Abstract:
Surfing the internet often results in the transfer of personal information between users of websites and the operators of those websites. This can be automatic such as the creation of logs regarding the user’s web browsing habits, or dependent on conscious acts of the user, such as posting personal photographs on an online social network. Frequently a website operator will promulgate a privacy policy regarding personal information divulged in the course of online transactions. This article will focus on one aspect of the enforceability of online privacy policies, namely the matter of consent. It will be demonstrated that contract principles are incapable of addressing this issue in this context with a sufficient degree of certainty. The concept of authorisation under data protection legislation such as the Privacy Act 1993 is a more appropriate mechanism for regulation of this issue.