Home / Glossary / Technology Law
Glossary

Technology Law glossary

Technology law in Australia spans IT contracts, privacy, cybersecurity, online safety, AI governance, and IP licensing. Key statutes include the Privacy Act 1988 (Cth), the Copyright Act 1968 (Cth), the SOCI Act 2018 (Cth), and the Online Safety Act 2021 (Cth). This glossary covers 40 of the most commonly used terms.

In short

This is a glossary of 40 key terms used in Australian technology law. Each term has a plain-English definition and, where applicable, a reference to the underlying statute or standard. Use it as a reference for IT transactions, privacy, cybersecurity, and AI advice.

Use these terms with Quillio — free trial
40 terms

Definitions

Acceptable use policy (AUP)

A policy setting out permitted and prohibited uses of a technology service — typically incorporated into SaaS terms.

AI impact assessment

A structured review of the risks of an AI system — data, bias, explainability, safety. Increasingly required by AU government procurement policies.

Algorithmic transparency

The practice of disclosing the logic, purpose, and impact of an automated decision-making system. A growing regulatory expectation.

API (application programming interface)

A defined interface for software-to-software communication. API terms govern rate limits, scope of use, and IP.

APP (Australian Privacy Principle)

One of the 13 principles in Schedule 1 of the Privacy Act governing the handling of personal information by APP entities.

Privacy Act 1988 (Cth) Sch 1

Assessment notification

A right of the OAIC to assess an entity's handling of personal information under the Privacy Act.

Privacy Act 1988 (Cth) s 33C

Bug bounty

A contractual or policy arrangement inviting security researchers to report vulnerabilities in exchange for a reward. Governed by a safe harbour policy.

CDR (Consumer Data Right)

The framework for consumer-directed data sharing, starting in banking (Open Banking) and expanding across sectors.

Competition and Consumer Act 2010 (Cth) Part IVD

Cloud services agreement

A contract for IaaS, PaaS, or SaaS cloud services. Key issues include data location, security, uptime, and exit assistance.

Cross-border disclosure

Disclosure of personal information to an overseas recipient. Subject to APP 8 accountability obligations.

Privacy Act 1988 (Cth) APP 8

Cyber incident

An event that compromises the confidentiality, integrity, or availability of information or systems. May trigger notification duties.

Data breach response plan

A documented plan for identifying, containing, assessing, and notifying eligible data breaches under the NDB scheme.

Privacy Act 1988 (Cth) Part IIIC

Data processor

An entity that processes personal information on behalf of a controller. Not expressly defined under the Privacy Act, but widely used from GDPR.

DPA (Data Processing Agreement)

A contract between controller and processor governing the processing of personal information. Required under GDPR; best practice under Australian law.

Eligible data breach

A data breach likely to result in serious harm, triggering notification under the NDB scheme.

Privacy Act 1988 (Cth) s 26WE

End user licence agreement (EULA)

A licence agreement between a software vendor and end user. Typically a click-wrap or browse-wrap contract.

Escrow

An arrangement whereby source code is deposited with a trusted third party, released to the customer on defined triggers (for example, vendor insolvency).

Exit assistance

Services a supplier is contractually required to provide to enable migration to a replacement supplier at termination. Standard in outsourcing and SaaS.

GDPR

The EU General Data Protection Regulation. Has extraterritorial effect — Australian entities offering goods or services to EU residents may be subject.

IP indemnity

An indemnity against third-party claims that use of a technology infringes IP. A standard protection in technology contracts.

Licence

Permission to use IP (typically software or data) on specified terms. May be exclusive, non-exclusive, perpetual, or limited.

Copyright Act 1968 (Cth)

NDB scheme

The Notifiable Data Breaches scheme requiring APP entities to notify the OAIC and affected individuals of eligible data breaches.

Privacy Act 1988 (Cth) Part IIIC

OAIC

The Office of the Australian Information Commissioner — the regulator for privacy and freedom of information.

Australian Information Commissioner Act 2010 (Cth)

Online Safety Act

The Commonwealth Act administered by the eSafety Commissioner, creating take-down schemes for cyberbullying, image-based abuse, and illegal content.

Online Safety Act 2021 (Cth)

Open source licence

A licence granting rights to use, modify, and distribute software (for example, MIT, Apache 2.0, GPL). Different licences carry different obligations.

Penetration test

An authorised simulated cyber attack designed to identify vulnerabilities. Governed by a rules of engagement document and safe harbour.

Personal information

Information about an identified or reasonably identifiable individual. Defined in the Privacy Act and the trigger for APP obligations.

Privacy Act 1988 (Cth) s 6

Privacy Act

The Privacy Act 1988 (Cth) — the principal Australian statute regulating the handling of personal information by government and APP entities.

Privacy Act 1988 (Cth)

Privacy impact assessment (PIA)

A structured assessment of the privacy impact of a new project. Required for certain Commonwealth projects; best practice generally.

SaaS agreement

A software-as-a-service contract. Key issues include data ownership, uptime, security, termination rights, and data portability.

Sensitive information

A subcategory of personal information (health, race, sexual orientation, criminal record) subject to heightened APP protection.

Privacy Act 1988 (Cth) s 6

Service level agreement (SLA)

A contractual specification of service levels (for example, uptime, response times) and remedies (service credits) for failure.

SOCI Act

The Security of Critical Infrastructure Act 2018 (Cth) imposing obligations on owners and operators of critical infrastructure assets.

Security of Critical Infrastructure Act 2018 (Cth)

Source code

The human-readable form of software. Access is typically restricted; escrow is a common protection for licensees.

Step-in rights

A right for a customer to take over or require continuation of services on a supplier's default or insolvency. Common in outsourcing and critical infrastructure contracts.

Takedown notice

A notice issued by the eSafety Commissioner (or under the Copyright Act scheme) requiring removal of specified online material.

Online Safety Act 2021 (Cth)

Telecommunications interception

The interception of a communication passing over a telecommunications system. Regulated under the TIA Act.

Telecommunications (Interception and Access) Act 1979 (Cth)

Usage data

Data about how a product is used. Often licensed by vendors for analytics and improvement — privacy and contractual issues must be considered.

Vulnerability disclosure policy (VDP)

A public policy inviting security researchers to report vulnerabilities and providing a safe harbour for good-faith research.

Warranty

A contractual promise about the quality, performance, or compliance of a product or service. Remedies for breach are typically repair, replacement, or damages.

Use with Quillio

Research these terms in context

Quillio is purpose-built for Australian technology practitioners. Use it to research these terms against current Privacy Act, SOCI, and IP authority. See /practice-areas/commercial-lawyers or start a free trial.

These definitions are general explanations for educational purposes — not legal advice. Always verify against current legislation and case law before relying on them in a client matter.

Research these terms with citations.

Quillio gives you the term, the current authority, and a clickable citation — all in one place. The free trial requires no credit card and no sales call.

Start your free trial