Notes from the Asia-Pacific region: AI deployment, privacy protections and coordinated oversight converge in Australia

Australia's latest AI governance initiatives, heightened privacy enforcement and increasing regulatory cooperation signal a future in which AI, privacy, cybersecurity and digital accountability are becoming more closely aligned and central to organizational resilience.

Contributors:
Adam Ford
Managing Director, Australia, New Zealand
IAPP
Editor's note
The IAPP is policy neutral. We publish contributed opinion pieces to enable our members to hear a broad spectrum of views in our domains.
These past weeks have delivered a powerful reminder that privacy, artificial intelligence governance and digital regulation are no longer developing as separate disciplines. Across Australia, policymakers and regulators are signaling a future where responsible AI deployment, stronger privacy protections and coordinated regulatory oversight will increasingly converge. For privacy and digital responsibility professionals, these developments provide valuable insight into the direction of travel and the expectations organizations will face in the years ahead.
Perhaps the most significant announcement came from the government's release of its new "AI in Australia's Interests" framework. The proposal outlines a world-leading approach to AI governance, including the development of "Australian Standards for AI" and the establishment of an Office of AI within the Department of Prime Minister and Cabinet. Importantly, the framework seeks to balance economic opportunity with public trust by creating clear expectations around energy usage, infrastructure investment, safety and accountability. The government has also highlighted protections for Australian creators and emphasized that AI development must align with national interests, community expectations and responsible innovation principles.
Alongside these AI developments, the Office of the Australian Information Commissioner continues to demonstrate an increasingly active enforcement posture. Newly released notifiable data breach statistics revealed that 2025 recorded the highest number of reported breaches since the data breach notification scheme commenced in 2018, with 1,205 notifications logged. Cyber incidents remained the dominant cause, while health service providers once again accounted for the largest portion of reported breaches. These figures serve as a timely reminder that cybersecurity resilience and privacy governance remain deeply interconnected disciplines requiring sustained executive attention.
The OAIC also concluded its high-profile investigation into the use of third-party tracking pixels by health service providers. The determinations involving Medmate Australia and Monash IVF reinforce a principle that many privacy practitioners have been discussing for some time: sophisticated advertising and analytics technologies do not sit outside privacy obligations. The commissioner's findings make clear that where sensitive information is collected through tracking technologies, organizations must ensure appropriate consent is obtained. The decision is likely to influence how organizations assess digital marketing, website analytics and third-party technology deployments across a range of sectors.
Completing the picture was the announcement that members of the Digital Platform Regulators Forum have signed a new Memorandum of Understanding to strengthen cooperation across privacy, competition, online safety and consumer protection issues. While each regulator retains its independent powers, the agreement reflects growing recognition that many digital risks now cut across multiple regulatory domains. A more coordinated approach could provide clearer expectations for organizations while also increasing scrutiny of digital platform practices.
Taken together, these developments point toward a future characterized by greater accountability, stronger governance expectations and closer alignment between regulators. For organizations, the message is increasingly clear: robust privacy programs, effective AI governance frameworks, careful vendor oversight and proactive risk management are becoming essential elements of organizational resilience. As practitioners, our challenge is to help organizations navigate this evolving environment while maintaining the trust that customers, employees and communities place in us every day.

This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Submit for CPEsContributors:
Adam Ford
Managing Director, Australia, New Zealand
IAPP



