Australia Advises Privacy by Design for Age Assurance
The Australian Information Commissioner advised taking a privacy-by-design approach in guidance for conducting age assurance under a social media kids ban taking effect Dec. 10.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The commissioner’s office published the privacy guidance for “age-restricted social media platform providers and third-party age assurance providers that must comply with the Privacy Act 1988 and Part 4A of the Online Safety Act 2021,” it said in a news release Monday. Australia’s upcoming social media minimum age (SMMA) scheme requires platforms to take reasonable steps to prevent kids younger than 16 from having accounts.
The office said that “steps to comply with the SMMA obligation will not be ‘reasonable’ unless an entity also complies with its information and privacy obligations under Part 4A, as well as the Privacy Act and the” Australian Privacy Principles.
“Take a privacy by design approach and consider the privacy impacts associated with each age assurance method (e.g. inference, estimation and verification) and whether the circumstances surrounding the specific chosen method(s) justify the privacy risks,” said the guidance.
Among other recommendations, the office said to undertake a privacy impact assessment when choosing an age-assurance method, minimize including personal and sensitive information in the age-assurance process and destroy any collected information “once the purposes of collection have been met.”