The Australian Government’s response (Response) to the Privacy Act Review Report (Report), released on 28 September 2023, affirmed its commitment to uplifting Australia’s privacy standards to align with global standards more closely.
This included agreeing, or agreeing in-principle, to a range of proposals aimed at introducing additional privacy protections for children and it is those proposals which will be the focus of this article. We expect to see at least some reforms progressed during the current term of parliament, with the Government recently reiterating an earlier commitment to this effect in a Senate Estimates hearing.
If you would like a more comprehensive overview of the key outcomes of the Response, please refer to our previous article published here.
The Privacy Act 1988 (Cth) (Privacy Act) protects individual privacy regardless of age and does not specify an age after which an individual can make their own privacy decisions.
Guidance from the Office of the Australian Information Commissioner (OAIC), in relation to the issue of children’s privacy, is limited to the following:
As a result, in our experience, children’s privacy is a sleeper issue for many organisations and agencies in Australia.
Recognising that children are particularly vulnerable to online harms, and responding to community concerns in relation to children’s privacy, the Australian Government has agreed that:
In terms of sequencing, the Australian Government has indicated that it will first focus on enacting new legislative protections for children and will then develop the Australian Code.
Proposal 16.5, as agreed by the Australian Government, indicates that:
The UK Age Appropriate Design Code (UK Code) referred to similarly applies to “information society services likely to be accessed by children” and contains 15 standards that online services need to follow to ensure that they are complying with their obligations under UK data protection law with respect to children’s personal data.
The UK Code applies to a range of online services including apps, programs, search engines, social media platforms, online messaging or internet voice telephony services, online marketplaces, content streaming services, online games, news or educational websites, connected toys and devices and any websites offering goods or services to users over the internet.
If you would like more information about the UK Code, please refer to our previous articles published here and here.
Proposal 16.3, which is agreed in-principle by the Australian Government, also indicates that the Australian Code will provide guidance on the format, timing and readability of collection notices and privacy policies addressed specifically to children.
The Australian Government has also agreed in-principle to a suite of other proposed additional privacy protections for children, including proposals to:
In light of the above, organisations and agencies in Australia, and overseas entities carrying on business in Australia, are encouraged to:
Having regard to consumer sentiment, in addition to meeting the higher regulatory standards which have been foreshadowed, taking steps now to provide additional privacy protections for children may also provide some entities with a competitive advantage.