top of page
Search

The new Children's Online Privacy Code

Updated: Jul 1

Australia is falling behind.


Think of a time before smartphones. Before social media. Back when the internet was used primarily for academic purposes, namely email and research. Perhaps 1988? Now the internet is used for a myriad of things, streaming, social media and gaming. Yet 1988 – that is when the Privacy Act was written.


Australia’s laws on digital infrastructure and the internet were written before the internet became what we know it as today. That negligence has finally caught up to us, and that is why Australia is falling behind.


You might imagine that an act for the internet, written before the creation of the internet, has gone through a multitude of amendments in order to keep up with the rapid changes to technology. Wrong.


In the 37 years that this act has been in effect, it has gone through only 10 changes. One key example of this is institutions only having to notify authorities of high-profile data breaches from 2018 onwards, despite universities such as UNSW and ANU having data breaches prior to that, leading to the breach of information of 200,000 records from ANU alone. Updates such as this are coming after events have already occurred, further emphasising the need for a new Privacy Code.


This is especially worrying for those of us under age 18. Those of us growing up in the digital age. Those of us going to school and using the internet for everything. Those of us who organise our lives and connect with our friends on the internet because that is all we have ever known. Those of us that don’t have the life experience to know any better.


No Special Protection for Under 18s


Unlike the European Union’s General Data Protection Regulation (GDPR)*, Australia does not have any data protections or regulations for those under 18 – there are no tailored rules or considerations for minors. Given the youth of today have grown up in the digital age, this may mean “students are not adequately supervised or monitored to ensure they are using technology correctly and appropriately”. The assumption being that because we grew up in the age of the internet, we know how to navigate the internet.


Even if we’ve grown up online, young people’s brains aren’t fully developed to manage digital risks – just like why we put children on their Ls rather than Ps straight away. Have you ever met a teenager who has or will read all the terms and conditions they are presented with when they download a new app or log onto a new website?

Just because Australia doesn’t have protections like that, doesn’t mean that no one does. The UK’s Age Appropriate Design Code prevents companies from forcing minors to agree to a decision when they may not be fully aware of what they are agreeing to, ensuring that companies collect no more data than what is required for the service to be provided and disallows targeted advertising towards minors.


The Conversation Started in 2020


2020 was the year that young people became more digitally active after being confined to our homes due to the COVID-19 lockdowns. As people began losing their daily face-to-face interaction, social media platforms such as Snapchat exploded, with the platform gaining 11 million daily active users in the first quarter of 2020 alone.

I remember 2020 as the year where one of the household laptops became mine to use for to class, and subsequently to play games and keep in contact with my friends. Do I know what I agreed to when I logged onto those websites to play games? No. And I still don’t.


Also in 2020, real policy conversations began as advocacy groups, parents, educators and young people began speaking up – the issue at hand being the fundamental right of privacy, a right that has seemed to become a luxury in the age of the internet.


As the conversation continued in Australia, the EUs GDPR and the UKs Age Appropriate Design Code became proof that it was in fact possible. As Akanksha Choubey, Data Protection Officer and Privacy Lead at Etihad Airways, explained, “GDPR was and is the most comprehensive legislation on personal data protection. It heralded an era where individual’s privacy came to the fore. Many data protection laws are based on GDPR. It also helped develop & debate on larger digital, data and AI related laws more recently.”


A New Code Could Change Everything


The Australian Privacy Commissioner, Carly Kind, has been tasked with writing the new Privacy Code, with the first draft expected either late 2025 or early 2026. To her credit, instead of following the usual consultation process, the Privacy Commissioner has decided to hear from young people first, followed by experts on young people’s rights, and only then from stakeholder industries.


The new Privacy Code aims to tackle several big questions that may have not been properly addressed in the Privacy Act, if addressed at all, with three of the main questions coming to be:

  • How do existing privacy laws apply to minors?

    • Most laws in effect today have been written with adult users at the forefront of the drafting and writing process

  • What does meaningful consent look like?

    • Yes, the user has clicked agree, but did they read and understand the 60-page terms of service agreement they just agreed to?

  • How do we balance parental control and children’s autonomy?

    • At what age can a child say no despite their parents saying yes? Is it subjective or is it a ‘one size fits all’ solution?

  • More questions can be found here.


When answering these questions, they can’t just be looked at as technicalities and legal issues. At their very core, these issues are a fundamental question of ethics and the beliefs of society, with the questions and by extension the answers touching on trust, safety and fairness.


According to a spokesperson from Reset Tech Australia, the consultations and workshops they have run with Australian youth have resulted in the holistic findings that young people want minimal data collected in the first place, and only necessary data collected. If consent is required, service providers should ensure that the terms and conditions are clear and understandable.


The overarching sentiment within the Reset Tech Australia workshops is that “prevention is better than cure.” In other words, instead of putting under 18s in a position where they have to fight for their digital privacy, remove the power of digital companies to put them in that position.


Technology Moves Fast – So Should Privacy


Although social media is the first thing that comes to mind when discussing young people’s digital privacy, the truth is that the youth of today use a myriad of other digital tools, including:

  • School software

    • Canvas and Compass track the performance of students, their logins, their activity and in some cases the location of their login

  • Geolocation apps

    • Think Life360. Yes, it’s a great tool to keep a track of where everyone is at all times but on the flip side, it’s tracking your location and sharing data in real time

  • Health tech and wearables

    • Apple Watches, Fitbits for kids and health apps all have access to sensitive physical and mental health data.


Tackling each of these issues raises their own risks, and questions:

  • Is the data stored securely?

  • Is the data being deleted?

  • Who has access to the data – children, teachers, parents, tech companies?

  • Do children have the opportunity to opt out or control how the data is used?


Prevention Is Better Than Cure


Advocates, and more specifically young people, have three clear and simple messages:

  • Collect less data

    • Only collect what is absolutely necessary for the service, nothing more

  • Be transparent

    • Explain what is collected and what it is used for in simple terms – allow for informed consent

  • Don’t require consent when it is not needed

    • Don’t make users consent to the sharing of data for a basic feature that said feature does not require the data for


My Final Opinion


I think the Privacy Code is a brilliant initiative and the sooner it is implemented the better. I believe that any new regulations implemented via the Privacy Code, if successful, can be implemented into the Privacy Act to positively impact all Australians rather than those under the age of 18.

I urge you to take steps to protect your privacy before this legislation comes into effect. Only agree to what you have to agree to, use trusted apps and websites and if applicable, make sure to clear your cookies often.

If you want, you can even have your voice heard. The OAIC is opening to public opinions from August onwards. Get involved, have your voice heard and improve the digital experience, not just for yourself but for every young person in Australia, be part of the reason Australia stops falling behind and instead be part of the reason everyone is safer in today’s digital landscape.

Comments

bottom of page