Should Facebook have say in Privacy Code designed to protect children?


Share on facebook
Share on twitter
Share on linkedin
There are concerns with Facebook’s involvement in a new Privacy Code designed to protect children and vulnerable groups.

The government is considering legislation to introduce an online privacy code for companies such as Facebook, but its record with children is cause for concern.

The Privacy Legislation Amendment Bill 2021 would require organisations subject to adhere to certain data practices.

These would include agreeing not to use or disclose users’ personal information if they request this.

An individual could choose to disallow an organisation to disclose their personal information for direct marketing. But the explanatory paper for the draft legislation states this requirement isn’t a right to erasure of the data.

Privacy rules designed to protect children and vulnerable groups

For social media companies, the draft legislation would also introduce additional rules regarding children and vulnerable groups.

These include taking all reasonable steps to “verify their users’ age” and obtain parental consent for those under 16.

Further, the rules include ensuring that the collection of data associated with children is fair and reasonable in all circumstances.

Under the draft legislation, the code will be developed by industry and enforced by the Office of the Australian Information Commissioner.

The OAIC would be given new powers to enforce compliance, including the ability to issue fines of up to $10m.

This will increase the maximum penalty for serious breaches of privacy from the current $2.1m.

Legislation comes amid review of Privacy Act

The bill is being introduced in tandem with a new review of the Privacy Act being conducted by the Attorney-General’s Department, which will evaluate broader reforms to Australia’s privacy frameworks.

Australian Information Commissioner and Privacy Commissioner Angelene Falk welcomed the proposed legislative changes.

She said late last week that “this legislation is an important step to-wards the OAIC having more of the regulatory tools we need to take a risk-based approach to preventing harm”.

She also added that “the updates to penalties are needed to bring Australian privacy law into closer alignment with competition and consumer remedies”.

Ensuring privacy is taken more seriously by online platforms

Attorney-General Michaelia Cash said the legislation aims to ensure Australians’ privacy would be treated more carefully and transparently by online platforms.

“We know that Australians are wary about what personal information they give over to large tech companies”, Cash said.

“We are ensuring their data and privacy will be protected and handled with care. Our draft legislation means that these companies will be punished heavily if they don’t meet that standard,” she said.

But should Facebook be involved in drafting of privacy laws for children?

The code will be developed in consultation with industry.

This is something concerning in the view Dr Rys Farthing, Data Policy Director for Reset Australia.

“Given what we know about social media companies, the prospect that they might be involved in the first drafting of this code is worrying,” he said.

“It would be appalling if Facebook, or any industry representative bodies they work with, were to have the first opportunity to draft the very code that is meant to protect children from them.”

Children are a key demographic for this code which must require social media companies “take all reasonable steps” to verify the age of their users.

For users under the age of 16, parental or guardian consent will be required before the companies can share any data.

Facebook has come under immense scrutiny in recent weeks following the leak of internal documents from whistleblower Frances Haugen.

These documents showed that the company is aware of how its Instagram product negatively affects the well-being of young users.

In July, Instagram enacted a policy of defaulting users under the age of 16 to private accounts and said it would no longer let advertisers target people younger 18 based on demographic information beyond their gender, age, and location.

While the law-drafting process often gets various parties to contribute, our view is similar to that of Reset Australia. Facebook has been caught red handed, knowingly serving harmful products to kids. It is also no champion of data privacy, with some seriously concerning incidents taking place recently.

Fundamentally there is a conflict of interest here where social media giants would have little to meaningfully add to privacy concerns.

As Dr Farthing also noted, “it would be nothing short of irresponsible to allow them to draft this code”.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.