According to the Telecommunications (Service Provider — Identity Checks for Prepaid Mobile Carriage Services) Determination 2017, telecommunication companies must identify their customer when that customer wants to activate a prepaid mobile service. According to Part 4 of the law, to activate a new prepaid mobile service, customers need to give their telecommunication company their name, date of birth, and home address (or business name and address if acting on behalf of a business). Proof of ID is also necessary.

The Criminal Code Amendment (Sharing of Abhorrent Violent Material) Act 2019, subjects Internet service providers and content providers to criminal penalties for the failure to report or remove "abhorrent violent material" that the providers have reasonable grounds to believe records or streams abhorrent violent conduct in Australia (Section 434.33-34). The Act has been criticized largely for its ambiguous terms such as "terrorist act," "expeditiously," and who will be prosecuted, if found to be in violation of the Act, within the business organization. It was reported that the Act, because of its vague standards and high penalties, would incentivize rational service providers to err on the side of taking down more material than necessary. Although the Act does not establish a blanket content monitoring obligation, it does stipulate that in cases involving "abhorrent violent conduct," Internet hosts are expected to exert reasonable efforts to monitor and promptly deactivate such materials.

The Telecommunications (Interception and Access) Act 1979 authorizes criminal law-enforcement agencies to intercept real-time communications of users also without a warrant. The Act deals with an interception warrant (Section 10), telecommunications service warrant (Section 11A), foreign communications warrant (11C), and stored communications warrant (Section 110). However, in cases of emergencies (Section 30) or for developing and testing interception capabilities (Section 31A), police officers or the agencies may intercept live communications without a warrant.
The Australian Security Intelligence Act 1979 creates a computer access warrant (Section 25A). This warrant may be issued to allow the use of a telecommunications facility operated by a carrier for the purpose of obtaining access to data that is relevant to a security matter and is held in the target computer at any time while the warrant is in force.
The Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 grants industry assistance powers. These powers ensure that industry can assist with the facilitation and execution of these warrants and support the discharge of lawful and appropriately approved powers. Section 317ZH provides that these requests and notices have no effect to the extent that the requested or noticed act would require a warrant under different statutes, including the Telecommunications (Interception and Access) Act 1979 and the Australian Security Intelligence Act 1979.
Under this regime, certain security and law enforcement agencies may issue to communications providers three types of requests or notices. Among them, the Freedom House reported in 2019 that technical assistance requests under this law were issued on seven occasions between July 2018 and July 2019. While these requests are voluntary requests to assist the requesting agencies to access user information, technical assistance notices and technical capability notices allow the agencies to compel tech companies to assist or comply with requests to build capabilities into products to facilitate access.
For example, if information obtained under a warrant was encrypted, under the new framework an agency could ask that a provider who currently encrypts and decrypts information according to business needs to decrypt the lawfully accessed information for public safety purposes. While the law prohibits assistance that would undermine encryption or security for users at large, according to the Freedom House, "critics have noted that, in practice, it is difficult (and in some cases impossible) to enable authorities’ access to one user’s data without creating exploitable vulnerabilities that could affect others." Equally, an agency could request that a provider restore a password that was temporarily changed to enable a judicially approved computer access warrant to be executed. Despite the requirement of warrants, it has been reported that companies remained reluctant to allow government interference.

Sections 317L-317RA of the Telecommunications Act 1997 (as amended by the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018) provide for a type of notice, called a technical assistance notice, that a security or law enforcement agency can issue to communications providers that require them to take specified steps which would help the agency in relation to its functions relating to national security or enforcing the criminal law. All designated communications providers, broadly defined so as to include not only telecommunications carriers and service providers but any entity that supplies an electronic service (including websites and secure messaging apps), are required on receiving a technical assistance notice to provide technical assistance to law enforcement. In other words, certain Australian law enforcement agencies can require a cloud service provider, for example, to decrypt encrypted communications for the purposes of law enforcement. The Telecommunications Act enables the law enforcement agencies to require this assistance without a warrant.

Section 36 and 101 of the Copyright Act contain safe harbour protections for carriage service providers such as Internet infrastructure providers and Internet Service Providers (ISPs). To qualify, these organizations must implement mechanisms to enable copyright owners to report infringing content on their platforms and request that action is taken to prevent the infringement (for example disabling access to the content or terminating the accounts of infringing users).

The Privacy Act 1988 is the primary federal legislation that governs protection of personal information and applies horizontally. The Act includes thirteen Privacy Principles, which set out standards, rights and obligations for the handling, holding, use, accessing and correction of personal information (including sensitive information.
Amendments to the Privacy Act 1988 took effect in February 2018 to introduce a mandatory notification scheme for entities in responding to data breaches. The notifiable data breaches (NDB) scheme introduced an obligation to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. The NDB scheme applies to all agencies and organisations with existing personal information security obligations under the Australian Privacy Act.

The Telecommunications (Interception and Access) Act 1979 requires a telecommunication service provider to keep specific telecommunications data relating to the services it offers for two years (187C). The dataset to be kept includes: the subscriber and the accounts of telecommunications devices, the source of a communication, the destination of a communication, the date, time and duration of a communication, the type of a communication, and the location of equipment or a line used (187AA). This retention scheme was inserted into the Act by the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015.

In the Privacy Act 1988, the Australian Privacy Principle 8 creates a regime that allows cross-border disclosure of personal information in six different scenarios (Schedule 1). These conditions include but are not limited to situations where there are data protection frameworks that are similar or equivalent to those in Australia, there is consent to the disclosure, or the disclosure is required by laws. The Australian Privacy Principles were inserted into the Privacy Act by the Privacy Amendment (Enhancing Privacy Protection) Act 2012, which came into force on 12 March 2014.

Australia has joined agreements with binding commitments to open transfers of data across borders: the Singapore-Australia Free Trade Agreement (SAFTA, Chapter 14, Art. 13), the Australia-Peru Free Trade Agreement (Art. 13.11), the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP, Art. 14.11), the Indonesia - Australia Comprehensive Economic Partnership Agreement (Art. 13.11), the Australia-Hong Kong Free Trade Agreement and associated Investment Agreement [Article 11.7(2) and 11.15(1)], and the Australia-United Kingdom Free Trade Agreement [14.10(2)].

My Health Records Act 2012 requires information relating to health records to be stored and processed within Australia unless the records do not include "personal information in relation to a healthcare recipient or a participant in the My Health Record System" or "identifying information of an individual or entity" (Section 77).

The Australian Communications and Media Authority Act 2005 No. 44 establishes that Australia has an independent telecommunications authority, the Australian Communications and Media Authority (ACMA). Yet, Division 4 of the Act establishes that the Minister may give written directions to the ACMA in relation to the performance of its functions and the exercise of its powers. However, such a direction can only be of a general nature if it relates to the ACMA’s broadcasting, content and datacasting functions; or the ACMA’s powers relating to those functions. It is reported that the ACMA is independent from the government in the decision-making process.

Australia has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

According to the National Broadband Network Companies Act 2011 (Subdivision A, Division 2, Part 3), the Commonwealth must retain full ownership of National Broadband Network Co (NBN Co). In addition, this ownership structure could be terminated only in limited circumstances (Subdivision B).

National Broadband Network Co (NBN Co) is a wholly government-owned enterprise tasked with designing, building, deploying, and operating a high-speed (internet) access network across Australia.

Australia mandates functional and accounting separation for operators with significant market power (SMP) in the telecom market. Regarding functional separation, it is mandated for operators with significant market power, according to Act No. 47 and the Carrier Licence Conditions Declaration. On the other hand, accounting separation is mandated only in some cases: National Broadband Network Co (NBN Co) is required to maintain separate accounts for its different technology units.