Children’s Online Privacy Code: Public Consultation Report

Who are we?

The Office of the Australian Information Commissioner (OAIC) wrote this report. When you read the word ‘we’, it means the OAIC. We are the Australian Government’s privacy regulator, and our goal is to protect the privacy of Australians. We are responsible for developing the Children’s Online Privacy Code (the Code).

What is the Children’s Online Privacy Code?

The Code is a special set of rules to help protect children’s privacy when using the internet. It makes sure that organisations who run apps, websites and games that children might use take care of their personal information (like their name, age and what they like to do online).

The Code will come into effect on 10 December 2026.

Consultation method

We invited children, young people, parents and carers (participants) to share their views on online privacy in May and June 2025. The intention was to listen to and include the voices and experiences of those whom the Code will likely affect the most.

Participants completed worksheets that asked questions about online privacy. Participants were presented with several scenario-based exercises and then asked a series of open-ended questions. All answers provided were short response. The participants expressed, in their own words, their perspectives in response to the open-ended questions. A detailed description of our approach to analyse these responses (our methodology) can be viewed in the technical report (Appendix A).

The OAIC received 337 responses in total, 161 from primary school aged children (Years 3 – 6), 74 from high school aged young people (Years 7 – 12), and 102 from parents/carers.

Purpose of report

This report summarises the key themes identified across the submissions received from participants in response to the worksheets and reflects their perspectives.

We have also published a technical report which can be read alongside this summary report. The technical report contains detailed information about the questions we asked, the category of responses received and the number of responses we received for each category. This can be found at the end of this report.

This report does not reflect the OAIC’s final policy position on the development of the Code.

The OAIC will make a draft of the Code available for public consultation in 2026.

The OAIC would like to thank everyone, especially the children and young people, who made submissions in response to this consultation process.

The OAIC has published a ‘Children’s Report’, this report summarises the key findings of the children and young people consultations, it has been written for children and young people, see Children’s Online Privacy Code - children’s consultation report.

Top 6 things children want online companies to do:

• Ask for permission! Children want to be asked more often if their personal information can be collected and used.
• More explanations! Children want to learn and understand why online companies want their personal information.
• Privacy policies should be short and simple to read! Children don’t want long texts with big words. Make it fun!
• Make important information and buttons easier to find! Children want the important stuff to be clearly marked.
• Help children when they have questions! Children want a person or place to go to go online to ask for help.
• Make it fair! Children know that some online companies can make money from their personal information, and this feels unfair. Children want their time online to be fair.

Top 6 things parents and carers want online companies to do:

• Help us understand! Parents and carers want to understand the privacy policies and settings of the services their children use at home and at school.
• Use child-friendly language! Help children understand privacy policies and settings.
• Respect children’s right to choose! Don’t use ‘nudge’ techniques to influence the choices children make online.
• Location tracking automatically off! Location tracking should never be turned on automatically and consent should be sought if it is required for the session
• No targeted ads! Children should be able to enjoy online services without advertisement.
• Allow children to have more control! Children should have a say in how their personal information is handled

Key themes

Attitudes towards online privacy

The findings demonstrate that online privacy is important to all participants.

Children and young people expressed that they want to feel in control when they share personal information online and trust that their personal information is being handled responsibly.

The majority of children and young people noted that they do not like when information about them is shared without their knowledge:

“I want to feel that I had that choice to share something with my permission, and I want to chose what I share with them, if I don’t and someone dose something with my personal information I will be sad”

The majority also noted that they want to be able to trust who they share their personal information with:

“I want to feel comfortable and know I can trust whoever I’m sharing the information too because I don’t want to have a feeling of regret knowing it might get leaked. Or that whatever they’re asking makes sense and isn’t an invasion of privacy and nothing related.”

Many parents and carers stated that the online privacy of their children was important to them.

“The issue of children’s online privacy needs to be taken very seriously. There are too many young children online that should not be and a duty of care to protect these children is important. Parents also need to be educated. There are too many parents that are do not understand the seriousness or impact of this and broader education pieces needs to be focused on. Data breaches of children’s information is a real risk and is not talked about enough.”

Consent

The findings demonstrate that children and young people want to be asked permission, before their personal information is collected, used, and, or disclosed.

“I think that they could do a good job by first asking me for permission before doing this and they can explain that no one is reading this or accessing your information.”

“I don’t think that they should be able to access personal info since they could get hacked, and the info could be leaked. They should ask before the do it, so that the person is aware of it.”

The findings also show that parents and carers are often faced with the scenario of having to read a long and complicated privacy policy, in order to consent to their child using educational apps at school.

Most parents and carers said that they did not think that this was fair.

“I’ve experienced this many times throughout primary school and secondary school.  There are a lot of online resources used by schools these days - from educational apps on iPads to digital school lunch ordering systems or consent forms for excursions.  I feel like mine and my children's personal information is floating around in a lot of small company start-up like databases - how do I know my data is encrypted, or deleted after the purpose of gathering my information has expired?  It feels like leaving breadcrumbs all over the internet and I have no control over how widespread it is or the ability to clean it up!”

“Yes, I have experienced it and it was concerning because it was legal jargon to me and extremely confusing. I didn’t think it was fair that my child would have missed out on lessons if I had not signed it. It would be great if there was a different approach to such scenarios.”

Transparency

The majority of children and young people stated that they want online companies to be more up-front, direct and honest about how they handle personal information.

“Organizations should be completely transparent with how they collect data, how it is stored, and how it is further used. It should be shared quite explicitly and directly to the point. Like how cookies are made to be announced, the same should be shared on every website or application that enables personal information profiling and saves/shares information. They should not be able to hide this information in a small font, it needs to be visible AS SOON AS you click into the application or website.”

“they should just say what they do with it without any lies.”

Parents and carers also expressed that they want online companies to be more transparent about their data handling practices.

“Be frank. Use honest terminology. Make sure parents are aware that there children’s information will be passed on. It should be legislated that clear communication be used.”

“They need to be transparent and state clearly if they harvest information and what exactly they do with the personal info they have access to.”

Age-appropriate communication and notification

Children and young people said that they want more age-appropriate explanations about how their personal information is collected and used. They suggested using notifications, pop-ups, warnings, videos and interactive games to help them understand what is happening with their personal information.

“Uhmmmmm maybe they could have a warning come up on the screen (Like the notification when your device [battery] has 20%, 10% and 5%) to let you know how and where they use your info.”

“Make it like a game so they don’t just scroll and skip it. So it’s an interactive fun way to see the yes and no’s of the website/app.”

Children and young people also noted that they want privacy policies to be shorter and easier to understand, with less big words.

“explain using word that we can easily understand and know what will come when we are playing the app.”

“Yes, so it’s less confusing, and if they continue like this, they are probably on purposely making it confusing to make you quite reading and press accept all, so they can still bargain off you.”

The findings also show that parents and carers also want shorter and simpler privacy policies for themselves and expressed the need for age-appropriate communication for children and young people.

“Simplified language. Organisations should be required to explain what they do with the information in a prescribed, simple way. The information should be at a reading level of year 6 or below and no longer than a paragraph or two. Not like we see with Product Disclosure statements from phone companies and insurance companies.”

“Organisation should use plain, easy-to-understand language when explaining how they use personal information, avoiding legal jargon and overly technical terms. For children, age-appropriate visuals, short videos, or simple stories can help make the message clear. For parents and carers, it would be helpful to include a clear summary of what data is collected, why it’s needed, who it’s shared with, and how it’s protected. It would also build trust if they explained whether alternative apps were considered, why the chosen app was selected, and what specific benefits it offers for learning. Most importantly, families should be given real choices, not feel pressured into giving consent just so their child doesn’t miss out.”

Location tracking

Almost half of primary school aged children said that apps or websites should not be allowed to track where they go.

“no because I want my own privacy when I go out.”

“No way! This is stalking and could lead to privacy issues and leaks!”

The findings also highlight that the majority of high school aged young people, parents and carers think that online companies should not be allowed to have location tracking automatically on.

There was, however, a noticeable difference between the perspectives held by children and young people, and those of parents and carers. Children and young people generally expressed a higher level of comfort with location tracking, so long as the online company had requested their consent, and the location tracking was for a particular purpose.

“Only certain apps and websites should be allowed to track users such as W3W (What 3 Words- an app that is used by emergency responders), Life360, Emergency Plus, and similar applications. This is due to their nature of using locations to help their users. Other apps like snapchat should only have this feature available if a user selects this, it should not be default.”

“Yes, location tracking should be defaulted to off for all applications and devices. If it is required/ part of a system, the option to enable should be presented with a clear and easy to understand explanation of why it is needed to be turned on, what it is used for, and who can see the location.”

Whereas parents and carers tended to express that location tracking is not necessary at all.

“This is very concerning. Should not be able to track at all through games etc – just no need.”

“[Having location tracking automatically off] should be default, as children are vulnerable and have no understanding of how location tracking can be unsafe. The apps should NOT at all be tracking location specially for kids apps.”

Control over personal information

Children and young people expressed a desire to have control over their personal information.

“I want to feel like I am in control of my private information and that I can choose by myself if I really want to share it.”

“I want to feel that I had that choice to share something with my permission, and I want to chose what I share with them, if I don’t and someone does something with my personal stuff I will be sad.”

They also stated that they want the ability to review, edit and/or delete the personal information held about them, and expressed that this process should be easy.

“I think there should be a reset button on every app, like on drawing games when you want o undo your last action.”

“They could maybe let children be able to access their own data on the app and let them either modify or delete data they dont want”

The majority of parents and carers expressed support for children to exercise control over their personal information, including the option to delete their data.

“[Children] may change their minds when they understand more what is happening with their data also they have a right to protect themselves, no one should stop them from doing this. It is their data, their right”

“Ultimately any personal data held by an organisation belongs to the individual, and we should all have the right to delete it should we no longer wish to access an app/platform/service etc.”

“Online organisations] shouldn't hold data for children in the first place and should have the option of removing that data rather than update it.”

Parental controls and supervision

The findings show that around half of children and young people want their parent or carer to control the personal information they share online, they expressed that parents and carers play a role in protecting their online privacy and keeping them safe online.

“Yes, I think that parents/carers should be allowed to control what personal information you have online, because it makes you safer, and makes sure that people you don't know know your personal information.”

“Yes, I understand they are trying to keep me safe from inappropriate content and strangers”

At the same time, children and young people said they wanted their independence and ability to make their own choices online, to be respected.

“[I want parental controls] only sometimes because I just dont want them in full control since it is my personal information.”

“I want my parents to9 have a little say in what I do online but not have parental controls. I think parents should definitely teach their kids how to be safe online, what’s appropriate to share and who to share it. But after this, they should have trust in their kids and just check in every so often. I think kids should be allowed to make decisions and have experiences themselves. An adult can provide guidance but no control.”

A number of parents and carers expressed that parental controls such as content access restrictions, time limit controls, and/or restricting who can contact their child, were important to them.

“Parental controls should 100% ensure to manage screen time, block inappropriate content, prevent accidental spending, and keep strangers away.”

“Parental control page on every device and every application or service. The idea of reading a privacy ‘notice’ is misleading and conditions parents to give consent by default or deception. Under trade practices law this should be illegal. “Its not a reasonable practice for the ordinary person to sign something they cant or wont read because its long, full of terminology they dont understand.”

Profiling and Direct Marketing

The majority of participants said that they don’t think organisations should be allowed to use personal information for the purposes of direct marketing.

“I don’t think any organisations should be allowed to collect your information for advertising. Its for their own benefit, not yours”

“No, organisations should not be allowed to track children’s online activity to target them with ads. Children are not equipped to understand how their data is being used or to critically evaluate advertising, especially when it’s based on their personal behaviour. Targeted ads can exploit their interests and vulnerabilities, and it raises serious concerns about consent, privacy, and manipulation. If advertising is shown to children at all, it should be generic, age-appropriate, and not based on tracking or profiling. There should be strict regulations in place to protect children’s data and prevent commercial exploitation.”

A number of participants expressed a neutral perspective about profiling for the purposes of direct marketing, stating that if this were to occur, organisations should seek consent first, and/or highlighted the perceived positive of this

“If the information from your search history allowed organisations to customise ads to suit your interest, then there’s not necessarily anything wrong with that. In this scenario, it doesn’t seem like there’s any malicious intent, but it really depends on the organisation/how trustworthy the people collecting your data are. I think there should be more efforts made to ensure that the people who have access to your personal data are reliable”

“I think they should be aloud because sometimes Ads are useless but if it actually comes up with things you want, its less of a drag to read/watch them”

“It depends on whether they declare this and seek consent from the child and the carer. Sometimes the ads can be beneficial or useful. Tracking using geolocation should be banned due to the security risk to the child that cannot be mitigated by security against bad actors.”

Privacy settings and nudge techniques

Children and young people said that design features, such as larger font, more obvious text, buttons and easy to follow guidance, would help them find and understand privacy settings.

“the letters should be bigger, there could be an big arrow pointing to them, it should be on the front page so it is the first thing people see.”

“I’d say make it clear what each button does, explaining their function in the easiest way they could and maybe get rid of small buttons that can be merged with one another”

Most parents and carers said that online platforms shouldn’t be allowed to design privacy setting prompts to influence children to click a certain response.

“Absolutely not. This also includes things like placing an x on an ad that makes you think you are closing it, but you’ve actually just engaged with the ad or something further. The amount of trickery is ridiculous”

“No, platforms shouldn’t be allowed to design privacy setting prompts that pressure or trick children into choosing a certain option. Children need clear, fair choices without confusing or misleading designs, so they can make informed decisions about their privacy.”

If you are a child or young person

Check out the report to see what other children and young people say is important when it comes to online privacy, Children’s Online Privacy Code - children’s consultation report.

If you are a parent

Share the children’s consultation report with the young people in your lives to have a conversation about online privacy. You can learn more tips about having a conversation about online privacy at privacy tips for parents and carers.

If you are a school or teacher

Share the children’s consultation report with your school or classroom to have a conversation about online privacy.

Appendix A- Technical report

Methodology

We invited children, young people, parents and carers (participants) to share their views on online privacy in May and June 2025. The OAIC received 337 responses in total, 161 from primary school aged children (Years 3 – 6), 74 from high school aged young people (Years 7 – 12), and 102 from parents/carers.

Participants completed worksheets that asked questions about online privacy and either sent their response back via email or completed an online form. Participants were presented with several scenario-based exercises and then asked a series of open-ended questions. All answers provided were short response. The participants expressed, in their own words, their perspectives in response to the open-ended questions.

Responses received via email were manually entered into spreadsheets that contained the responses received via the online form. Prior to downloading the responses to the spreadsheets, the data was ‘cleaned’ in in respect to redacting personal information (e.g., when children specified names, usernames etc). Each response received was given a unique pseudonymous identifier.

Due to the qualitative nature of the responses, the responses were analysed through a three-stage method of inductive, open coding. First, a small sample of 25 responses were analysed to generate initial codes and a corresponding codebook with definitions was created. As themes emerged through the analysis of the responses, new codes were created and added to the codebook. Second, after all 337 responses were coded, a second coder reviewed the coding. Finally, third, codes were grouped into ‘parent’ codes (ie., codes that were similar were grouped together into broader umbrella codes) to further refine the analysis.

The following tables detail the question that participants were asked, the ‘parent’ codes that were generated through the analysis, and the frequency of those codes. We have also shared below each table some responses, as they were written, to each question which are illustrative of the findings.

Primary school student findings

161 respondents from Years 3 to 6. All answers were short responses.

“it didn’t feel nice and when I share something online I want to feel safe and sure that what I share no one will be able to use it against me…”

“I want to feel that I had that choice to share something with my permission, and I want to chose what I share with them, if I don't and someone dose something with my personal stuff I will be sad.”

“It felt very frustrating and uncomfortable, because my friend sent a very weird photo of me to a group chat that I didn’t want to send that photo to. I think it is very important to have consent before you share anything that is not YOURS to share because the other person might not feel comfortable with it.”

“I would like me, my Mum, my Dad and my Nana too have that key. Because I trust them not to do anything bad with it, and if they wanted to use it for something I would make them have to ask me prior to them using it.”

“I would only let my family have the key, I would not let my friends or anyone else because they might use it the wrong way”

“The only person in the whole universe who can open it is…. me. Websites and apps should not have the information. Some family members are expected.”

“Nope! It’s not right. When I look up a toy and then see ads for it everywhere, it feels like someone’s spying on me. I didn’t say they could do that.”

“No. Because often the information shared is without consent.”

“No as it could really trigger peoples emotions and they would never trust online again.”

“they should just say what they do with it without any lies”

“Uhmmmmm maybe they could have a warning come up on the screen (Like the notification when your device [battery] has 20%, 10% and 5%) to let you know how and where they use your info”

“They should warn you beforehand of using your information and also confirm it afterwards.”

“They can put the privacy button at the front of the website and use easier words so that small kids can understand what their saying.”

“Make it easy to navigate the app. Don't just go, "First go into the settings, then click on this, then click on that,"...... It's complicated. Just make it simple.”

“Animated signals pointing to the buttons to choose if you’re under a certain age.”

“No apps should not be allowed to track where you are. apps and websites should explain why they need this information and what they will do with it”

“I don’t think websites should be able to track where you go unless it is something like Google Maps and you are trying to see how long it takes to get somewhere etc. I think that they should explain each scenario”

“You should be able to easily access you location privacy settings and be easily notified when your location is viewed by family and friends. I have Snapchat, and it has a location thing so you friends can see where you are. Mine isn't on but if it were i could easily change because it is one of the main buttons.”

“Before they play the game they should have a short summary of what the company does when the player allows them to do specific things like chat. So they can understand that their information is not being leaked.”

“I think there should be a reset button on every app, like on drawing games when you want to undo your last action.”

“have a button that says “my shared data.””

“messenger kids breaks dem into small slides with pictures and short dot points make it eezy and so sometimes I read them for fun.”

“Made it like a game so they don’t just scroll and skip it. So its an interactive fun way to see the yes and no’s of the website/app.”

“explain using word that we can easily understand and know what will come when we are playing the app.”

“No, because sometimes kids are too shy to ask their parents for permission, and what if you need to do something really important and then parental control kicks in? Then, what if your parents don’t know how to turn it off?”

“No. I feel like I should have freedom, not being controlled from parent who can sometimes make…….. embarrassing choices. I know what I get myself into.”

“Yes, I think that parents/carers should be allowed to control what personal information you have online, because it makes you safer, and makes sure that people you don’t know know your personal information.”

“I don’t want location tracking. I want to be protected. businesses don’t care about us, they only care about dollars.”

“siris, Alexas and googles because they are recording you and they can steal personal information about you that nobody else should know except you and your family.”

“Online privacy should make the internet a lot easier.”

High school student findings

74 respondents from Years 7 to 12. All answers were short responses.

“It felt as though they had broken the trust between us; even if it were a small, insignificant thing, it still meant that they had actively gone against my wishes and my privacy.”

“I felt so incredibly frustrating about it, because I know I have given that trust in sharing that information with them. It’s definitely a breach of the trust that I had given them, and it made it difficult to trust them again.”

“If felt absolutely horrible. Nothing is private at home, and I’ve just learnt to accept it.”

“Like I can control what people know about me and how that information is presented, and like I am safe from anyone who might use my information for purposes that might hurt me or that I don’t want to be associated with.”

“I want to feel comfortable and I know I can trust whoever I’m sharing the information too because I don’t to have a feeling of regret knowing it might get leaked. Or that whatever they’re asking makes sense and isn’t any invasion of privacy and nothing related.”

“I’m definitely careful around it, not to the point where I am completely private with everything, but I always stop and think about what I am sharing, and what repercussions it may have on me, like personal information, or things that could be used out of context. Recently I’ve been much more careful regarding showing my face due to the recent problems of faces being placed onto inappropriate figures.”

“I think my information should only be accessed by my parents, the police, the health care units, and the government, but only if it’s for a good cause. I think I should be able to decide, not anyone else.”

“I think my parents/guardians should be able to unlock it because they know the dangers of unlocking it and the consequences. I think my friends shouldn't unlock it because they don't understand what happens when they type personal info out into the online world.”

“Depends, I think this changes person to person. One person's parents might be amazing and they want them to know that, for others their parents might be abusive. For me probably my parents, friends, Docters, school”

“I hate it when ads are targeted for me and I don't think it should be allowed. Asides from it just being creepy and annoying, it can also be very distracting for young people like myself. When viewing these items online (e.g the new sneakers in the scenario) this is usually done in spare time at home. However during the day at school ads for these items often appear on the school-related website. They grab your attention because they are specifically target for you. This is extremely frustrating because although it can be interesting it is not the right time to see these things. I think it should be my choice when I look at these items online. Therefore I don't think organisations should be allowed to use personal information for profiling and showing ads.”

“If the information from your search history allowed organisations to customise ads to suit your interest, then there’s not necessarily anything wrong with that. In this scenario, it doesn’t seem like there’s any malicious intent, but it really depends on the organisation/how trustworthy the people collecting your data are. I think there should be more efforts made to ensure that the people who have access to your personal data are reliable.”

“I don’t think any organisations should be allowed to collect your information for advertising. Its for their own benefit, not yours.”

“By telling you what to do with it and not keeping it for their own sake. Organizations like that sometimes use your own data to gain money from that or take money from you without you realizing that.”

“They could tell me that it is so that I can have a good time on the website, but really they’ll try to find out about everything in my life.”

“Organizations should be completely transparent with how they collect data, how it is stored, and how it is further used. It should be shared quite explicitly and directly to the point. Like how cookies are made to be announced, the same should be shared on every website or application that enables personal information profiling and saves/shares information. They should not be able to hide this information in a small font, it needs to be visible AS SOON AS you click into the application or website.

“Have settings where it says, "who can see my information" and it can say strangers, friends or no one.”

“I’d say make it clear what each button does, explaining their function in the easiest way they could and maybe getting rid of small buttons that can be merged with another one.”

“Making them more accessible by showing them to you, and giving you the option to review them every so often. They can also make ads to remind people of privacy settings, and use more accessible language (less legalese) so young people can understand.”

“In the privacy policy, provide a number or email address that people can contact in order to speak to a real human employee (NOT an AI chatbot) about questions or concerns they have regarding their privacy. When people contact them, the organisation should respond to their concerns compassionately or at least politely, with professionalism and correct information. Once the organisation shows that they can be trusted to help people and protect our privacy rights, I would be more likely to go to them with questions or concerns.”

“not bombard you with all these weird words that that are confusing and most people like teens can’t understand.”

“they could do things like data banks/volts to show that your data is safe.”

“no not at all. If theyn know where your going they could probably get your address because that’s most likely where you are all the time. They might occasionally be allowed to see what your looking at to promote their website which still doesnt sit right with me.”

“app should not know where you are unless that is what the app is for.”

“If unknowingly then no the website should not track you. But if you choose for the tracking than yes the website is free to track you.”

“Only certain apps and websites should be allowed to track users such as W3W (What 3 Words- an app that is used by emergency responders), Life360, EmergencyPlus, and similar applications. This is due to their nature of using locations to help their users. Other apps like snapchat should only have this feature available if a user selects this, it should not be default.”

“If an app or website wants to track your location, it should send you a pop-up notification. You should then be able to click on the notification to access correct and understandable information and when, how and why they want to track you. You should NEVER be opted into location tracking automatically. You should be given an option to allow the site to track your location, and the site should remind you every so often, perhaps every month, that they are tracking you so that you don’t forget about it and can opt out if you change your mind.”

“Websites and apps should have a toggle switch in the main page of the app or website that allows you to turn the tracking on and off. This mean the user gets to choose when they are tracked and allows them to have more control over their personal information (location). But I don’t believe there is any need for tracking (pls see question above). But if it must be done the user should have full control over when and how.”

“Apps and websites should not have location tracking as a default, it should be required that for location tracking to occur, a user needs to independently select this feature. There should be an explicit icon or statement visible at all times when using the platform with location tracking enabled. This should also have the option to select a link that directs users to the platforms privacy statement, and their statement about why location is in use.”

“By seeming like they are trying to help the kids instead of what they are trying to do, if you make it seem like you do it for them they wont have fun and learn what they need to do in the future, tell the kids how to do it and let them do it with their own hands so they learn and have fun whilst they're doing it. if its digitally then its a lot different”

“To have a page with what they have and know about you.”

“Give examples, or directly show (after use of website) what information the website has and could tell anyone and really talk about consequences.”

“Everytime they sign in they can ask if it is still the same person or if they want to change anything.”

“They could have a button where can delete, change, or update something they have posted, and it will change it on everyone’s device.”

“This is a really tricky problem that’s not really something organisations can fix – it’s up to us teenagers to be careful with what we post, the information we share and who it goes to. But organisations can help educate us about how to be safe online.”

“Yes, so it’s less confusing, and if they continue like this, they are probably on purposely making it confusing to make you quit reading and press accept all, so they can still bargain off you.”

“Companies do that to make you want to give up and accept the cookies and yes companies should be required to write shorter policies if they cannot do that then they should summarise it to 5 paragraphs.”

“Yes. A lot of people don't read these because of how long and unclear they are, and then they unwillingly find their interests or info from this company shared to others. That's just a sneaky move that can and probably has affected a lot of people.”

“Put the information under clear headings, such as "What data we collect", "How we use your data", "How we store your data", "Your privacy settings", etc. Use bullet points and reasonably short sentences. Provide a glossary of basic terminology/how it is used in the privacy policy. Direct readers to a more detailed/complex policy or a real human employee if they still have questions or concerns.”

“They could translate it into language that kids normally have.”

“They should have a app or trusted website that finds and tells you what and where your personal info is.”

“Have a say in it because parents and older people tend to have good advice and can be quite wise. Although, they shouldn't be in full control as some of them tend to have stupid advice that doesn't even make sense.”

“no because sometimes this is a way people escape from things to help them”

“Regardless on how much control you give to parents and carers, it will not stop sneaky kids, I’ve done my fair share of sneaky things to get into different website against my parents wishes and it was honestly easier than it looks doing it behind their back, whatever you do it likely won’t work”

“I want my parents to have a little say in what I do online but not have parental controls. I think parents should definitely teach their kids how to be safe online, what's appropriate to share and who to share it. But after this, they should have trust in their kids and just check in every so often. I think kids should be allowed to make decisions and have experiences themselves. An adult can provide guidance but no control.”

“It depends on the social media and person at 14 I was probably smart enough to know what I should or shouldn't be posting but the same can't be said about anyone. 14 years old seems like a good age, second year of high school and that feeling of doing something with parents permission is exciting, but the end of the day parents will make their own rules regardless.”

“18, so that young people don’t end up making accounts on NSFW websites. However, I think there should be an exception for anonymous mental health websites such as Reachout Forums or My Circle because parents, especially abusive parents, can take a toll on mental health.”

“Well, I don’t think kids should even have social media till their 16 years of age. Once their 16 I think their mature and old enough to create the account themselves.

“that everything on tech is so hard to understand and is full of hard words and phrases and it should be able to change the language setting to fit for your age and reading level.”

“I think young people should have more say in these important things.”

“I think everything that the survey has talked about should change NOW for the rights of us we need your help.”

Parents and carers findings

102 respondents from parents and carers. All answers were short responses.

“At my youngest child’s school, she was connected to 16 edtech apps via one platform consent form. The privacy risks in many of the added layers in the schools tech stack were very high. The  school had no answer for me when I asked why they didnt explain the different apps on top of the school portal- this eroded the trust I had in the school to look out for the best interests of my child.”

“I've experienced this many times throughout primary school and secondary school.  There are a lot of online resources used by schools these days - from educational apps on iPads to digital school lunch ordering systems or consent forms for excursions.  I feel like mine and my children's personal information is floating around in a lot of small company start-up like databases - how do I know my data is encrypted, or deleted after the purpose of gathering my information has expired?  It feels like leaving breadcrumbs all over the internet and I have no control over how widespread it is or the ability to clean it up!”

I am very concerned about this. It is not just the complexity of the legal document, it is the fact that the department of education often uses free apps like google office/apps, that are in the business of collecting, analysing and selling information (from content, profile, location, behaviour etc.), we do not have the option to access education but opting in. Giving away our children’s information to these big tech companies are just not right. The government should invest in using its own apps that minimising data sharing with 3rd party, with strong data protection security in place. The government should invest in using its own apps that minimising data sharing with 3rd party, with strong data protection security in place. The government school should also encourage students to use non-google alternatives for communication (email, office apps). Many EU app companies are subject to much more comprehensive online data protection regulation.”

“Clear easy to understand language and labels. Not using jargon to obfuscate what they are asking for, applying or using the data for. Options for parents to decline, avenues for change of mind-dynamic consent like health trials offer. Basic consumer rights. Evidence or assurances of how they safeguard the data and ensuring the databases aren’t able to be merged to identify a child.”

“Would be ideal for OAIC to create an unbiased source to educate children/minors on the commercialisation of data and risk/impact of over exposure in a way that kids understand. If it can be enforced for organisations to incorporate the link to education source in their own consent agreement this would support awareness and understanding.”

This isn’t the right question to ask, because in any situation where a parent is asked to provide consent for their child to use software in a school there is a power imbalance that negated truly independent decision making. The emphasis should instead be on minimum, mandatory privacy controls so that parents and children are alleviated from the burden of having to think about it, in the same way that parents do not have to think about whether the school's art or sports equipment is fit for purpose.”

“Parental control page on every device and every application or service. The idea of reading a privacy ‘notice’ is misleading and conditions parents to give consent by default or deception. Under trade practices law this should be illegal. Its not a reasonable practice for the ordinary person to sign something they cant or wont read because its long, full of terminology they dont understand.”

“mapping of interconnected apps and how the control can affect them. preset groups of settings for typical, high and low security and privacy settings, notes or links to information regarding setting effects and recommendations.”

“incentivise an age-appropriate design approach and intuitive privacy/security options, with something like a kite-mark or AADC seal of approval.”

“Minimum data collection from the child, no data sharing unless explicitly permitted, no surveillance, no nudging or dark patters or gamified subversion of privacy controls.”

“Understanding of what content is within the content, many parental controls only work when something has a rating.”

“parental controls should 100% ensure to manage screen time, block inappropriate content, prevent accidental spending and keep strangers away.”

“no! Children’s data should never be collected for advertising purpose. The app design should minimise data collection as default. The same applies to adult. Our privacy is not for sale. The business model should be charging for the app rather than secretly taking our data for ‘free access’.”

“No, organisations should not be allowed to track children’s online activity to target them with ads. Children are not equipped to understand how their data is being used or to critically evaluate advertising, especially when it’s based on their personal behaviour. Targeted ads can exploit their interests and vulnerabilities, and it raises serious concerns about consent, privacy, and manipulation. If advertising is shown to children at all, it should be generic, age-appropriate, and not based on tracking or profiling. There should be strict regulations in place to protect children’s data and prevent commercial exploitation.”

“it depends on whether they declare this and seek consent from the child and the carer. Sometimes the ads can be beneficial or useful. Tracking using geolocation should be banned due to the security risk to the child that cannot be mitigated by security against bad actors.”

“It is up to the parents to play a more active role. We cannot wrap our children in cotton wool, we should be able to see what our children have been exposed to should it “breach” an age restriction limit we have set?”

“Yes, restricted to at least the age of 15, and with controls that still apply to adulthood to ensure that any advertising is in the child’s best interest.”

“There should be no ads allowed until a child or working age. Here in WA that is 13 and 9 months. At that point in time, they are beginning to learn how things cost and are able to assess these ads with different eyes.”

“Yes, location tracking should be defaulted to off for all applications and devices. If it is required/part of a system, the option to enable should be presented with a clear and easy to understand explanation of why it is needed to be turned om, what it is used for, and who can see the location.”

“I’m really concerned that this app is showing my child’s live location to other users, including people they don’t know. My child didn’t realise this was happening, and there was no clear way to turn it off. This feels like a serious safety issue, especially for an app that children are likely to use.”

“Absolutely, this is very concerning. Should not be able to track at all through games etc – just no need.”

“Ask simply, do not double cross people by making the opt out button the faint/lower contrast setting, and ask twice.”

“They should not let kids move further in download without a difficult question that only a parent or an adult can answer, that way parents can refuse to allow location tracking, and this should be asked as a separate question leading up to the download.”

“by default location should be turned off and once with appropriate consent, it should be only for the duration of that session”

“Easy link to request or view all info. The user (children and their parents) should have the right to view all the information held about them and request for permanent deletion at anytime. This should be strictly enforced by the government via regular audits.”

“Organisations will always apply bias and not be completely transparent to protect PR. I don’t think we can trust organisations with this responsibility. If the OAIC can support parents and school with educational material parents need to take responsibility for educating themselves and kids.”

“A standard personal information page used across apps and same method of accessing it in different apps would allow children to develop the responsibility of checking and being able to identify what information is being held independently. This also gives children the skills to keep their privacy policy in check as the grow.”

“It shouldn’t hold data for children in the first place and should have the option of removing that data rather than update it.”

“right to erasure built into law. Right of access to any data set about them”

“First share the information, offer option to update, change or delete data especially date of birth and contact details”

“Yes. It should be 2 factor deletion with a guardian. Companies rights to info is not more important then personal sovereignty of info”

“Definitely as they may change their minds when they understand more what is happening with their data also they have a right to protect themselves, no one should stop them from doing this. It is their data, their right.”

“Absolutely. Ultimately any personal data held by an organisation belongs to the individual, and we should all have the right to delete it should we no longer wish to access an app/platform/service etc.”

“Absolutely not. This also includes things like placing an x on an ad that makes you think you are closing it, but you've actually just engaged with the ad or something further. The amount of trickery is ridiculous.”

“That is very unfair, children should only be allowed to sign up to platforms in adult supervision and the Privacy setting should not be designed to influence anyone let alone children”

“NO. Let’s put people first and mandate aspects of this to prevent companies from using tricks and dirty tactics to harvest personal data, particularly from children.”

“Each option is presented with equal emphasis, in plain language, with no punishments or reduced functionality for selecting a privacy-preserving option.”

“I think OAIC has an opportunity to create a list of standardized yes/no questions that reflect the concerns of the Australian community.  Each app or service should have to include a table of responses in their privacy policy.  The list could include questions like: does any data get stored overseas?  Are biometrics collected?  Is interaction with other users permitted etc”

“Why does it matter. If they say no, they’ll be blocked from using the app, so they’d never say no anyway.”

“A potential gap for the children’s privacy code is the personal information about children that has been created and shared by their parents on social media. Many children today are the first generation not to have the option to create their identity online - it has already been created for them by their parents and other adults. There needs to be a mechanism for children to take control of the personal information that has been loaded online about them, without their knowledge or consent, and no doubt has been used by media and analytics companies to profile them without their knowledge.”

“Concerns with all the online apps for preschools/daycare/schools (like educa, story park, seesaw,etc) that store detailed records of our kids linking photos with name, age, medical info, etc they document their days and everything about them. It is a lovely record for parents but how do we know this information can’t be accessed by others.”

“Don’t create a blanket code that doesn’t reflect the individuality and application of different apps to children. Some are good and you can see they try to protect children’s privacy. Others are bad. This needs a balanced and realistic approach otherwise we will end up losing the good apps (too hard or too expensive) and be left with just the bad ones who are and never will follow the code because they can afford to get away with it.”