[LINK] Australian Online Privacy Bill to make social media age verification mandatory for tech giants, Reddit, Zoom, gaming platforms

[Kim Holburn]

https://www.zdnet.com/article/australian-online-privacy-bill-to-make-social-media-age-verification-mandatory-for-tech-giants-reddit-zoom-gaming-platforms/

 >A new Bill targeting social media platforms wants stronger penalties for user privacy breaches that could see companies fined 10% 
of their annual turnover.

> The federal government has released an exposure draft for what it has labelled an Online Privacy Bill that it hopes will enhance 
> online privacy protections for Australians through an expansion of the nation's Privacy Act.
>
> "The goal of the Bill is to enhance privacy protections, particularly in the online sphere, without unduly impeding innovation 
> within the digital economy," the federal government wrote in the Bill's explanatory paper 
> <https://consultations.ag.gov.au/rights-and-protections/online-privacy-bill-exposure-draft/user_uploads/online-privacy-bill-explanatory-paper.pdf> 
> [PDF].
>
> Under current legislation, the federal government can only make two kinds of binding privacy codes, which are the Australian 
> Privacy Principle code (APP) and a credit reporting code.
>
> The Bill is seeking to expand the Privacy Act to allow government to create a third code specifically for regulating three classes 
> of organisations: Social media platforms, data brokers, and large online platforms.
>
> The proposed online privacy (OP) code seeks to make it mandatory for social media organisations to verify users' age; obtain 
> parental or guardian consent of a child who is under 16 years old before collecting, using, or disclosing personal information of 
> that child; and prioritise acting in the best interests of children in their approach to handling data.
>
> These requirements are only for the social media class of organisations as the risk they pose to children are higher than those by 
> data brokers or large online platforms, the government said.
>
> "The OP code will have stricter requirements for how social media platforms handle children's personal information," the 
> government said.
>
> According to the exposure draft of the Bill, social media platforms that fall within the code's scope include networks such as 
> Facebook, dating apps such as Bumble, online content services such as OnlyFans, online forum sites such as Reddit, online 
> messaging and videoconference platforms such as WhatsApp and Zoom, and gaming platforms that enable users to chat with each other.
>
> Data brokerage organisations, meanwhile, are those that collect personal information from an individual via an electronic service 
> other than a social media service or those that collect the personal information for the sole or primary purpose of disclosing the 
> personal information.
>
> "This is intended to capture organisations whose business model is based on trading in personal information collected online, or 
> information derived from such personal information, such as data derived from rewards or loyalty programs," the explanatory paper 
> states.
>
> For the last category of large online platforms, these include organisations that provide electronic services and have over 2.5 
> million Australia users will also fall within the code's scope. This means tech giants such as Apple, Google, and Amazon, as well 
> as media sharing platforms like Spotify would be required to follow the new code. Organisations that collect personal information 
> as part of customer loyalty schemes are exempt from this third category, however, the government said.
>
> The rest of the code, which would apply to all three classes of organisations, would require organisations to have measures in 
> place that allow individuals to request for their personal information to not be used or disclosed. This requirement is not 
> intended to amount to a "right to erasure" of the personal information, however.
>
> The code would also impose APP requirements onto these organisations.
>
> The Online Privacy Bill also seeks to implement stronger penalties for organisations that breach user privacy, with any breach of 
> the code potentially resulting in a fine worth 10% of an organisation's domestic annual turnover or a AU$10 million fine. This 
> proposed AU$10 million fine would be an increase from the current maximum penalty of AU$2.22 million.
>
> A new criminal penalty would also be implemented for when an organisation fails to comply with the requirement to give 
> information, or provide a document, or record when required in relation to investigations about breaches to user privacy.
>
> In explaining how the OP code would coexist with other codes, the government said its application would prevail over the APP code 
> in the event an organisation is subject to both codes. But if an organisation is subject to the OP and the Consumer Data Right, 
> the Consumer Data Right rules would prevail to the extent of any inconsistency between the two codes.
>
> The release of the Bill follows various Australian politicians in recent weeks criticising tech giants 
> <https://www.zdnet.com/article/scott-morrison-says-social-media-platforms-are-publishers-if-unwilling-to-identify-users/> for the 
> conduct that occurs on their platforms, from Australian Prime Minister Scott Morrison saying social media has become a coward's 
> palace to federal Attorney-General Michaelia Cash writing to her state counterparts requesting for the country's defamation laws 
> to be rewritten. At the same time, the Australian Competition and Consumer Commission has been investigating the conduct of 
> digital platforms 
> <https://www.zdnet.com/article/accc-to-expand-digital-battle-to-online-marketplaces-and-private-messaging-services/> for years.
>
> On Monday morning, Cash said the Online Privacy Bill would ensure Australians' privacy would be treated more carefully and 
> transparently by online platforms such as social media companies.
>
> "We know that Australians are wary about what personal information they give over to large tech companies. We are ensuring their 
> data and privacy will protected and handled with care. Our draft legislations means that these companies will be punished heavily 
> if they don't meet that standard," she said.
>
> With the Bill's exposure draft now released, the federal government said the code would be co-developed with the Australian 
> Information Commissioner and industry, and it is now seeking feedback particularly regarding the scope of organisations that would 
> be required to comply with the OP code.
>
> The government will be accepting submissions on the Online Privacy Bill until December 3.
>

-- 
Kim Holburn
IT Network & Security Consultant
+61 404072753
mailto:kim at holburn.net   aim://kimholburn
skype://kholburn  - PGP Public Key on request