We use cookies to analyse traffic and to improve your browsing experience on our website. To find out more, read our privacy policy.

News Join our team Contact us

Ritu Mohan

Ritu Mohan
Assistant Director, Policy and Statutory Functions

Published:  

Today is Safer Internet Day, a global day of action to raise awareness of online safety and work toward a safer internet. eSafety has several resources to help make online safety visible in schools, workplaces, homes and communities, and to support individuals to take steps to protect themselves online.

It is a chance to reflect on current and emerging risks, the role of privacy, and how the OAIC and eSafety are working together to build a safer internet.

Online risks

Many of the online risks and harms we see today have emerged because of a dramatic increase in the amount of personal information collected about us as individuals, and the use and disclosure of this information in ways we may not understand or expect.

The commercial practices that motivate our engagement and keep us online are largely based on the monetisation of data and personal information.

A simultaneous lack of transparency by online services around complex data practices makes it feel impossible for us to make informed decisions about how our personal information is handled online.

The risk of exposure to harmful content has also increased as more illegal, alarming and opportunistic content is uploaded to online platforms.

Regulatory tools available

In Australia, the Privacy Act 1988 and Online Safety Act 2021 play distinct and essential roles in addressing the risks and harms faced by Australians in the online environment.

While the Privacy Act regulates the handling of personal information by certain private sector organisations and Australian Government agencies, the Online Safety Act focuses on protecting Australians from online harms resulting from exposure to illegal or harmful online content or behaviour.

There are several other frameworks that play a role too, but the interplay between these 2 laws is particularly interesting.

Areas of intersection and balance

There are several points of intersection between the 2 regulatory frameworks. For the most part, these intersections operate in a complementary manner, but there are some areas where a careful balance is required.

Looking at areas of alignment, the Privacy Act and Online Safety Act often have complementary objectives, requirements and approaches. For example, both frameworks emphasise the importance of providing individuals with the ability to control their personal information and online safety respectively, as well as embedding privacy and safety protections into the design of services and business practices under a ‘privacy by design’ and ‘safety by design’ approach.

In other areas – such as age assurance, anonymity and end-to-end encryption – a reasonable and proportionate balance must be reached between online safety goals and fundamental tenets of privacy such as data minimisation, recognising that the right to privacy is not absolute.

Age assurance – how much information are we willing to give up?

Taking age assurance and the new Online Safety Amendment (Social Media Minimum Age) Act 2024 as an example – all Australians will, by the end of the year, see the normalisation of age checks for social media access to improve online safety for children below 16.

This measure may involve the collection of information about an individual and the subsequent sharing of this information with an online platform. The consequences will be far reaching given the sheer number of Australians that expect a free, frictionless and private experience when accessing their accounts. That is, almost everyone.

We are seeing in the UK and Europe the normalisation of digital ID wallets and the sharing of credentials through intermediaries to facilitate age-restricted access to the internet. At the same time, individuals are opening themselves up to information being collected for age assurance purposes but being used for other purposes, albeit with consent.

What’s next

Our functions under the new social media restrictions relate to platforms, but it will be equally important for the OAIC to look at the middlepersons – the identity service provider ecosystem – as the scheme is implemented.

In exercising functions under the Privacy Act and Online Safety Act, the OAIC will continue to ask questions around proportionality in the context of age assurance. What information are individuals having to share? What will be done with it? What are they getting in exchange? What other purposes, if any, are providers interested in using it for? How soon will the information be destroyed?

The OAIC has a strong ongoing relationship with eSafety and both our work on age assurance and our work developing the Children’s Online Privacy Code will strengthen this collaboration, highlighting how online safety goals and privacy can work in tandem for a safer internet.

OAIC logo
Contact us 1300 363 992

Monday to Thursday 10 am to 4 pm (AEST/AEDT)

Acknowledgement of Country

The OAIC acknowledges Traditional Custodians of Country across Australia and their continuing connection to land, waters and communities. We pay our respect to First Nations people, cultures and Elders past and present.

© Commonwealth of Australia