Commonwealth Consolidated Acts Commonwealth Consolidated ActsChildren's Online Privacy Code
(1) The Commissioner must develop an APP code (the Children's Online Privacy Code ) about online privacy for children.
(2) The other provisions of this Division (including section 26C) apply in relation to the Children's Online Privacy Code subject to this section.
Note: Section 26C deals with requirements for APP codes generally.
Matters covered by code
(3) For the purposes of paragraph 26C(2)(a), the Children's Online Privacy Code must set out how one or more of the Australian Privacy Principles are to be applied or complied with in relation to the privacy of children.
(4) For the purposes of subsections 26C(3) and (4), the Children's Online Privacy Code may provide for one or more of the matters mentioned in those subsections in relation to the privacy of children. However, despite paragraph 26C(3)(b), the code must not cover an act or practice that is exempt within the meaning of subsection 7B(1), (2) or (3).
Note: Codes may provide differently for different things: see subsection 26C(4A).
Entities bound by code
(5) Subject to subsection (7), an APP entity is bound by the Children's Online Privacy Code if:
(a) all of the following apply:
(i) the entity is a provider of a social media service, relevant electronic service or designated internet service (all within the meaning of the Online Safety Act 2021 );
(ii) the service is likely to be accessed by children;
(iii) the entity is not providing a health service; or
(b) the entity is an APP entity, or an APP entity in a class of entities, specified in the code for the purposes of this paragraph.
Note: In relation to subparagraph (a)(ii), see subsection (11).
(6) Paragraph 26C(2)(b) does not apply in relation to the Children's Online Privacy Code.
Specified entities not bound by code
(7) Despite subsection (5), an APP entity is not bound by the Children's Online Privacy Code if the entity is an APP entity, or an APP entity in a class of entities, specified in the code for the purposes of this subsection.
Requirements
(8) In developing the Children's Online Privacy Code, the Commissioner may:
(a) consult with:
(i) children; and
(ii) relevant organisations or bodies concerned with children's welfare; and
(iia) industry organisations or bodies representing the interests of one or more entities that may potentially be bound by the Code;
(iii) the eSafety Commissioner; and
(iv) the National Children's Commissioner; and
(b) consult any other person the Commissioner considers appropriate.
(9) Before registering the Children's Online Privacy Code under section 26H, the Commissioner must:
(a) make a draft of the code publicly available; and
(b) invite the public to make submissions to the Commissioner about the draft within a specified period (which must run for at least 60 days); and
(c) give consideration to any submissions made within the specified period; and
(d) consult with:
(i) the eSafety Commissioner; and
(ii) the National Children's Commissioner.
Time by which code must be made
(10) The Commissioner must develop and register the Children's Online Privacy Code within the period of 24 months beginning on the day the Privacy and Other Legislation Amendment Act 2024 receives the Royal Assent.
Services likely to be accessed by children
(11) The Commissioner may make written guidelines to assist entities to determine if a service is likely to be accessed by children for the purposes of subparagraph (5)(a)(ii).
(12) The Commissioner may publish any such guidelines on the Commissioner's website.
(13) Guidelines under subsection (11) are not a legislative instrument.