Close this search box.

Should Facebook have say in Privacy Code designed to protect children?


There are concerns with Facebook’s involvement in a new Privacy Code designed to protect children and vulnerable groups.

The government is considering legislation to introduce an online privacy code for companies such as Facebook, but its record with children is cause for concern.

The Privacy Legislation Amendment Bill 2021 would require organisations subject to adhere to certain data practices.

These would include agreeing not to use or disclose users’ personal information if they request this.

An individual could choose to disallow an organisation to disclose their personal information for direct marketing. But the explanatory paper for the draft legislation states this requirement isn’t a right to erasure of the data.

Privacy rules designed to protect children and vulnerable groups

For social media companies, the draft legislation would also introduce additional rules regarding children and vulnerable groups.

These include taking all reasonable steps to “verify their users’ age” and obtain parental consent for those under 16.

Further, the rules include ensuring that the collection of data associated with children is fair and reasonable in all circumstances.

Under the draft legislation, the code will be developed by industry and enforced by the Office of the Australian Information Commissioner.

The OAIC would be given new powers to enforce compliance, including the ability to issue fines of up to $10m.

This will increase the maximum penalty for serious breaches of privacy from the current $2.1m.

Legislation comes amid review of Privacy Act

The bill is being introduced in tandem with a new review of the Privacy Act being conducted by the Attorney-General’s Department, which will evaluate broader reforms to Australia’s privacy frameworks.

Australian Information Commissioner and Privacy Commissioner Angelene Falk welcomed the proposed legislative changes.

She said late last week that “this legislation is an important step to-wards the OAIC having more of the regulatory tools we need to take a risk-based approach to preventing harm”.

She also added that “the updates to penalties are needed to bring Australian privacy law into closer alignment with competition and consumer remedies”.

Ensuring privacy is taken more seriously by online platforms

Attorney-General Michaelia Cash said the legislation aims to ensure Australians’ privacy would be treated more carefully and transparently by online platforms.

“We know that Australians are wary about what personal information they give over to large tech companies”, Cash said.

“We are ensuring their data and privacy will be protected and handled with care. Our draft legislation means that these companies will be punished heavily if they don’t meet that standard,” she said.

But should Facebook be involved in drafting of privacy laws for children?

The code will be developed in consultation with industry.

This is something concerning in the view Dr Rys Farthing, Data Policy Director for Reset Australia.

“Given what we know about social media companies, the prospect that they might be involved in the first drafting of this code is worrying,” he said.

“It would be appalling if Facebook, or any industry representative bodies they work with, were to have the first opportunity to draft the very code that is meant to protect children from them.”

Children are a key demographic for this code which must require social media companies “take all reasonable steps” to verify the age of their users.

For users under the age of 16, parental or guardian consent will be required before the companies can share any data.

Facebook has come under immense scrutiny in recent weeks following the leak of internal documents from whistleblower Frances Haugen.

These documents showed that the company is aware of how its Instagram product negatively affects the well-being of young users.

In July, Instagram enacted a policy of defaulting users under the age of 16 to private accounts and said it would no longer let advertisers target people younger 18 based on demographic information beyond their gender, age, and location.

While the law-drafting process often gets various parties to contribute, our view is similar to that of Reset Australia. Facebook has been caught red handed, knowingly serving harmful products to kids. It is also no champion of data privacy, with some seriously concerning incidents taking place recently.

Fundamentally there is a conflict of interest here where social media giants would have little to meaningfully add to privacy concerns.

As Dr Farthing also noted, “it would be nothing short of irresponsible to allow them to draft this code”.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →