Australia: Office of the Australian Information Commissioner opened consultation on Privacy (Children's Online Privacy) Code 2026 including data protection regulation

On 31 March 2026, the Office of the Australian Information Commissioner (OAIC) opened a consultation on the exposure draft of the Privacy (Children's Online Privacy) Code 2026 (the Code) until 5 June 2026. The Code would apply to providers of social media services, relevant electronic services and designated internet services that are likely to be accessed by children or are primarily concerned with the activities of children, under the Privacy Act 1988. The data protection provisions of the Code would require entities to collect, use and disclose children's personal information only where consistent with the best interests of the child. Entities would be required to implement privacy-by-default measures, ensuring that only personal information strictly necessary to provide the service is collected, used, or disclosed by default, with opt-in controls for any additional handling. The Code would introduce a consent framework under which children aged 15 and above could provide consent independently, while parental consent would be required for children under 15. Consent would be required to be voluntary, informed, current, specific, and unambiguous. Direct marketing to children would be permitted only with consent, where consistent with the best interests of the child, and where personal information is collected directly from the child. Children, or persons with parental responsibility, would have the right to request the destruction of their personal information, subject to limited exceptions. Entities would be required to conduct privacy impact assessments before launching new services likely to be accessed by children and to provide child-friendly privacy policies and age-appropriate collection notices. Following the consultation period, the OAIC aims to register the Code by 10 December 2026.