OAIC Concludes fastproperty.ai Investigation: No Privacy Act Breach Found, But Consumer Protection Concerns Persist

In a significant development for privacy law practitioners and data-driven businesses, the OAIC’s report explicitly states that fastproperty.ai’s products and services “did not contain personal information” in relation to the collection, use, or disclosure activities under review.

Background: Previous Determinations and Data Scraping Concerns

The latest investigation stemmed from OAIC determinations issued in November 2024 against Property Lovers and its related entities, including Master Wealth Control Pty Ltd trading as DG Institute. Those earlier findings found that the Grubisa-linked companies had engaged in large-scale scraping of Australians’ personal information to target potentially vulnerable consumers in the property investment space — a clear contravention of the Privacy Act.

Today’s report focuses on ongoing compliance monitoring following those determinations. Privacy Commissioner Carly Kind emphasised the regulatory importance of such follow-up actions.

“Ensuring and enforcing compliance with our determinations is an essential regulatory function of the OAIC, and an important mechanism for ensuring the privacy of the Australian community is protected. This comprehensive investigation has led me to conclude that Property Lovers were not in contravention of the Privacy Act during the relevant period.”

— Privacy Commissioner Carly Kind

Key Findings and Lingering Concerns

While the OAIC cleared fastproperty.ai on the specific issue of handling personal information, the investigation uncovered additional reports about the company’s practices. Commissioner Kind noted that some of these matters fell outside the OAIC’s jurisdiction and have been referred to other appropriate regulators.

“I continue to have concerns about the potential for ongoing harm to Australian consumers arising out of the claims that gave rise to this investigation,” Kind stated.

This outcome highlights a critical distinction in Australian privacy law: the separation between personal information (as defined under the Privacy Act) and broader consumer protection or misleading conduct issues that may still warrant regulatory attention.

Implications for Privacy Law and AI-Driven Platforms

The case underscores several emerging challenges at the intersection of privacy law, artificial intelligence, and the property technology (PropTech) sector:

• Data Scraping and Consent: Even when personal information is not ultimately used or disclosed, the initial collection methods remain under scrutiny. Businesses must ensure robust lawful basis for any data acquisition.
• Compliance Monitoring: OAIC’s willingness to conduct follow-up investigations signals a proactive enforcement stance post-breach.
• Platform Accountability: AI-powered tools like fastproperty.ai that analyse property markets must implement strong privacy-by-design principles to avoid future regulatory action.
• Cross-Regulatory Coordination: The referral of non-privacy matters to other regulators illustrates the growing need for integrated oversight between privacy, consumer, and financial regulators.

For privacy officers and legal counsel in the real estate and fintech sectors, this decision serves as a reminder that technical compliance with the Privacy Act may not shield organisations from reputational damage or parallel investigations under the Australian Consumer Law or other frameworks.

Read the Full Report

Report of Commissioner Initiated Investigation into Property Lovers and fastproperty.ai (OAIC)

Related Reading:

• Grubisa companies interfered with Australians’ privacy by scraping data | OAIC (26 November 2024)
• Commissioner Initiated Investigation into Master Wealth Control Pty Ltd t/a DG Institute [2024] AICmr 243
• Commissioner Initiated Investigation into Property Lovers Pty Ltd [2024] AICmr 249