Children’s Privacy in Australia: A Very Quick Overview
Children’s privacy, in terms of the information that websites and apps collect about child users, is not specifically protected in Australia. The existing law (Privacy Act 1988) protects individuals regardless of their age – but does not offer special protection to children. This approach is out of line with international trends – and this may be about to change.
Current Regulation: Children’s Privacy in Australia
As outlined, the Privacy Act protects individuals regardless of their age. No special or additional protections are in place for children.
There are some sign-posts to children deserving special consideration, however what is required depends to some extent on capacity: is the individual of an age to understand a privacy notice or more particularly to provide valid consent?
The APP Guidelines suggest that consent will need to be determined on a case-by-case basis for individuals younger than 18.
However, there is a presumption that children above 15 have the capacity to consent, while children younger than 15 will be presumed not to have the capacity to consent. This is rebuttable though – so in Australia companies can (and do) collect personal information from children younger than 15. However, the best practice for companies is to seek consent from a child’s parent or guardian before collecting personal information from children.
This step is especially worthwhile when the information collected is sensitive and/or when a child younger than 15 is involved.
Changes Looming to Children’s Privacy in Australia
It is likely that stronger protections for children’s privacy will be introduced in Australia.
The Australian Government has agreed in principle to introduce a Children’s Online Privacy Code (using its existing powers to issue Codes). This law will apply to online services that are ‘likely to be accessed by children’.
It is expected that Australia’s Children’s Online Privacy Code will align with the UK Age-Appropriate Design Code, which has already been subject to wide consultation.
The UK Code applies to social media platforms, apps and games, websites, online marketplaces, news services, content streaming services, EdTech platforms, Internet of Things devices and toys (like smartwatches).
Preparing for The Changes to Children’s Privacy
Given the likely changes, we encourage Australian organisations that collect personal information relating to children to take these steps:
- Review your existing practices to ensure they comply with the current OAIC’s guidance and the APPs;
- Look into the standards in the UK Age-Appropriate Design Code and develop a roadmap for compliance. It may be prudent to start improving your privacy hygiene as it relates to the collection and use of children’s data now.
Some other useful resources:
OAIC – Children and young people
Using Children’s Information: A guide
Age-appropriate design: A guide for online services
How Privacy 108 Can Help
Our Privacy Management Program service will help you:
- Assess the maturity of your current program management program;
- Identify gaps between your current maturity and your target level of maturity;
- Design a strategic roadmap to create a privacy management program or improve the maturity of your existing program.
Learn more about our privacy management services, or reach out to discuss your needs: