A number of digital rights organisations have called on the federal government to abandon its plan to require social media firms to verify the age of their users, saying this would undermine privacy and has “failed comprehensively” in other countries.
The Online Privacy Bill, which increases penalties for breaches of privacy by social media firms and introduces a binding Online Privacy code, was unveiled in October.
The code will apply to a broad range of tech firms, including Facebook, Google, Reddit, Bumble and OnlyFans, and requires them to take “reasonable” steps to verify the age of users.
The government is now consulting on this legislation, with a number of submitters raising concerns that the privacy reforms are being introduced before a significant review of the Privacy Act is completed, and that it focuses too heavily on protecting children online rather than all people.
Digital rights groups Electronic Frontiers Australia and Digital Rights Watch both called on the government to ditch the plan to require the tech firms to verify the age of their users, saying this is in contradiction to efforts to improve privacy.
Digital Rights Watch said the age verification proposal is “deeply concerning” and would be privacy-invasive, undermining the intent of the bill. Requiring users to verify their age would mean that these big tech companies collect, use and store even more personal data, the organisation said.
“This not only creates significant privacy and security risks, but it also works in favour of data-hungry social media platforms,” the submission said.
Other jurisdictions have tried to do this and “failed comprehensively”, Electronic Frontiers Australia (EFA) said, and implementing it would “likely create new privacy harms”.
“We encourage the government to read and absorb information already provided to it on multiple occasions before attempting to mandate the use of unproven technology,” the submission said.
“EFA urges the government not to require online services to collect more personal information about individuals in a bill that purports to be about increasing privacy protections. It is unfortunate that reductions in privacy, such as age verification requirements, are being included in a bill that purports to be about increasing privacy.
“We encourage the government to make a clear distinction between privacy-enhancing mechanisms and privacy-reducing mechanisms. Failure to do so is likely to undermine the credibility and trust required for effective participation in co-development processes.”
The consultation on the legislation is happening at the same time as a major review of the Privacy Act as a whole, and Digital Rights Watch said these processes shouldn’t be running in tandem.
“Given the scope overlap and potential for new privacy reforms to fundamentally impact the way data protection and ownership is viewed in Australian legislation, it should remain a priority to update the Privacy Act before proceeding with any other fundamental changes to the way that personal information of Australians is treated,” the submission said.
“We are very concerned that the bill is building on top of the Privacy Act’s Australian Privacy Principles, rather than prioritising making meaningful change to the underlying legislation.”
EFA also urged the government to include the introduction of a tort of serious invasion of privacy in the legislation, as recommended by the Australian Law Reform Commission in 2014.
“It has now been more than seven years since this improvement to privacy was recommended, and if the government does not wish to enact the recommended tort, we askl that the government explain why. If not now, when?” the submission said.
Do you know more? Contact James Riley via Email.