Australia’s data watchdog calls for input on draft Children’s Online Privacy Code

The Office of the Australian Information Commissioner (OAIC) is seeking feedback on its draft Children’s Online Privacy Code, calling for children, young people and parents and carers to share their feedback on a law covering the collection of kids’ sensitive data, including biometrics.

“We are still planning what special rules online services should have to follow, but we are showing you what we have brainstormed so far to get your feedback,” says a release.

Because it wants young people’s input, the OAIC has designed different versions of the draft code to cater to different age groups. A short guide aimed at primary school aged children uses friendly, accessible language and the metaphor of the front and backstage of a theater to explain what the code does. (“The Code focuses on protecting your online privacy backstage. It does this by shining a light on what happens to your personal information behind the curtain.”)

An extended guide builds on the shorter version but covers the code in more detail, with secondary school aged children and parents and carers in mind.

Different workbooks and sharing options enable feedback in different forms, including a drawing workbook for the youngest kids.

Code not social media law, but does cover social media

The OAIC makes a note of distinguishing the draft code from the Social Media Minimum Age obligation. “The Children’s Online Privacy Code does not delay children from engaging in the digital world,” says the guide. “Rather, the Code protects children when using online services at any age, by strengthening the privacy protections of their personal information.” That applies to social media services, including age-restricted social media platforms where 16 and 17 year olds may have accounts – but it is unrelated to the age restriction enacted in December 2025.

The full text of the code applies it to “the activities of an entity to the extent the activities consist of the provision by the entity of a social media service, a relevant electronic service or a designated internet service that is likely to be accessed by children, or primarily concerned with the activities of children.”

Effectively, it says platforms can’t collect data from people under a certain age – which implies the need to “take steps that are reasonable in the circumstances to ascertain the age of the end-user.”

In the guide’s language, “to protect children’s personal information, online services might have to either give everyone better privacy protections or check the age of users.”

So, for social media platforms, the Code and the SMMA obligation lead to the same place: the biometric age assurance shop.

Submissions of feedback are open until Friday, June 5, 2026.

Article Topics

age verification  |  Australia  |  Australia age verification  |  biometrics  |  data privacy  |  Office of the Information Commissioner (OAIC)