The Australian government has proposed the Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021 to safeguard Australians against various data threats online. Attorney-General Michaelia Cash recently released the draft of the proposed Bill, which aims to create a compulsory online privacy code for social media companies, data brokers, and other organizations that operate by using user data. The bill will primarily require social media platforms to obtain parental consent for minors (users under the age of 16).
The draft of the proposed legislation is open to feedback until December 6, 2021, before presenting it in Parliament.
Stringent Rules on Social Media Platforms
The development of the new online privacy code is intended to address various data privacy and security challenges posed by social media services and other organizations that collect a high volume of users’ personal information. The new code requires social media and instant messaging platforms like Facebook, Reddit, and WhatsApp to take all the necessary measures to prevent any data misuse when handling users’ personal data.
The code will require social media services to:
- Take all reasonable steps to verify the age of individuals who use the social media service.
- Ensure that the collection, use, or disclosure of a child’s personal information is fair and reasonable in the circumstances, with the child’s best interests being the primary consideration when determining what is fair and reasonable.
- Obtain parental or guardian express consent before collecting, using, or disclosing the personal information of a child under the age of 16, and take all reasonable steps to verify the consent. Suppose a social media service becomes aware that an individual was under the age of 16. In that case, the social media service must take all reasonable steps to obtain verifiable parental or guardian consent as soon as practicable.
The Bill will also introduce high penalties and enforcement powers to enable Australia’s privacy regulator, the Office of the Australian Information Commissioner, to resolve matters more effectively and efficiently. Companies that fail to follow the law will attract penalties of either 10% of the organization’s annual revenue or a fine of AUD 10 million ($7.5 million).
High Priority to Online Privacy
Attorney-General Michaelia Cash said the proposed Bill would ensure social media services treat Australians’ data more carefully and transparently online.
“We know that Australians are wary about what personal information they give over to large tech companies. We are ensuring their data and privacy will be protected and handled with care. Our draft legislation means that these companies will be punished heavily if they don’t meet that standard,” Cash said.
David Coleman, Assistant Minister to the Prime Minister for Mental Health and Suicide Prevention, said the new code would lead the world in protecting children from social media companies.
“In Australia, even before the COVID-19 pandemic, there was a consistent increase in signs of distress and mental ill-health among young people. While the reasons for this are varied and complex, we know that social media is part of the problem. Young people have told us this themselves. In a 2018 headspace survey of over 4,000 young people aged 12 to 25, social media was nominated as the main reason youth mental health is getting worse. And the recent leak of Facebook’s own internal research demonstrates the impact social media platforms can have on body image and the mental health of young people,” Coleman added.
Aim to Boost Cybersecurity
Australia has initiated multiple reforms and legislations on strengthening the data security and privacy of users online. The government recently passed the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020, allowing the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) to spy on potential cybercriminals online. Earlier, Australia also proposed the Ransomware Payments Bill 2021 that requires all organizations to inform the Australian Cyber Security Centre (ACSC) if/when they are considering paying ransom to cybercriminals in the event of a ransomware attack.