‘Excessive’ data collection for teen social media ban illegal

Australia’s privacy commissioner has warned tech companies they would be breaching the law if they pretend to be a “blank cheque” to collect personal or sensitive information to check users’ ages as they try to comply with a youth social media ban.

Social media platform comes as Discord announced Copies of users’ identity documents used for age verification were compromised in a data breach.

Newly published youth social media ban privacy rules require companies to minimize the amount of data they collect and immediately delete records such as passports and facial scans as soon as the process is over.

This morning, the Office of the Australian Information Commissioner (OAIC) ​​published its regulatory guidance on the youth social media ban (also referred to by the government as the “social media minimum age” or “social media delay”), which will come into force in two months.

The rules set out expectations for social media companies and age-checking technology providers by highlighting how the ban fits into Australia’s privacy regulations and clarifying some of the legislation.

Privacy commissioner Carly Kind said Australians needed to be mindful of their existing privacy protections to “legally” comply with tech companies’ social media ban on young people.

“[The social media minimum age] is not a blank check to use personal or sensitive information in all cases; We will actively monitor the platforms to ensure that they remain within limits by enforcing age protection in a proportionate and lawful manner,” he said in a media statement.

Some of the important points included in the guidelines are:

• Preferring “low intervention” age control methods that are “proportionate” and “necessary for compliance”
• Minimizing the amount of personal and sensitive data collected
• Destroying information collected to comply with the ban “as soon as the purposes of collection are satisfied”
• Proactively evaluating the privacy impact of methods and processes that determine users’ ages

The guidance also clarifies that information collected by social media platforms for another purpose but used to check a user’s age does not need to be deleted subsequently. This addresses concerns raised by companies like meta The ban law, as written, would result in the deletion of data used for age checks as well as for other purposes (including basic details such as how long a user has had an account).

Failure to comply with these rules or other existing privacy protections while complying with the youth social media ban may violate Australia’s privacy protections or Privacy Act. Companies face fines of up to $50 million for “serious or repeated intrusions into privacy.”

“OAIC is committed to ensuring the successful implementation of the SMMA regime by robustly enforcing and regulating the privacy rules contained in the legislation to reassure the Australian community that their privacy is protected,” Kind said.

These rules are from one of the third-party providers of the social media platform Discord. identity documents leaked A small group of users objected to the company’s decision on their age, underscoring the risk of providers being asked to process personal and sensitive information.

The ban will come into force on December 10.