Australia approves privacy legislation banning minors from social media

Recently, the Parliament of Australia finalized a wave of reforms to their standing comprehensive privacy law, the Privacy Act 1988 (Privacy Act), and simultaneously adopted legislation that will require age verification on social media websites targeting the Australian public while banning the use of social media by all minors under the age of 16.

The reforms to the Privacy Act, titled the Privacy and Other Legislation Amendment Bill, will grant new enforcement powers to the Office of the Australian Information Commissioner’s (OAIC) privacy department, approve the formation of a Children’s Online Privacy Code by OAIC, introduce new transparency obligations to automated decision making processes, and provide for a new statutory tort for serious invasions of privacy.

Though the reforms to the Privacy Act are noteworthy, all eyes seem to fixed on the new legislation that will require age verification of users of social media in Australia as well as ban the use of social media by minors, titled the Online Safety Amendment. Considered to be the strictest privacy law to date, the Online Safety Amendment won’t become effective for at least another 12 months, and though the means of enforcement of this law are still uncertain, the new regulation presents steep penalties for failure to comply. Specifically, companies who are found to be in violation of the Online Safety Amendment when it comes into effect could face fines up to 49.5 million AUD.

This law reflects the growing focus of legislators around the globe on children’s online privacy and the detrimental effect social media plays on the wellbeing of both children and teens. For example, the United States Senate has worked to pass both the Children and Teens’ Online Privacy Protection Act and the Kids Online Safety Act in recent years, both of which would either amend or supplement the existing Children’s Online Privacy Protection Act of 1998 and place a particular emphasis on social media use. Additionally, the European Union’s gold-standard of privacy legislation, the General Data Protection Regulation (GDPR), obligates that parental consent be obtained prior to processing the personal data of children under the age of 16. In Germany, minors between the ages of 13 and 16 must have parental consent in order to create social media accounts. And similarly in Italy, children that are under the age of 15 must obtain parental consent prior to establishing a social media account.  To read more on international privacy policies, click here. 

Though the Online Safety Amendment is clearly not the first attempt by a nation to combat and restrict the use of social media by minors, this law stands apart from previous attempts by setting the minimum age of social media use to 16, the highest minimum age set by any country to date, and by omitting any exemptions for ‘grandfathered-in’ existing minor social media users or for obtainment of parental consent.  And this latest legislation also reflects the emerging trend of shifting the onus to protect minors to large tech companies, placing additional obligations on social media giants with a high price for compliance missteps. Prime Minister Anthony Albanese offered, “We want Australian children to have a childhood, and we want parents to know the Government is in their corner. This is a landmark reform. We know some kids will find workarounds, but we’re sending a message to social media companies to clean up their act.”

The Online Safety Amendment does not specify which platforms minors under the age of 16 will be prohibited from using, leaving the decisions regarding the targeted social media sites to the Australian Communications Minister in consultation with the eSafety Commissioner, who will be responsible for enforcing the new regulation once it takes effect. What is known, however, is that the ban will include major social media platforms such as Snapchat, TikTok, Facebook, Instagram and X (formerly Twitter), while gaming and messaging sites and other sites that can be accessed without the creation of a user account are expected to be exempt from the ban.

If you have any questions about your company’s compliance with cyber regulations, concerns about vulnerability to attacks or other breaches, or if you want to learn more about proactive cybersecurity defense, contact a member of McDonald Hopkins’ national data privacy and cybersecurity team.

Jump to Page

McDonald Hopkins uses cookies on our website to enhance user experience and analyze website traffic. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. By continuing to browse our website, you agree to our use of cookies as detailed in our updated Privacy Policy and our Terms of Use.