2026 Australian Community Attitudes to Privacy Survey: Insights from a digital rights perspective

The Office of the Australian Information Commissioner's latest Australian Community Attitudes to Privacy Survey, released 28 May, provides a comprehensive overview of privacy attitudes and experiences among people in Australia and how they have been impacted by recent events.

ACAPS is a longstanding study commissioned by the OAIC and published approximately every three years to evaluate individuals' awareness, understanding, behavior and concerns about privacy.

The research has evolved since the first survey was published in 1990 to reflect Australia's rapidly evolving digital environment. This year's ACAPS provides important insights to build community trust and confidence in how personal information is protected in Australia. Many observations and recommendations strongly align with what digital rights organizations, like Electronic Frontiers Australia, have observed for many years: The Australian people value privacy highly but feel they continue to lack meaningful control over their personal information.

In her opening foreword, Privacy Commissioner Carly Kind notes that while the community places a high value on privacy, individuals do "not consistently experience privacy protections as workable in practice." Further, she states "Australians' expectations about privacy continue to sharpen as the information ecosystem becomes more complex, data-intensive and difficult to navigate. ... community concern continues to grow at an alarming rate."  

Key 2026 metrics show a deepening trust deficit

The 2026 report presents a stark picture of a community experiencing severe friction within its digital economy. While many organizations frequently treat privacy as an administrative checklist, the public continues to increasingly view excessive and unreasonable data collection and use as structurally unfair.

Is it a problem? Yes, and it's getting worse. An overwhelming 87% of people in Australia state they are more concerned about their privacy than they were five years ago.

The gap between fairness and reality. Only 1 in 10 respondents believe organizations' real-world data practices are usually fair. Conversely, 35% explicitly categorize existing corporate data practices as mostly or always unfair.

Consent as the price of entry, not a choice. ACAPS results show a majority of people experience consent as a condition of participation rather than a genuine choice. Sixty-five percent say sharing information rarely or never feels like a genuine choice.

The individual consent model is fundamentally broken. The 2026 ACAPS findings again confirm what EFA has argued for many years. The report indicates 68% of Australians would be more likely to adopt digital services if they knew their data was handled responsibly. However, under current privacy law, consumers frequently face an all-or-nothing proposition. Better privacy laws are needed to stop bad actors from weaponizing consent as a magic wand to maximize personal information collection and use. Privacy by default is the cure for the so-called magic wand practice.

Secondary uses of personal information and artificial intelligence training. Australians draw clear boundaries around secondary uses of data. Around 93% say it is not fair to use personal information to train AI models, and 71% find it unacceptable to repurpose data for AI training after a service has ended. For EFA, the combination of opaque AI training pipelines, potential regulatory capture, weak lifecycle controls and the absence of strong privacy and consumer protection legislation is a continuing risk to digital rights and individual autonomy.

Data brokerage, tracking and targeted advertising. The survey highlights a continuing strong rejection of practices associated with data brokerage, online tracking and targeted advertising, especially where sensitive attributes or children are involved. These business models rely on pervasive, hidden surveillance-based data extraction and profiling that the community views as fundamentally unfair and disproportionate. EFA is concerned current regulatory settings do not sufficiently constrain these high-risk commercial practices.

Biometric uses and sensitive data. Large majorities consider biometrics and other sensitive attributes excessive to collect in most situations. The public's discomfort with one too many biometric identification uses coupled with low trust in commercial actors handling such data underscores the need for specific laws that prohibit rights-infringing use cases and provide a risk-based approach to regulation of other use cases. See the EU AI Act for inspiration.

The absence of trust in emerging tech. Public trust in the systems underpinning modern digital life has hit an absolute floor. Just 4% of Australians believe AI companies are worthy of their trust, while trust in social media companies languishes at a mere 3%. Australians are deeply concerned about the rollout of AI, digital identification, the predilections and influence of Big Tech and biometrics without the protection of strong regulatory frameworks.

The surge in dissatisfaction. The ongoing and deepening trust deficit seems to have triggered a 73% year-to-date increase in privacy complaints received by the OAIC, signaling that Australians are actively attempting to reign in bad actors and organizations that have not sufficiently invested in privacy, both in practice and culture.

Practical priorities for reform informed by public sentiment

From EFA's perspective, the 2026 ACAPS points to several practical priorities that would reduce both structural and systemic privacy risks and help to restore public trust.

Move beyond notice and consent. Require demonstrable necessity and strict proportionality for collection and retention and limit secondary uses by default. Privacy by default is the fix. Consent must not be weaponized as a magic wand.

Lifecycle controls for data used in AI. Prohibit human-rights-infringing use cases and tightly regulate the use of service-specific personal information for downstream AI training without explicit, time-limited consent and robust opt-out mechanisms.

Stronger limits on profiling and data brokerage. Introduce clear prohibitions or strict conditions on the sale, trade or opaque sharing of personal information that enables profiling and targeted advertising. Consumers should be able to opt out of the hidden, surveillance-based data extraction industry at no cost or harm.

Protect sensitive categories and biometrics. Treat biometric identifiers and other sensitive attributes as high-risk by default, requiring higher thresholds for lawful collection, use and oversight. This means drafting bespoke legislation to deal with the risks, harms and unrestricted scope creep of these technologies.

Accessible, effective redress. Organizations must develop clear complaint channels, reasonable timeframes for response and enforceable remedies so rights are usable in practice and are not just aspirational.

Final observations

The 2026 ACAPS makes plain that Australians want more and better privacy protections that actually work in practice: with meaningful transparency, real choices and effective remedies. The report is not an outlier of consumer sentiment; it shows a growing and increasing trajectory of consumer concern and mistrust going back over 20 years.

For EFA, the 2026 ACAPS reinforces the need for urgent regulatory change that addresses power imbalances in the digital economy, sets clear limits and accountability for emerging technologies, prevents regulatory capture and guarantees respect for individual rights and sovereignty.

EFA urges the federal government to fast-track the second tranche of the Privacy Act review. Technology and Big Tech players are quickly moving ahead while Australia's privacy law languishes in the last century. The time to fix this problem is right now.