CyberCX launches new Cyber Strategic Communications capability  

Privacy by Design Awards 2024

Privacy by Design Awards 2024


The Australian Privacy by Design Awards are back for a third year running with an exciting new format opening the awards to all organisations and government entities operating in the Australian market.

Nominate now


CyberCX and the Tech Council of Australia are proud to join forces to deliver an annual Insights Report and Awards Event recognising excellence in Privacy by Design.

Many organisations view privacy through the prism of risk management or regulatory compliance, but increasingly organisations are learning that privacy, done well, is a means of building trust with staff, customers, users and the public.

Privacy by Design aims to promote the virtuous cycle of data and user experience benefits for organisations, individuals and the community as a whole.

In 2024, the Awards will move to being nominations-based. CyberCX and the Tech Council of Australia are calling on all organisations, large and small, corporate and government, to showcase how they demonstrate one or more of the seven Privacy by Design Principles in managing personal information in their organisation.


Nominate now


Who can nominate

  • Any organisation, being a small business, corporation or government that operates in the Australian market and manages personal information of Australians.
  • You do not have to be an employee of an organisation to nominate it for excellence in privacy by design, so long as you can demonstrate knowledge or provide evidence that an organisation is doing something to embody the Privacy by Design Principles in its function.


The event

An awards event will be held in Sydney on Thursday, 2 May 2024 as a lead in to Privacy Awareness Week. More details about the event and how to purchase tickets to follow.



Meet the Privacy by Design Awards Judges


Anna Jaffe – Director of Regulatory Affairs and Ethics, Atlassian

Ryan Black – Acting CEO, Tech Council of Australia

Adam Ford – Managing Director ANZ, International Association of Privacy Professionals

Min Livanidis – Head of Digital Trust, Cyber and Data Policy, Amazon Web Services

David Batch – Executive Director, Privacy Advisory, CyberCX

John Pane – Chair, Electronic Frontiers Australia

Johanna Weaver, Director – Tech Policy Design Centre, Australian National University

Winners of the 2023 Privacy by Design Awards


Examples of previous winners of Privacy by Design Awards include:


The Australian Broadcasting Corporation (ABC)

The ABC was awarded for a leading demonstration of Privacy by Design Principle 7: Respect for user privacy – keep it user centric.

We all love to hate cookie banners. With the introduction of the cookie law in Europe in the 2000s we saw an explosion of cookie banners on websites that were either European based or which operated in those jurisdictions. It’s probably fair to say this law was passed with little real direction on what good would look like, and in the main, businesses reluctantly introduced this measure to meet the new regulatory requirements, but designed them in a way which would encourage a user to either accept no privacy as a default, or make choosing privacy so difficult that people would choose no privacy out of frustration. Dark patterns ensued which had the practical effect of making the whole existence of a privacy banner pointless.

Privacy practice has since progressed, and brands are now discovering how to make the process meaningful and frictionless.

Of course, in Australia we don’t have a similar direct regulatory requirement for such a measure, but it can be quite reasonably argued that poorly designed cookie banners, particularly those that encourage or mislead people into making bad choices, do not meet our consent requirements. Despite this, there aren’t many good examples of one-click, dark-pattern-less cookies banners in the Australian market that give visitors to websites an informed and easy choice not to be tracked for marketing and analytics purposes.

The ABC, however, demonstrated as close to good practice in this field. As at May 2023, its cookie banner:

  • Gives the user a one-click choice for ‘Accept all cookies’ or ‘Necessary only’ – no need to move to a secondary page to opt-out.
  • Doesn’t highlight the ‘Accept all’ in any way to encourage people to choose less privacy, otherwise a common ‘dark pattern’ in cookie banners.
  • Doesn’t stop you from navigating the webpage.
  • Links through to further information on the cookies used on the site for anyone seeking it.


Google was awarded for its comprehensive user privacy dashboard, which are great demonstrations of both:

– Principle 3: Privacy embedded into the design, and
– Principle 7: Respect for user privacy – keeping it user centric.

Having solid data architecture, data management and data governance capabilities provides organisations with a real-time view of what data they hold, where it came from, why they have it and who it relates to. Most organisations, if they were to be honest, couldn’t answer these questions.

comprehensively across their data holdings. This is where digitally native businesses do have an advantage – they are relatively young and data has been at the core of their business model. Not all businesses in this category have taken advantage of these capabilities to offer self-service privacy management to customers and users. Google has, by building one of the most comprehensive privacy dashboards – a place where:

  • Individuals can go to manage data erasure, access to their data, correction of their data.
  • Can set permissions about what will be collected, and when.
  • Learn all about this brand’s privacy practices.

Commonwealth Bank of Australia (CBA)

The CBA was awarded for its Commbank iQ product implementation which demonstrated that privacy and data utility don’t need to be a trade-off, but can co-exist. This was a great example of Privacy by Design Principle 4: Full functionality: positive-sum, not zero-sum.

Personal information sharing between organisations has many legitimate benefits, but is not always done in a way that preserves privacy. The CBA demonstrated that the great lengths it went to not only ensure that the customer data they are sharing with a third-party was thoroughly de-identified, they were also being very transparent about what they have done, why they are doing it and how they have prioritised privacy as part of the data sharing arrangement. To do this, they created a dedicated webpage to explain the measures they had in place to preserve privacy, while extracting insights from personal information that enable organisations and policy makers to make informed economic and business decisions.


How to nominate

Nominations are open from 5 February 2024 to 8 March 2024

Ensure that no confidential information, i.e. information that is not publicly available, is provided without the permission of the company involved.

Complete all mandatory fields in the nomination form below.

Nomination form


If you have any questions about the awards or the nomination process, contact [email protected]