Why Australia’s Children's Privacy Code Matters—And What We Had to Say

At PRIVO, we’ve spent more than two decades working to protect children’s digital identities and ensure that companies engaging with children online do so safely, ethically, and in compliance with privacy laws. So when the Office of the Australian Information Commissioner (OAIC) announced its consultation on the Children’s Online Privacy Code, we knew we had to contribute. 

Our submission builds on our role as an FTC-approved COPPA Safe Harbor, child privacy expert and the first identity and consent management platform purpose-built for minors. We’ve work with leading brands, edtech platforms, health services, and start-ups alike, offering tools and expertise to help them implement privacy and safety into their online services for children of all ages, across every stage of development. 

Key Themes from Our Submission: 

• Age of audience must be considered. Children are online from a very young age, engaging with platforms, apps, and games long before most services have implemented privacy and safety by design. Age assurance is key to knowing the age of the audience to ensure age appropriate experiences.  

• Age-appropriate design is non-negotiable. We emphasized the importance of tailoring privacy notices, features, and protections to a child’s developmental stage. A one-size-fits-all approach fails children and risks privacy and safety violations. 

• Broken age gates are not good enough. For too long platforms have relied  easy-to-bypass age screens. Instead, we advocate for risk-based approaches that trigger appropriate identity and consent workflows without collecting excessive personal data. 

• AI introduces new risks and responsibilities. We recommended that AI providers be explicitly included under the Code to ensure safety-by-design extends to automated decision-making and algorithmic profiling out the gate. 

• Parents need options and controls. Verifying the adult not the child and allowing flexible, federated ID solutions helps families safely and efficiently manage consent across multiple services, without sharing sensitive personal data at each service over and over again adding security risks. 

• Profiling and behavioral advertising is not in a child’s best interests but a personalized experience could be. We encouraged the OAIC to align with GDPR and the UK’s Children’s Code in recognizing the risks of automated decision-making and profiling for marketing purposes and the importance of contextual alternatives. 

• A global perspective is essential. Drawing from our work with regulators in the U.S., UK, EU, and global organizations like NIST, we reinforced the need for interoperable standards that help companies serve children responsibly across jurisdictions. 

Final Thought: Know Your Audience
If there’s one message we hope to reinforce in Australia and beyond, it’s this: Knowing the age of your audience isn’t just smart, it’s essential. Services “likely to be accessed by children” need to build in privacy and safety by design and this needs to be a must have not an after thought. 

Want to read our full submission to the OAIC?
Download the full submission here 

Note: PRIVO is participating in the Australian Government’s Age Assurance trial.