Blogs

Why should we care (more) about children’s online privacy? Part 1

18 Oct, 2022

In this first post in a series on children’s online privacy, we start by looking at the laws protecting information privacy in Australia and asking whether better protections are particularly needed for children.

Parents say they care about their children’s privacy more than their own and are uncomfortable with businesses tracking the location of a child or selling personal information to third parties (Australian Attitudes to Privacy survey). Given recent high profile data breaches (e.g. Optus data breach 2022), there are good reasons for us all to be concerned about the ways our personal information is being collected, stored and managed. 

Firstly, what is privacy?

While a right to privacy is enshrined in various international agreements, including the Convention on the Rights of the Child, none of these clearly defines ‘privacy’. Instead, a number of different but sometimes overlapping ‘domains’ of privacy have been identified (see ALRC Report). These relate to different areas of our lives, such as our homes and other spaces, our bodies, our communication and our information.

In fact, many people are surprised to learn that there is no general right to privacy in Australia and the ability to sue another for invasion of privacy is not established in Australian law. So, despite a right to privacy being enshrined in various international instruments, without national human rights legislation, a broad ‘right to privacy’ for Australians remains aspirational.

But we do have limited protections for certain aspects of privacy – and information privacy is one.

Information privacy in Australia

Information privacy is about how our personal information, or data, is collected, used and stored. Nationally, protection of our personal information is mainly governed by the Privacy Act 1988. However, the Act does not give individuals the right to take action directly against an entity that has interfered with their privacy. Other things you might be surprised to learn about the Privacy Act 1988 are:

  • Most small businesses are not bound by the Act.
  • Individuals acting in a personal capacity (e.g. other parents posting about your child) are not covered.
  • The Act allows businesses to collect and use sensitive personal information (e.g. information about health and ethnicity) with consent. Where a business collects and uses personal information that is not sensitive (see definition here) consent is not always necessary.
  • The Act does not give us a general right to request the deletion of our data, unlike the right that exists in the United Kingdom and the EU due to the General Data Protection Regulation (GDPR), for example.
What about children?

The Privacy Act 1988 does not contain additional protections for children, even though, in the words of UNICEF, children are “more vulnerable than adults and less able to understand the long-term implications of consenting to their data collection.” Children are also vulnerable because of how much time they spend online and the data trails they build up over a lifetime. To get an idea of how much data you leave online, visit Justdelete.me or your Google advertising profile.

While collecting and using children’s data is not new, digital services have created new ways to commodify and commercialise digital data. It is now possible to connect vast datasets and create algorithms that track, profile and target children. Consider the recent report from Human Rights Watch which found that 89% of 164 educational technologies reviewed “appeared to engage in data practices that put children’s rights at risk, contributed to undermining them, or actively infringed them. ”

At the same time “opportunities provided by the digital environment play an increasingly crucial role in children’s development and may be vital for children’s life and survival” (UN Committee on the Rights of the Child).

The question then is: how do we best protect children within the digital environment, not from it?

In the UK, a statutory code of practice, the Age Appropriate Design Code (the Children’s Code) seeks to put children’s best interests first and clearly set out practices that should be avoided. We recently hosted a seminar about the Children’s code, which you can watch here.

In Australia, the previous federal government proposed to update the Privacy Act 1988. Potential changes could require organisations to gain the consent of a parent or guardian before collecting, using or disclosing the personal information of a child under 16. Other potential changes would require all organisations to ensure that the collection, use and disclosure of a child’s information is reasonable in the circumstances. The Centre made submissions to the part of this review focused on a draft Online Privacy Bill, which mainly affects social media organisations and large online platforms. We recommended that protections for children should be strengthened, but that the age at which a child can give consent to the use of their own data be lowered, so as to not unnecessarily impact on the social and creative opportunities of children online.

With a change in government, we eagerly await the next steps. Ideally, stronger protection for children’s privacy online will apply sector-wide, and not only to social media organisations.

The next post in this series will consider some practical steps that parents, advocates, developers and policy-makers can take to better protect children’s privacy online while we’re waiting for the government to act on legal protections.


Get new blog posts straight to your inbox

Join our mailing list

About the author/s

Dr Anna Bunn works with educators and school students to increase understanding of legal rights and issues in relation to the use of technology. Anna has written on the impact of technology on children’s development and their rights, and has analysed some of the regulatory frameworks governing the ... more
Rebecca Ng completed a PhD in inclusive education working with autistic children to understand how they socialise within differentiated spaces. This research involved creative ways to engage children in research through participatory design. She is also part of a cross-university research project wh ... more
Professor Sue Bennett is an internationally recognised expert, teacher and innovator in technology in education and society. Sue’s research work is known to challenge assumptions made about the impact and influence of digital technology on children and young people, made unique by her use of psych ... more
Andy Zhao is a sociologist who is interested in studying and researching digital media, transnational mobility, young people, and the intersections of them. His doctoral thesis was an ethnographic study of how Chinese young migrants in Australia make sense of and use social media in their everyday l ... more
Gavin Duffy’s doctoral thesis examines the lifecycle of educational apps, working with people throughout the chain, including developers, students, school staff, and parents. Gavin’s aim is to outline the different ways educational apps are seen by different actors, showing the mean ... more

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Blogs



View all blogs

The Australian Research Council Centre of Excellence for the Digital Child acknowledges the First Australian owners of the lands on where we gather and pay our respects to the Elders, lores, customs and creation spirits of this country.

The Centre recognises that the examples we set in diversity and inclusion will support young children to respect and celebrate differences in all people. We embed diversity, inclusivity and equality into all aspects of the Centre’s activities and welcome all people regardless of race, ethnicity, social background, religion, gender, age, disability, sexual orientation and national origin.