You’ve asked your marketing agency to build you a new website. And you know you need legal policies – something about privacy, maybe, like your competitors. But what pages, specifically, should you have? And what information should they include?
This article explains the 3 legal pages (terms of use, terms and conditions, and privacy) required for most Australian websites. We also cover additional obligations (age verification and cookie consent) that apply to certain industries.
Please note: this page is general information only. We strongly advise that you get legal advice from a commercial solicitor before making any decisions.
Website Terms of Use
All business websites should have terms of use (also known as ‘website terms and conditions’). Terms of use cover how people can interact with your site. Your terms of use should include:
- user obligations (like prohibiting people from uploading spam or vulgar material)
- intellectual property protection (like prohibiting people from copying, reproducing, or otherwise distributing your content without consent)
- a disclaimer against any warranties (voluntary promises) your website might imply
- a limitation of liability statement, which helps protect you from being sued if someone suffers damage from using your site.
Keep in mind that all terms of use must comply with existing laws, like those around advertising and unfair contracts. You couldn’t, for example, make false claims about your products by including a disclaimer – you would still be in breach of consumer law.
Business Terms and Conditions
In addition to your website terms of use, you might also need business terms and conditions (also known as ‘terms of service’). They specify your and your customers’ rights and responsibilities in relation to your products/services.
Business terms and conditions often cover:
- the accuracy of product/service-related information on the website, including pricing and availability
- ordering and booking
- shipping and delivery
- payments, fees and charges
- refunds, repairs and replacements
- refusal of service/orders
- warranties and liabilities
- promotions, gift cards, discounts, and competitions.
Many businesses – especially e-commerce sites – must have terms and conditions available online in order to meet their Australian Consumer Law (ACL) obligations.
Website Privacy Policy
Under the Privacy Act 1988 (Cth), certain organisations must have privacy policies on their websites. These organisations are known as ‘APP entities’ and include:
- any government agency
- any organisation or individual (other than registered political parties) that:
- turned over more than $3 million in the previous financial year
- provides a health service or holds health information outside of employee records
- shares personal information about someone else for a benefit, service or advantage
- provides a benefit, service or advantage to collect personal information about another individual from anyone else
- is a contracted service provider for a Commonwealth contract or
- is a credit reporting body.
All APP entities must have clear, up-to-date privacy policies available free of charge in an accessible format. A privacy policy must include:
- the kinds of personal information that you collect and hold
- how you collect and hold personal information
- the purposes for which you collect, hold, use and share personal information
- how someone can access and correct their personal information
- how someone can complain about a breach of the Privacy Act (and how you’ll deal with complaints)
- whether you’re likely to share personal information with overseas recipients (and where those recipients will likely be located).
Even if you aren’t an APP entity, having a privacy policy is a good idea. Being transparent about how you handle and store data helps build trust in your brand – which is especially important if you collect personal or payment-related information.
Other Legal Requirements for Australian Websites
Some business websites have additional obligations, such as checking users’ age and asking for cookie consent.
Age Verification
Some sites provide content, products or services that are only legal for people over a certain age.
Under the Liquor Act 1992 (Qld), for example, businesses can’t supply alcohol to people under 18. Consequently, many liquor retailers require that site visitors verify their age upon website entry (and ask for ID if those visitors want to buy alcohol online).
As of 10 December 2025, social media websites fall into the same category. New federal laws mandate that social media platforms take ‘reasonable steps’ to check their users are over 16. High-risk sites – such as those that show pornography, self-harm, or high-impact violence – will also need to verify users’ age when new legal codes take effect on 9 March 2026.
If you think your website could need to verify age, it’s a good idea to get legal advice. A commercial solicitor can help you understand your obligations and review any proposed checks.
Cookie Notice
If your website targets users in the European Union (EU), you’ll need to comply with the General Data Privacy Regulation (GDPR) and the ePrivacy Directive (EPD).
The GDPR is an EU law that governs data privacy. It specifies things like how personal data can be collected, the rights of people whose data is being collected, and how that data must be handled.
Directive 2009/136/EC of 25 November 2009 [2009] OJ L 337/11 – known as the ePrivacy Directive – is an EU directive, not a law. (But EU member countries must pass national laws that comply with the directive.) It specifies how various digital privacy-related matters, including cookies, must be approached.
To comply with both the GDPR and EPD, you must get consent from users before you use any cookies.
A cookie is a small piece of data that can be used to identify you. When you visit a website with cookies enabled, that website’s server sends a cookie to your internet browser (for example, Microsoft Edge). Your browser then stores that cookie.
When you leave the website, your browser sends the cookie back to the server. That information can then be used to do certain things, such as:
- allow you to click the ‘Back’ button and return to the page you were just on
- tell tracking software how long you spent on the website and where you went
- remember items in your cart on e-commerce sites
- keep you logged in between sessions.
Some cookies (‘session cookies’) are deleted once you leave a site. Others (‘persistent cookies’) remain on your browser for a set amount of time, which allows the website to track your behaviour across different visits.
Most websites get consent with a pop-up that lets users choose to allow or disallow different types of cookies.
If you currently track user behaviour in some way on your website, you probably use cookies to do it. Google Analytics, Meta Ads, and Microsoft Clarity, for example, all rely on cookies to function.
You don’t need to get consent for strictly necessary cookies. A cookie only counts as strictly necessary, though, when it ‘[enables] the use of a specific service explicitly requested by the subscriber or user’.
How to Create Legal Pages for Your Website
Having the right pages on your website isn’t enough – they also need to be legally binding. The best way to stay compliant: have all legal policies drafted by a commercial solicitor. They can tailor the clauses to your industry and check whether you have other requirements (like age verification) you need to meet.
Many businesses also use free boilerplate policies from online providers. Keep in mind that boilerplates aren’t designed for your business and may not protect you from liability. (All Australian solicitors, by contrast, have professional indemnity insurance. If your solicitor drafts a faulty policy that leads to loss, you can sue them.)
Never use policies generated by LLMs (which can contain dangerous loopholes) or stolen from other businesses’ websites.
Once you’ve obtained legal policies for your site, your marketing agency or web developer can upload them to your site footer. Doing so meets user expectations, helping you fulfil legal requirements around making the policies easy to find.
The information on this page is not legal advice and should not be used or construed as such. For legal advice specific to your circumstances, talk to a commercial solicitor.
