Australia: Office of the Australian Information Commissioner released privacy guidance on age assurance technologies

On 17 March 2026, the Office of the Australian Information Commissioner (OAIC) released privacy guidance on age assurance technologies aimed at organisations and public authorities subject to the Privacy Act (APP entities) that are considering implementing systems involving the collection, use, or disclosure of personal information. The guidance is intended to support compliance with the Privacy Principles (APPs) and to help both regulated entities and third-party providers assess and manage the privacy implications of different age assurance approaches. It outlines twelve areas linked to APP 1, 2, 3, 5, 6, 7, 8, 10 and 11, including assessing whether age assurance is necessary, preserving anonymity where possible, applying privacy by design in selecting methods, carrying out due diligence, ensuring transparency, enabling accessible complaint mechanisms, limiting data collection to what is strictly necessary through the least intrusive means, reducing privacy risks when inferring age from existing data, clearly separating primary and secondary purposes, addressing accuracy and potential bias, strengthening security and vendor oversight, and ensuring appropriate de-identification or data destruction practices. Entities implementing age assurance to comply with the Social Media Minimum Age obligation are advised to read this guidance together with the OAIC’s guidance on Part 4A of the Online Safety Act.