Home / Regulations / Privacy Act ADM

OAIC · Commences 10 December 2026

Privacy Act ADM transparency.

Automated decision-making transparency under the Privacy Act amendments.

What it is

The Privacy and Other Legislation Amendment Act 2024 inserted new APP 1.7–1.9 obligations. From 10 December 2026, APP entities must disclose in their privacy policy the kinds of personal information used in, and the types of decisions made by, automated decision-making systems that could reasonably be expected to significantly affect an individual’s rights or interests. Fydis captures the input features, model version, decision, and reasons for every covered decision, giving the underlying record the privacy-policy disclosure refers to, and routing contested decisions to a human review queue.

Who it affects

APP entities (most organisations with turnover above the $3M threshold, plus health service providers, credit reporting bodies, and others) using ADM in customer-facing decisions (lending, insurance underwriting, employment, housing).

Regulators ask for specifics: the cell, the row, the captured-at hash, the named approver, and the clause a figure answers. Fydis returns those for every figure under Privacy Act ADM.

Coverage by stage

Stage 01Retrieve● Full
Privacy Act APP 1.7, Privacy policy disclosure of the kinds of personal information used in, and types of decisions made by, ADM systems with significant effect on rights or interests.
Artefact produced

Privacy-policy disclosure section with the underlying ADM register that the disclosure summarises.

Fydis-ADM-005
Stage 02Verify◐ Partial
Privacy Act APP 1.8, The kinds of decisions made wholly or substantially by ADM, and the kinds of personal information used.
Artefact produced

Feature lineage drawer (per decision) feeding the APP 1.8 disclosure summary.

Fydis-ADM-012
Stage 03Evidence● Full
Privacy Act APP 1 (open and transparent management), Human-review pathway for contested decisions as an APP 1 governance control.
Artefact produced

Contested-decision queue with reviewer sign-off.

Fydis-ADM-019
Stage 04Evidence● Full
Privacy Act APP 1.9, Privacy policy made available free of charge, in an appropriate form, on request to the OAIC or any individual.
Artefact produced

OAIC report pack · PDF + JSON · drawn from the ADM register.

Fydis-ADM-027

Example artefact

What Fydis produces on a real analysis:

Why was application #58931 declined?
Declined
3 reasons · reviewablePrivacy Act APP 1.7

Frequently asked

Why partial on the Verify stage?

Derived features (model-internal embeddings, pipelines that combine source rows) are harder to trace than raw inputs. On roadmap.

Does APP 1.7 require a per-decision explanation to consumers?

No, not in the 10 December 2026 commencement. APP 1.7 is a privacy-policy disclosure obligation. Per-decision rights to explanation are part of Tranche 2 Privacy Act reforms, still under consultation. Fydis captures the per-decision record now so the Tranche 2 obligations are a configuration change, not a re-architecture.

Before the briefing

Score your current outputs against the 12-question audit-readiness checklist. Most teams find a few gaps the first time through. Bring them to the briefing and we will work the Privacy Act ADM clauses directly.

Open the audit-readiness checklist →

See Privacy Act ADM on a real analysis.

The live demo runs the pipeline on sandboxed data. No signup. The same chain runs on your data when you book a briefing.