Child walking away from the camera holding hands with an adult. They're walking on a footpath with pink grass around it. The pink grass is due to a filter showing the Privacy 108 brand colours.

Children’s Privacy in Australia: A Very Quick Overview

Children’s privacy, in terms of the information that websites and apps collect about child users, is not specifically protected in Australia. The existing law (Privacy Act 1988) protects individuals regardless of their age – but does not offer special protection to children. This approach is out of line with international trends – and this may be about to change.  

Current Regulation: Children’s Privacy in Australia 

As outlined, the Privacy Act protects individuals regardless of their age. No special or additional protections are in place for children.  

There are some sign-posts to children deserving special consideration, however what is required depends to some extent on capacity: is the individual of an age to understand a privacy notice or more particularly to provide valid consent?   

The APP Guidelines suggest that consent will need to be determined on a case-by-case basis for individuals younger than 18.  

However, there is a presumption that children above 15 have the capacity to consent, while children younger than 15 will be presumed not to have the capacity to consent. This is rebuttable though – so in Australia companies can (and do) collect personal information from children younger than 15. However, the best practice for companies is to seek consent from a child’s parent or guardian before collecting personal information from children.  

This step is especially worthwhile when the information collected is sensitive and/or when a child younger than 15 is involved.  

Changes Looming to Children’s Privacy in Australia 

It is likely that stronger protections for children’s privacy will be introduced in Australia. 

The Australian Government has agreed in principle to introduce a Children’s Online Privacy Code (using its existing powers to issue Codes). This law will apply to online services that are ‘likely to be accessed by children’.  

It is expected that Australia’s Children’s Online Privacy Code will align with the UK Age-Appropriate Design Code, which has already been subject to wide consultation. 

The UK Code applies to social media platforms, apps and games, websites, online marketplaces, news services, content streaming services, EdTech platforms, Internet of Things devices and toys (like smartwatches). 

Preparing for The Changes to Children’s Privacy 

Given the likely changes, we encourage Australian organisations that collect personal information relating to children to take these steps: 

  • Review your existing practices to ensure they comply with the current OAIC’s guidance and the APPs; 
  • Look into the standards in the UK Age-Appropriate Design Code and develop a roadmap for compliance. It may be prudent to start improving your privacy hygiene as it relates to the collection and use of children’s data now.  

Some other useful resources: 

OAIC – Children and young people 

Using Children’s Information: A guide 

Age-appropriate design: A guide for online services 

The UK Children’s Code 


How Privacy 108 Can Help  

Our Privacy Management Program service will help you: 

  • Assess the maturity of your current program management program; 
  • Identify gaps between your current maturity and your target level of maturity; 
  • Design a strategic roadmap to create a privacy management program or improve the maturity of your existing program. 

Learn more about our privacy management services, or reach out to discuss your needs: 

  • We collect and handle all personal information in accordance with our Privacy Policy.

  • This field is for validation purposes and should be left unchanged.



Privacy, security and training. Jodie is one of Australia’s leading privacy and security experts and the Founder of Privacy 108 Consulting.