The OAIC has developed guidance for age-restricted social media platform providers and third-party age assurance providers that must comply with the Privacy Act 1988 and Part 4A of the Online Safety Act 2021 when the social media minimum age (SMMA) scheme commences on 10 December 2025. The scheme requires a provider of an age-restricted social media platform to take ‘reasonable steps’ to prevent age-restricted users (under 16 years) from having an account with the platform.
Part 4A recognises that entities may handle personal information when undertaking age assurance for SMMA compliance purposes. Part 4A operates alongside the Privacy Act and introduces additional, more stringent obligations when handling personal information to comply with the SMMA requirement.
This guidance aims to help age-restricted social media platform providers and third-party age assurance providers (collectively described as ‘entities’ in this guidance) understand their privacy obligations in the context of the SMMA scheme. It does not cover the entirety of the privacy obligations that apply and should be read in conjunction with the Privacy Act and the Australian Privacy Principles (APP) guidelines. It should also be read in conjunction with eSafety's regulatory guidance on reasonable steps for more information on how to select, deploy and evaluate appropriate age assurance methods and complementary systems and processes for SMMA compliance purposes.
As noted in eSafety’s regulatory guidance, steps to comply with the SMMA obligation will not be ‘reasonable’ unless an entity also complies with its information and privacy obligations under Part 4A, as well as the Privacy Act and the APPs.
We are currently in the process of publishing this guidance in HTML format. In the meantime, please refer to the PDF version. If you need assistance because the document you need is not available in a format you can access, please contact us at website@oaic.gov.au.
