Reform Australia’s privacy laws to protect children online

The Issue

Australian law does not protect children's privacy when they are online.

  • Children's right to the protection of their privacy (Art 16 of the Convention on the Rights of the Child) is not directly addressed in Australian law.
  • Consent to provide personal data can be sought from children who are too young to understand the implications of doing that.
  • Children's likes and dislikes can be gathered by apps that track overtly, and sometimes covertly, so as to keep them attached and sell them things
  • The profile created from children's data can be used for direct marketing in the short term, and can linger for a long time, forming a digital footprint that may hinder life or work prospects.

What's happened recently

The Australian community generally and some sectors of government are increasingly concerned about the lack of any provisions in Australian law, specifically aimed at protecting children's privacy online.

The Australian Government commenced a review of the Privacy Act (1988) in November 2020.

  • ACCM's submission to the initial stage of the review can be found here
  • and the full list of submissions here
  • A Discussion paper is expected to be released for further comment in May 2021.

What needs to happen

  • Australian law should acknowledge children as a specific and vulnerable group of persons in relation to privacy law. The UN Convention on the Rights of the Child, Article 16 provides for a specific right to privacy for children.
  • children's privacy differs both in scope and application from adults' privacy and as a result, children under 15 should be offered even more robust protection by Australian privacy law, eg not asked to consent to the provision of personal information.
  • privacy law must regulate what data may be collected, used and disseminated by entities that engage directly with children
  • privacy law must provide for a pro-consumer right to erase accumulated data at any time.
  • privacy law should prevent breaches of privacy, not just react to complaints

What you can do