Prepare for Australia's Upcoming Data Privacy Law

Preparing for the Australian Online Privacy Act by studying the GDPR and CCPA's parental consent requirements for minors


Australia announced plans in October 2021 to mandate social media companies to obtain parental consent for users under the age of 16. According to ABC News, under the proposed legislation, corporations such as Facebook, Reddit, the dating app Bumble, and the Meta-owned (previously Facebook) messaging platform, WhatsApp, would all be forced to make reasonable efforts to identify the user's age and prioritize children's interests when collecting data. According to a Reuters report, the Online Privacy Bill, when passed, will make Australia one of the most stringent countries in the world when it comes to age-based social media restrictions, with failure to comply resulting in multimillion-dollar fines and, in the worst-case scenario, the loss of Australia's business license. This step is seen as the country's efforts to curb Big Tech's influence by joining the stringent data privacy compliance club around the globe.


Speaking of stringent data privacy regulations around the globe, social media companies can apply their learnings from the popular GDPR and CCPA legislation to comply with the upcoming Australian Online Privacy Bill.


General Data Protection Regulation (GDPR)

The European Union's GDPR requires freely given, specific, informed, and unambiguous consent granted voluntarily. The word "free" suggests that the data subject has made a genuine decision and any improper pressure or influence that might influence the outcome of that option invalidates the consent. Regarding underage consent, the regulation states that companies must include additional privacy compliance precautions for children's personal data because they may be less aware of the hazards and implications of data sharing. Some of the critical guidelines by GDPR in this matter are:

  • The method for obtaining consent from children and the validity of such consent is governed by Article 8 of the GDPR. It applies to the direct provision of information society services to a child. The processing of the child's personal data is legal if the child is at least 16 years old.

  • Where the child is under the age of 16, such processing is legal only if and to the extent that the holder of parental responsibility for the child gives or authorizes it.

  • Member states may set a lower age for such reasons by legislation, as long as the lower age does not fall below 13 years.

  • Additionally, the GDPR states that the controller shall make reasonable efforts to verify in such cases that consent is given or authorized by the holder of parental responsibility for the child, considering available compliant management technology.


California Consumer Protection Act (CCPA)

To acquire, use, or sell personal data about people, the CCPA compliance does not need express agreement. People do, however, have some rights to prevent you from utilizing their information. They should be able to tell you what data you gather, what data you keep, and what data you sell. They should also be able to prevent you from selling their data to any third party, and you can not turn them away or charge them extra if they use their rights. In regard to the collection, usage, and sale of data from underage users, CCPA requires the following:

  • Before collecting personal data on a kid under the age of 16, you must have active, prior consent. If the youngster is between the ages of 13 and 16, they may provide permission. If the youngster is under the age of 13, parental or guardian consent is required.

  • The federal Children's Online Privacy Protection Act (COPPA) will also apply if the youngster is under the age of 13. To gather or use data about a kid, you will need parental or guardian approval.


Children's Online Privacy Protection Act (COPPA)

Unlike GDPR and CCPA, COPPA was explicitly created to safeguard youngsters under the age of 13 while also considering the ever-changing nature of the internet. COPPA's primary purpose is to provide parents control over what information is gathered online about their children. The rule applies to commercial websites and online services that collect, utilize, or disclose the personal information of children under the age of 13. Operators of general audience websites or online services who have fundamental knowledge that they are collecting, using, or disclosing personal information from minors under the age of 13 are also subject to the rule. This includes sites that collect information directly from users from another website or online service aimed at minors. COPPA requires the operators covered under this rule to:

  • Post a clear and thorough online privacy compliance policy outlining their data collection methods for children's personal information acquired online.

  • Before collecting personal information from minors, give parents advance warning and secure verifiable parental agreement.

  • Allow parents to agree to the operator's collection and internal use of their child's information, but not to the operator's disclosure of such information to third parties (unless disclosure is a requirement of the site or service, in which case it must be made explicit to parents).

  • Provide parents with access to their child's personal information so that they may examine it and/or have it erased.

  • Allow parents to prohibit their children's personal information under data privacy compliance regulations from being used or collected online in the future.

  • Maintain the confidentiality, security, and integrity of the information they gather from children, including making reasonable efforts to ensure that such information is only shared with parties who can keep it secret and secure.

  • Keep personal information on a child gathered online only for as long as it is needed to accomplish the purpose for which it was collected, then destroy it using reasonable security measures to prevent unauthorized access or use.

  • Not requiring a youngster to provide more information than is generally necessary to participate in an online activity before allowing them to join.

Comments

Post a Comment

Popular posts from this blog

How Financial Services Sector Can Reduce Costs and Time in Operations

Since the global financial crisis of 2008, bank profit margins have remained considerably low in the United States and other advanced economies. One of the biggest reasons is that the expenses have been outpacing revenues and, especially in Europe, the average return on equity of banks has dropped to undesirable lows. Furthermore, regulatory compliance and high levels of expenditure due to the suddenly remote workforce and increased risks due to defaults, insurance claims, client insolvency, and other factors added to the pressure. Therefore, the financial sector must act fast to increase profits, or be forced to continue laying off staff, which reached half a million last year, since 2014.  The profits can be increased in many ways, such as streamlining offerings, digitizing processes, seeking low-cost organic growth, and scaling up through mergers, acquisitions, and partnerships. But apart from increasing the profits, cutting costs can also help the financial services industry b...
Read more

The Role of a Compliance Strategy in Mitigating Cyber-Attacks

  Discussing why, now more than ever, privacy compliance procedures are required to combat cyber-attacks Cyber-attacks are not uncommon in today's day and age. However, because of the COVID-19 pandemic, cyber-attacks have skyrocketed, with some reports suggesting a 600% rise . At the same time, some anticipate that IoT cyber-attacks will double by 2025. And, with a 0.05 % rate of detection (or prosecution) of such attacks in the United States, it is difficult to conceive the devastation produced by even a modest increase in attacks. So, what do we do? Create a systematic compliance effort for your company. A structure that ensures, at the very least, the following: Having a Comprehensive Compliance Strategy Many businesses do not have a centralized plan in place to ensure data privacy compliance that is simple yet comprehensive, integrated, quantified, and centralized. This may be achieved by developing a high-level set of principles and documents that outline the measures t...
Read more

Traversing Through eDiscovery Data Sources Amid the Hybrid Work Environment

  A look at eDiscovery data sources, the issues they provide in today's hybrid work environment, and possible solutions The COVID-19 pandemic unleashed a tsunami of new technologies, software, procedures, methodologies, and upgrades to old ones, allowing the world's suddenly remote workforce to interact and collaborate more effectively . Meanwhile, cloud service providers saw an unprecedented increase in product utilization since businesses now require it more than ever. However, after almost two years, as we transition from completely remote work culture to a hybrid or back-to-office work culture, companies are yet again struggling. This time, the concern is the ever-increasingly complex regulatory compliance environment. And it only requires more severe and strong systems and procedures to cater to the massive surplus of eDiscovery data sources generated recently. Amid this chaos are the legal professionals, specifically the eDiscovery and compliance teams. They are entrust...
Read more