Skip to content

Critics pushback as Australia enacts social media ban for under-16s

  • by
  • 3 min read

Australia has enacted one of the world’s strictest social media laws, banning users under the age of 16 from accessing platforms like Facebook, Instagram, TikTok, and X. The law, passed on Thursday, seeks to protect children from the mental health impacts of social media but has sparked controversy both domestically and internationally.

The Social Media Minimum Age Bill mandates tech giants, including Meta, Bytedance, and Snap, to block underage users or face penalties of up to AUD 49.5 million. A pilot program to test age verification methods begins in January 2025, with the full ban set to be enforced a year later, reports Reuters.

Similar legislation has been passed in France and some states in the United States. However, these regulations require parental approval. On the other hand, Australia’s approach is absolute, barring all under-16s from these platforms.

The legislation gained momentum amid growing concerns about the harmful impact of social media on teenagers. Before passing the law, Australia conducted a year-long enquiry to hear testimonies of parents whose children have suffered from the negative effects of social media, including cyberbullying, self-harm, and suicide.

Moreover, Prime Minister Anthony Albanese’s approval ratings will likely improve after this law ahead of the 2025 elections.

Data is the fuel that keeps the tech world running and was recently said to have come at par with the petroleum industry. There is no doubt that companies are focusing on collecting large quantities of data. Facebook, one of the tech titans, has gained a notorious reputation for collecting data without user consent. Governments, too, are diving into the data collection field. The prime example is the Aadhar Card initiative in India, which was rolled out by the BJP-led NDA government. Collection of huge data inevitably poses data security risks. There have been incidents of data leaks where user's personally identifiable information was exposed. Differential privacy provides a way for the companies to collect and share the data but without risking the personal information. For instance, a survey that aims to find out how many people, from the given set of 100 people who watch television, watch Netflix or Prime, will treat the answers as a data set instead of an individual -- keeping anonymity intact on paper. So, instead of analysing each individual from the set, we get an overall figure. The figure might look something like 70 out of 100 people watch say, Netflix. But the identity of those 70 people who watch Netflix or the remaining 30 that don't isn't revealed by the data set. Differential privacy uses algorithms for data anonymisation. In simple terms, differential privacy is a more robust and mathematically powerful definition of data privacy. Cynthia Dwork is credited to be the founder of this technique. According to a research paper authored by Cynthia Dwork and Aaron Roth, titled The Algorithmic Foundations of Differential Privacy, " Differential privacy describes a promise, made by a data holder, or curator, to a data subject [that] you will not be affected, adversely or otherwise, by allowing your data to be used in any study or analysis, no matter what other studies, data sets, or information sources. are available. " Need for Differential privacy Data privacy is paramount. Big data collection and analysis is necessary for companies to understand human behaviour and motivations in order to be able to judge consumer trends and market their products accordingly. Big data has a tremendous scope and the market for the same is exponentially growing, but so are the risks. In recent years, micro-data, which is essentially the information about the individual, is becoming public. Micro-data contains the most private and varied aspects of an individual and thus are most susceptible. Protection from linkage attacks In 2006, Netflix published a dataset of about 500,000 users, to support the Netflix prize data mining contest. In this contest, they randomised some data and hid the others. However, researchers were able to demonstrate that even the most anonymised data can be breached. For sparse datasets, such as that of Netflix, an attacker with the least technical knowledge can perform a data breach. The researchers juxtaposed the data from the IMDb over the Netflix datasets and found out the user's name. Thus solidifying the need for differential privacy. Conclusion irrespective of individual Differential privacy also solves the paradox of 'learning nothing about the individual while learning useful information about a population' by making the conclusion independent of the individual. In other words, it does not matter whether the individual opts out or stays in the study, the conclusions will remain the same nonetheless. In differential privacy, each output is likely to occur equally, irrespective of the presence of the participant. Ambiguous Queries Sometimes the queries, in itself are problematic and ambiguous. Suppose,  'A' has a known condition or a habit. There are two research questions about A's condition: How many people in a given dataset have the same condition or habit as A? How many people in the dataset, not having the name A, have the condition or habit? Thus, from the above example, it is clear that A's condition can be deduced easily unless differential privacy is applied. Also read: 9 new privacy and security features announced at Google I/O 2019 How does it work? Differential privacy is a prime tool to prevent differentiated attacks. Differentiated attacks follow the process given below. Let us consider a situation where we have to find out about who watches Netflix or Prime. In a data set of 100 people, an attacker wants to find out about Sunny's habits. He already knows that 70 out of 100 people watch Netflix. An attacker, by obtaining background information about other 99 people, can easily say that 30 watch Prime and 69 watch Netflix. Sunny, being the 100th member can only watch Netflix as 70 out of 100 people watch Netflix. Differential privacy guarantees protection against such attacks by inserting a random 'noise' to the data. Noise is a carefully designed mathematical function that gives the probability of the events occurring in an experiment. In the above situation, instead of using a 70/30 ratio, we can use odd ratios like 69/31. In this way, it is difficult to reach Sunny individually, but the overall ratio remains nearly the same. Thus, the noise adds additional algorithms to the whole process. They are particularly useful if there is data about some confidential habits. Some common noise mechanisms are Laplace distribution and Gaussian distribution. Challenges with differential privacy As we have seen, differential privacy protects the user's privacy while allowing the data aggregation. However, there are several limitations, which are as follows. Differential privacy works only when the aggregated data is extensive. For less extensive data, this technique is not much useful. This technique is not helpful where there is an unequal summation of data. For example, in a data aggregation about incomes, inclusion or exclusion of one individual can change the result considerably. The reason is that the incomes are unevenly distributed is that the top 20 percent earn exponentially higher than the rest of the 80 percent. Therefore, the exclusion of any top 20 percent member will affect the result. In queries involving a series of private questions, we have to add more noise to obfuscate the identity. More the queries, more the noise, which makes it difficult to derive anything useful from the data. In the garb of differential privacy, companies can now collect even more data from the users. Big giants like Apple, Google are already applying differential privacy for protecting user data. Apart from that, software companies like Privitar are also applying this method. Differential privacy has also found implications in cloud security. Thus, differential privacy is gaining momentum in recent years and is likely to continue along the upward trajectory in the foreseeable future. Also read: What is a Credential-based cyberattack?
The Social Media Minimum Age Bill has its fair share of followers and opponents.

The legislation has faced strong pushback from tech companies and privacy advocates. Meta expressed concern over the nature of the law and its potential to impose undue burdens on families and businesses. Similarly, Snap raised questions about how the law would be implemented, emphasising the need for a balanced approach.

Meta has taken some steps to protect teenagers on its multiple platforms. For example, the company collaborated with researchers to study teen mental health, limited advertisements to be shown to teens, deployed artificial intelligence (AI) to identify underage teens, and purged sextortion accounts.

Critics within Australia have warned of unintended consequences. Privacy advocates fear the law could lead to intrusive data collection, paving the way for state surveillance. Youth advocacy groups and academics argue that the ban might isolate vulnerable young people, such as LGBTQIA and migrant teens, from crucial online support networks.

Tech magnates like Elon Musk, now a key figure in the US politics, criticised the law as a veiled attempt to control internet access. This legislation adds to tensions between Australian and US-based tech companies, which have recently clashed over issues like digital royalties and scam prevention.

This new Australian law will majorly impact social media companies and governments worldwide. Last week, news reports emerged that the United Kingdom is also mulling a social media ban for under-16s.

In the News: Smart gadgets lack of software support could be illegal, warns FTC

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>