused on strengthening the information governance practices of the Australian Public Service. It’s not a new problem, FOI delays, poor data lifecycle management, and a culture of risk aversion have long plagued public information access. But the agency is now explicitly calling out issues like excessive use of private messaging apps, subpar handling of FOI requests, and lackluster transparency practices as risks to public trust.

Timeliness Is the Bare Minimum

Freedom of Information Commissioner Toni Pirani summed it up plainly, “Access to information promotes government transparency and is essential to our democratic system.”

To that end, the OAIC is ramping up efforts to investigate complaints and use agency performance data to highlight where delays and refusals are becoming the norm, not the exception. This isn’t just about naming and shaming, it’s about reinforcing the idea that public information should be exactly that: public.

For Privacy Commissioner Carly Kind, the bigger picture is digital trust, and how it erodes when data practices become too opaque.

“Opaque and unfair extraction and use of personal information undermines consumer trust and confidence,” she said. “By focusing on the enforcement of privacy protections, particularly in the online environment, we can rebalance the playing field for consumers and re-empower online users.”

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.