Prepare for Australia's Upcoming Data Privacy Law
Preparing for the Australian Online Privacy Act by studying the GDPR and CCPA's parental consent requirements for minors
Australia announced plans in October 2021 to mandate social media companies to obtain parental consent for users under the age of 16. According to ABC News, under the proposed legislation, corporations such as Facebook, Reddit, the dating app Bumble, and the Meta-owned (previously Facebook) messaging platform, WhatsApp, would all be forced to make reasonable efforts to identify the user's age and prioritize children's interests when collecting data. According to a Reuters report, the Online Privacy Bill, when passed, will make Australia one of the most stringent countries in the world when it comes to age-based social media restrictions, with failure to comply resulting in multimillion-dollar fines and, in the worst-case scenario, the loss of Australia's business license. This step is seen as the country's efforts to curb Big Tech's influence by joining the stringent data privacy compliance club around the globe.
Speaking of stringent data privacy regulations around the globe, social media companies can apply their learnings from the popular GDPR and CCPA legislation to comply with the upcoming Australian Online Privacy Bill.
General Data Protection Regulation (GDPR)
The European Union's GDPR requires freely given, specific, informed, and unambiguous consent granted voluntarily. The word "free" suggests that the data subject has made a genuine decision and any improper pressure or influence that might influence the outcome of that option invalidates the consent. Regarding underage consent, the regulation states that companies must include additional privacy compliance precautions for children's personal data because they may be less aware of the hazards and implications of data sharing. Some of the critical guidelines by GDPR in this matter are:
The method for obtaining consent from children and the validity of such consent is governed by Article 8 of the GDPR. It applies to the direct provision of information society services to a child. The processing of the child's personal data is legal if the child is at least 16 years old.
Where the child is under the age of 16, such processing is legal only if and to the extent that the holder of parental responsibility for the child gives or authorizes it.
Member states may set a lower age for such reasons by legislation, as long as the lower age does not fall below 13 years.
Additionally, the GDPR states that the controller shall make reasonable efforts to verify in such cases that consent is given or authorized by the holder of parental responsibility for the child, considering available compliant management technology.
California Consumer Protection Act (CCPA)
To acquire, use, or sell personal data about people, the CCPA compliance does not need express agreement. People do, however, have some rights to prevent you from utilizing their information. They should be able to tell you what data you gather, what data you keep, and what data you sell. They should also be able to prevent you from selling their data to any third party, and you can not turn them away or charge them extra if they use their rights. In regard to the collection, usage, and sale of data from underage users, CCPA requires the following:
Before collecting personal data on a kid under the age of 16, you must have active, prior consent. If the youngster is between the ages of 13 and 16, they may provide permission. If the youngster is under the age of 13, parental or guardian consent is required.
The federal Children's Online Privacy Protection Act (COPPA) will also apply if the youngster is under the age of 13. To gather or use data about a kid, you will need parental or guardian approval.
Children's Online Privacy Protection Act (COPPA)
Unlike GDPR and CCPA, COPPA was explicitly created to safeguard youngsters under the age of 13 while also considering the ever-changing nature of the internet. COPPA's primary purpose is to provide parents control over what information is gathered online about their children. The rule applies to commercial websites and online services that collect, utilize, or disclose the personal information of children under the age of 13. Operators of general audience websites or online services who have fundamental knowledge that they are collecting, using, or disclosing personal information from minors under the age of 13 are also subject to the rule. This includes sites that collect information directly from users from another website or online service aimed at minors. COPPA requires the operators covered under this rule to:
Post a clear and thorough online privacy compliance policy outlining their data collection methods for children's personal information acquired online.
Before collecting personal information from minors, give parents advance warning and secure verifiable parental agreement.
Allow parents to agree to the operator's collection and internal use of their child's information, but not to the operator's disclosure of such information to third parties (unless disclosure is a requirement of the site or service, in which case it must be made explicit to parents).
Provide parents with access to their child's personal information so that they may examine it and/or have it erased.
Allow parents to prohibit their children's personal information under data privacy compliance regulations from being used or collected online in the future.
Maintain the confidentiality, security, and integrity of the information they gather from children, including making reasonable efforts to ensure that such information is only shared with parties who can keep it secret and secure.
Keep personal information on a child gathered online only for as long as it is needed to accomplish the purpose for which it was collected, then destroy it using reasonable security measures to prevent unauthorized access or use.
Not requiring a youngster to provide more information than is generally necessary to participate in an online activity before allowing them to join.
Comments
Post a Comment