IPMojo

BOOK AN APPOINTMENT

Privacy 2.0 Part 3

by

Kids, Code & Clicks: Australia’s New Children’s Privacy Push

Privacy laws used to treat kids like a rounding error — cute, inconvenient, and mostly left to the “parental supervision” fine print. Not anymore.

In this 3rd part of IP Mojo’s exclusive Privacy 2.0 blog series, we see how Australia’s privacy regime is finally catching up to a reality every parent knows: children are online, they’re being tracked, and they deserve more than vague guidance from a dusty regulator’s website.

Enter the Children’s Online Privacy Code, a centrepiece of the latest privacy law reforms. For the first time, Australia is baking enforceable obligations into law when it comes to how children’s personal information is collected, used and shared. Not just “you should be careful” — but “you must comply.”

So what’s changing? The new law requires the Information Commissioner to develop a binding code that sits within the framework of the Australian Privacy Principles (APPs). The Code must be finalised within two years and will apply to organisations likely to interact with children — particularly social media services, games, streaming platforms, and apps that know full well they’ve got under-18s clicking through. It won’t apply to health services, but that’s about the only carve-out. In essence: if your platform’s got kids on it, this is now your problem.

The Code will apply to social media services, games, streaming platforms, and other digital services as defined in the Online Safety Act 2021 (Cth) — including so-called “relevant electronic services” and “designated internet services.” If you already know those definitions, you’ve probably had dealings with the eSafety Commissioner. Now, add the Privacy Commissioner to your contact list. These reforms don’t replace online safety obligations — they layer on top of them. That means double compliance, and potentially double trouble if you get it wrong.

Here’s the takeaway: if you run an app, platform, game or service that might appeal to kids — even if you didn’t intend it to — it’s time to review your privacy practices. Don’t wait for the Code to land in 2026. The direction of travel is clear: children’s data is no longer fair game. It’s protected space. And if you’re not designing with that in mind, your business model may need a rethink — or your lawyers may need a bigger budget.

Tune in next week for: a look at the revamped APP 11, where “reasonable steps” for data protection just got a lot more real.