IPIE Submission to the Office of the Australian Information Commissioner: Children's Online Privacy Code

This submission by the International Panel on the Information Environment (IPIE) sets out recommendations for the development of the Children’s Online Privacy Code under Australia’s Privacy Act 1988. The purpose of this submission is to offer guidance to policy makers on how to balance privacy protection with legitimate data access and use while protecting children from technology-facilitated child sexual exploitation and abuse(CSEA) and related privacy harms in digital environments.

The IPIE's recommendations are summarized as follows:

• Recommendation 1: The Code should adopt the broadest possible scope when determining which actors qualify as Australian Privacy Principles (APP) entities1,to ensure technology-neutral and business model-agnostic coverage based on likelihood of access by children.
• Recommendation 2: The Code should ensure privacy protections do not impede legitimate child protection efforts, particularly in detecting, preventing and investigating technology-facilitated child sexual exploitation and abuse (CSEA),while supporting anonymized data-sharing for research and investigatory purposes.
• Recommendation 3: The Code should establish robust transparency and accountability mechanisms that require entities subject to the Australian Privacy Principles to demonstrate child protection effectiveness through verifiable evidence, external scrutiny, comprehensive impact assessments, and transparency about existing CSEA mitigation measures.