Richard Baker / Getty Images

The Australian government today released regulatory guidance on the social media minimum age law, which comes into effect on December 10. The law will restrict individuals under 16 from holding accounts on many social media platforms.

Reasonable steps for tech companies

This guidance follows a self-assessment guide for technology companies recently released by the eSafety Commission. Companies can use this to determine whether their services will be age-restricted.

That guidance included details on the types of platforms to be excluded from the age restrictions, such as those whose “sole or primary purpose” is professional networking, to support education or health, or to enable playing of online games.

Today’s guidance is aimed at services likely to be age-restricted, such as Facebook, Instagram and TikTok. It sets out what the government considers “reasonable steps” technology companies must take to “ensure they have appropriate measures in place” to comply with the legislation.

Removing underage users

Social media platforms will be expected to “detect and deactivate or remove” accounts from existing underage users. The government advice says this should be done “with care and clear communication”, which suggests account-holders will be notified.

However, it remains unclear whether companies will delete a user’s content. Nor is it clear whether an underage person’s account could be reactivated once they turn 16.

Preservation options may demonstrate a level of “care” expected by the legislation. This may be important for young people concerned about losing their creative content and social media history.

Tech companies will also need to “prevent re-registration or circumvention by underage users whose accounts have been deactivated or removed”.

This suggests companies may need to put measures in place to counter attempts to use virtual private networks (VPNs), for example, which allow users to hide their country of residence. They may also need strategies to check whether underage users are accessing accounts due to errors made by age-assurance technologies.

How age assurance may work

For users over 16 who are erroneously restricted from accessing accounts, technology companies must “provide accessible review mechanisms”.

Companies are also expected to take a “layered approach” to age assurance to minimise error rates and “friction” for users. They must also give users choice on how age will be assured, as they “cannot use government ID as the sole method”.

This may allay some data-privacy concerns. However, the number of users who need to provide some form of personal information to assure their age will be significant.

The government guidance makes clear companies must ensure they are “avoiding reliance on self-declaration alone” (that is, simply asking users their age). Companies must also be “continuously monitoring and improving systems” to demonstrate they are effective in limiting underage account access.

Will the legislation achieve its goal?

The guidance provides clarity on many practical questions about how the legislation will be implemented. It also demonstrates that Australians under 16 are not being banned, completely, from accessing social media content.

Under-16s will still be able to view social media content online without logging into an account. This means things such as watching YouTube on a web browser.

Young people may still access content through accounts held by older people. Think of when adult accounts remain logged in on shared devices.

Parents and other caregivers will need to ensure they understand the new rules and continue to guide young people accessing content online. The eSafety Commissioner will also provide further resources to support people to understand the new laws.

What won’t be required

Importantly, the government “is not asking platforms to verify the age of all users”. The guidance explains such a blanket verification approach “may be considered unreasonable, especially if existing data can infer age reliably”. Some young people may keep their accounts, such as in cases where facial scanning technology estimates them to be over 16.

The government “does not expect platforms to keep personal information from individual age checks” or retain “user-level data”. Rather, companies will be expected to keep records that “focus on systems and processes”.

This suggests individual cases of young people accessing accounts may not mean companies have failed to comply with legislation.

However, the eSafety Commissioner said in a press conference today that companies will be expected to “make discoverable and responsible reporting tools available”. Where some young people’s accounts are missed, the government will “talk to the companies about the need to retune their [age assurance] technologies”.

What happens next?

Technology companies are likely to start implementing restrictions using data they already have for account holders, to ensure compliance from December 10. If a person signed up to Facebook in 2004, when the platform launched, for example, that could demonstrate the account holder is over 16 without additional checks.

However, the government is not prescribing specific approaches or technologies companies must use. Each service will need to determine its own strategy. This means Australians could face differing expectations for age assurance from each platform.

What the government has made clear is there will be no delay in the start date for compliance. Communications Minister Anika Wells said there is “no excuse for non-compliance”.

The next steps are now in the social media companies’ hands.

This article is republished from The Conversation, a nonprofit, independent news organization bringing you facts and trustworthy analysis to help you make sense of our complex world. It was written by: Lisa M. Given, RMIT University

Read more:

Lisa M. Given receives funding from the Australian Research Council. She is a Fellow of the Academy of the Social Sciences in Australia and the Association for Information Science and Technology.