Privacy Commissioner Issues New Social Media Rules
▼ Summary
– The OAIC has published regulatory guidance for age-restricted social media platforms and age assurance providers on complying with privacy provisions under the Social Media Minimum Age scheme, effective December 10.
– The guidance emphasizes stringent legal obligations for entities to apply age assurance proportionately using privacy-respecting approaches, with the OAIC monitoring compliance.
– It outlines key privacy requirements, including choosing necessary and proportionate age-assurance methods, minimizing personal information use, and destroying data once purposes are met.
– The OAIC co-regulates the SMMA with eSafety, with eSafety defining “reasonable steps” for age prevention and the OAIC setting privacy boundaries for handling personal information.
– Failure to meet these obligations may constitute an interference with privacy and trigger enforcement action, while additional resources will help Australians understand and navigate the changes.
Australia’s privacy watchdog has introduced new regulations for social media platforms that restrict access based on age, establishing clear boundaries for how companies handle personal information during age verification processes. The Office of the Australian Information Commissioner (OAIC) has published regulatory guidance outlining how age-restricted social media services and third-party age verification providers must comply with privacy provisions under the Social Media Minimum Age (SMMA) scheme, scheduled to begin enforcement on December 10.
Privacy Commissioner Carly Kind emphasized that the guidance establishes strict legal requirements for organizations to implement age verification measures that respect user privacy while being appropriately scaled to their purpose. “We’re sending a clear message to age-restricted social media platforms today,” Kind stated. “Our office exists to protect and enhance privacy safeguards for all Australians by ensuring that age verification methods employed by these platforms and their providers operate within legal boundaries.”
The OAIC shares regulatory responsibility for the SMMA framework with eSafety Commissioner. Last month, eSafety released its own guidance detailing what constitutes ‘reasonable steps’ that platforms must take to prevent underage users from creating accounts, including fundamental principles for implementing age verification systems that meet SMMA requirements.
The newly published OAIC guidance specifically addresses how platforms and verification providers should manage personal information collected for age assurance purposes within the SMMA framework. “We’re dedicated to ensuring the successful implementation of the SMMA regime by rigorously applying and monitoring compliance with the privacy rules embedded in the legislation,” Commissioner Kind explained. “This gives the Australian public confidence that their privacy remains protected throughout these processes.”
“While eSafety has established the basic rules through their ‘reasonable steps’ guidance, we’re now defining what constitutes unacceptable handling of personal information for age verification under the social media minimum age requirements,” she continued. “Combined, the guidance from both eSafety and OAIC creates a comprehensive regulatory environment for age-restricted platforms and their verification partners.”
“The SMMA scheme does not grant unlimited permission to use personal or sensitive information in every situation,” Kind warned. “We will maintain active oversight of platforms to verify they operate within established parameters by deploying age verification methods that are both proportionate and legally compliant.”
Key requirements outlined in the guidance instruct organizations to:
- Recognize that additional privacy obligations under SMMA operate alongside existing requirements from the Privacy Act 1988 and Australian Privacy Principles.
- Select age verification approaches that are both necessary and proportionate while evaluating the privacy implications associated with each method.
- Limit the collection of personal and sensitive information incorporated into age verification procedures.
- Understand that existing personal information later utilized for SMMA purposes doesn’t require destruction if the original collection purposes remain ongoing.
- Destroy personal information gathered specifically for SMMA compliance once the intended purposes have been fulfilled.
- Ensure any additional use of personal information collected for SMMA remains strictly voluntary, requires the user’s explicit consent, and includes straightforward withdrawal mechanisms.
- Maintain transparency about personal information handling for SMMA purposes through privacy notices and at relevant decision points.
These privacy protections establish rigorous legal requirements for age-restricted social media platforms and verification providers. Non-compliance may be treated as privacy interference and could lead to regulatory enforcement actions.
The OAIC plans to release additional resources shortly to help Australians understand what personal information might be processed through age verification methods. Educational materials for children and families will also be provided to help them adapt to these changes and facilitate discussions about protecting children’s online privacy.
(Source: ITWire Australia)
