Online social networking


67.51 Until recently, the internet was primarily a source of information. Today, however, it is used by many as a means of communication and has become an important part of social relations.[39]

67.52 Many people now engage in online social networking. Social networking websites enable members to meet people; send messages to each other; share information; and to post information, photographs and videos of themselves for others to view.[40] The explosion in the use of social networking websites is part of a cultural shift in the way in which people interact with others.

67.53 The ALRC did not ask a question about online social networking in Issues Paper 31, Review of Privacy (IP 31). This issue has, however, received significant media attention since this Inquiry began. There are now numerous academic papers, media articles and online postings discussing the phenomenon. The increased number of Australian participants using online social networking sites led the ALRC to explore the issue with young people after the release of IP 31. The ALRC has concluded that there are privacy concerns around the practice of online social networking which require further consideration.

Online social networking and young people

67.54 Many young people engage in social networking on the internet. Social networking websites—such as MySpace, Facebook, BeBo and YouTube—provide a forum for young people to promote themselves, and share their thoughts and experiences with like-minded young people around the globe. A growing number of social networking websites are aimed at children as young as 6 or 7.[41]

67.55 It also should be noted, however, that not all online social networking is conducted by young people. In May 2007, MySpace Australia had three million members, 50% of whom were over the age of 25.[42] A survey of 2,000 working adults in the United States indicated that just under half participated in online social networking, and over half of these participants were older than 35.[43]

67.56 Many individuals and organisations seeking to promote themselves in the online environment also participate in prominent online social networks. For example, in 2007, following the lead of presidential candidates in the United States, Australian politicians were encouraged to develop their own MySpace profiles to engage better with younger voters.[44]

Privacy and online social networking

67.57 Social networking websites generally enable members to create personal profiles. These can include text, photographs and video images, and often contain personal information. One concern about social networking is that it often involves participants disclosing personal information to a worldwide audience. This concern is highlighted when children and young people disclose personal information when participating in online social networking, given their more limited capacity to understand the consequences of disclosure of personal information in an online environment.[45]

67.58 There is evidence to suggest that young people use social networking websites differently to older people. In 2007, research conducted in the United Kingdom on behalf of the social network Viadeo revealed that adults aged 18–24 were more likely to post information about themselves online than those in older age groups.[46] Fifty four per cent of adults aged 18–24 indicated that other people had posted information about them online, either with or without their consent. This information then becomes part of a person’s ‘NetRep’—a personal online brand that others contribute to with or without consent. The Viadeo research is consistent with some of the research discussed above which indicates that those in their late teens and early 20s are more likely than any other age group to disclose personal information in the online environment.

67.59 There are concerns that participants in online social networking may be exposing themselves to dangers such as commercial exploitation, sexual predation and identity theft. In addition to chat rooms, there are now concerns that social networking websites are being used by sexual predators.[47] Children and young people are generally attuned to ‘stranger danger’ in chat rooms. The ALRC’s consultations in this Inquiry indicated, however, that not all young people are aware that the world of social networking is a public one that may be dangerous.

67.60 Online social networking raises two main issues for consideration. The first is the extent to which young people should be able to choose to disclose information about themselves online. This chapter focuses on this issue. The second is the ability of third parties to post, alter or remove personal information about others in the online environment. This is discussed in Chapter 11.

Choosing to disclose

67.61 Many commentators (and parents) have lamented the fact that young people post large amounts of detailed personal information about themselves on websites. As one commentator remarked, this is the first generation to have their ‘sexual adventures, drug taking, immature opinions and personal photographs … indelibly recorded electronically’.[48] It is now typical for young people to explore their identities by posting personal information—such as personal musings, philosophies, opinions, photographs and descriptions of everyday events in their lives—online.[49]

67.62 This does not mean, however, that young people do not value privacy. The research projects discussed above, and the ALRC’s own consultations, reveal that young people value the ability to choose to disclose information about themselves. This is seen as an important aspect of privacy. A recent United States study of teenage use of social networks, which focused on privacy issues, found that many teenagers are more conscious of privacy issues than some commentators have acknowledged.

Most teenagers are taking steps to protect themselves from the most obvious areas of risk. The new survey shows that many youth actively manage their personal information as they perform a balancing act between keeping some important pieces of information confined to their network of trusted friends and, at the same time, participating in a new, exciting process of creating content for their profiles and making new friends. Most teens believe some information seems acceptable—even desirable—to share, while other information needs to be protected.[50]

67.63 The desire of young people to control the disclosure of their personal information is reflected in the reaction of members of a popular social networking website to certain features added to the website. In 2006, Facebook introduced a feature which automatically broadcasted changes made to a member’s profile to the member’s ‘friends’. In 2007 it introduced a similar feature known as the ‘Beacon’ feature, which automatically broadcasted purchases made by a member to the member’s ‘friends’.[51] Facebook members threatened to boycott the website when these features were introduced. In both cases, Facebook added controls to enable members to opt out of the automatic broadcast systems. Facebook’s chief privacy officer, Chris Kelly, has been quoted as saying that the classic notion of the right of privacy as the right ‘to be left alone’ has changed to the notion of ‘I want control over my information’.[52]

67.64 It has been noted that it also is important to enable a person to change his or her mind about the disclosure of his or her personal information.[53] It is not easy, however, to remove permanently personal information posted on the internet.

The potential harm from out-of-date, conflicting and inaccurate information on the Web is amplified by the fact that internet search engines such as Google store or cache Webpages which makes the information available online even after the author has removed the information in question. This makes it very difficult to remove or correct wrong or compromising information, which could be harmful to a person’s career chances.[54]

67.65 The 2007 survey conducted for Viadeo, discussed above, asked recruitment managers and directors whether they used personal information on websites to inform recruitment decisions. While only 18% of respondents indicated they had found information about a prospective employee online, 59% of these said that it had affected their decision whether to employ the person. Fifteen per cent indicated that the information had a negative effect on their decision.[55] There also have been media reports of people failing to obtain jobs because of the disclosure of their personal information on the internet.[56] Some of the young people consulted by the ALRC reported that they had been disciplined as a consequence of their online activity.

Regulatory options

67.66 Some legislators and commentators have considered ways to eliminate, or at least alleviate, the problems associated with the disclosure of personal information by children and young people engaging in social networking.

67.67 It should be noted that many of the social networking websites are restricted to members of a certain age. For example, the most popular social networking website, MySpace, requires users to be aged 14 or over before establishing a profile. The profiles of members believed to be under 14 years of age may be deleted[57] and many of the tips to users and parents encourage the reporting of under-age profiles. Membership of Facebook was originally only open to high school and college students. It is now, however, open to any high school or college student aged between 13 and 17, and to any person over the age of 18. The profiles of under-age Facebook users may also be deleted.[58] Young people with whom the ALRC consulted indicated that these age profiles are regularly ignored by young people who lie about their age when joining these social networks. The joke was made that there are many 99 year olds with profiles on social networking websites.

67.68 As discussed in Chapter 69, the Children’s Online Privacy Protection Act (US) (COPPA) applies to operators of commercial websites and online services directed to children under the age of 13 that collect personal information from children; and to operators of websites who are aware that they are collecting information from children under the age of 13. COPPA requires these website operators to provide notice to parents and obtain verifiable parental consent before collecting personal information from a child under the age of 13.

67.69 The Federal Trade Commission (FTC), which enforces COPPA, has a ‘sliding scale’ approach to obtaining verifiable parental consent. The requirements for obtaining consent are more rigorous if the intended use of the information involves disclosure to third parties. Where the information is to be used for internal purposes only, verifiable parental consent can be obtained through the use of an email message to the parent, coupled with additional steps to provide assurances that the person providing the consent is, in fact, the parent. More rigorous methods specified include: fax- or mail-back forms; credit card transactions; staffed toll-free numbers; digital certificates using public key cryptography; and emails accompanied by Personal Identification Numbers or passwords. While COPPA has been considered largely a successful measure,[59] there has been criticism that its age verification mechanisms are easy to circumvent.[60]

67.70 One commentator has suggested that the introduction of legislation like COPPA, with a higher age barrier, would be an appropriate way to regulate social networking websites.[61] COPPA has been used to alter the practices of a number of social networking websites. was penalised US$1 million for collecting, using and disclosing personal information from children under the age of 13 without first notifying parents and obtaining their consent. The consent order imposed on by the FTC, which sets out steps to be taken to comply with COPPA, is considered to be ‘best practice’ for social networking websites.[62] It includes a requirement that the website operators place links to information about protecting children’s online privacy in privacy policies on websites, information collection points on websites, and in notices sent directly to parents.

67.71 A number of legislators in the United States have sought to introduce legislation to prohibit or limit the access of young people to social networking websites. Bills seeking to prohibit unsupervised student access to social networking websites in schools and libraries are presently before the United States Congress.[63] A number of states in the United States have passed or proposed laws requiring social networking website operators to verify the age of every user and to obtain parental permission for the participation of those under the age of 18. The effectiveness of these proposals has been questioned, given the absence of effective online age verification mechanisms.[64] To provide any form of protection, the verification mechanism must involve more than an assumption that the user is honestly disclosing his or her age.[65]

67.72 It is also debatable whether stopping young people from engaging in online social networking is the most appropriate regulatory approach. Online social networks have become an integral part of the way in which young people express themselves and communicate with each other. One commentator has argued that:

Before we can solve the social networking dilemma, we must first grasp the cultural nuances of virtual communities and the potential implications of any new proposals. Otherwise, our rush to respond may fail to fully address those important concerns.[66]

67.73 A self-regulatory approach is another option. In April 2008, the United Kingdom Home Office Task Force on Child Protection on the Internet released Good Practice Guidelines for the Providers of Social Networking and Other Use Interactive Services. The Task Force included representatives from the internet and telecommunications industries—including representatives from MySpace, Facebook, Google/YouTube and Bebo—as well as representatives from law enforcement agencies, children’s charities and government. Some of these representatives were from outside the United Kingdom. The Australian Communications and Media Authority (ACMA) participated in the Task Force. On release of the Guidelines, the Chairman of ACMA, Chris Chapman, noted the importance of providing a global safety net for children and young people who use the internet.

I continue to be of the view that international co-operation will be increasingly the way to ensure children have a positive and safe experience of the internet and applications that utilise it—which is why the Australian Communications and Media Authority allocates a very meaningful portion of its resources to supporting practical international collaborations …[67]

67.74 While encouraging children and young people to make use of social networking services, the Guidelines focus on ensuring that children and young people understand the importance of protecting themselves, their online identities and their reputations. The Guidelines include background on social networking services and issues arising from their use; recommendations to social networking services; and safety tips for parents, carers, and children and young people. The Guidelines recommend that social networking services:

  • set the default for full profiles to ‘private’ or to the user’s approved contact list for those registering under the age of 18;

  • encourage users not to disclose excessive personal data;

  • clearly inform users of the options they have to adjust privacy settings, manage ‘who sees what’ and control whom they interact with; and

  • ensure that private profiles of users under the age of 18 are not searchable either on the service or via search engines.[68]

67.75 The Guidelines discuss the use of identity authentication and age verification technologies. They note that effective technologies are still in development, but encourage the implementation of suitable solutions, to the extent legally and technically feasible, to create a safer and more secure internet environment for children and younger users.[69]

The need for education

67.76 American academics Dr Ilene Berson and Dr Michael Berson have written extensively on the protection of children’s privacy in the digital age. They argue that there is a need to teach children ‘digital literacy’—that is, ‘the skills that people need to understand and constructively navigate the digital media that surrounds them’.[70] They note that children learn to interact in digital spaces at an early age, and that the proliferation of personal information online, including personal information about the child published by the parent, has desensitised young people to privacy issues. Accordingly, children remain oblivious to ways to maximise privacy in their online activities.[71] Digital literacy ‘addresses safety and security while fostering broader preparation for digitized and networked environments’.[72]

67.77 Berson and Berson note that while young people are often proficient in using the tools of the digital world, ‘they have typically not acquired the proficiency to function responsibly as members of networked communities’.[73] An important element of learning to apply critical analysis skills and make ethical decisions in this environment is to control disclosure of personal information. One study has found that children aged six to 12 are more likely than adults to click on website ads, believing they are part of the website’s content.[74] Young people are learning their online social networking skills primarily from peers, and peers do not always know or pass on the important safety and privacy awareness tips that need to be learned. While it is clear that the technical skills are being learned, it is questionable whether the decision-making skills are being developed effectively before too many mistakes are made.

67.78 Children and young people may not be aware of privacy concerns surrounding the disclosure of personal information online. Many young people are surprised when they are informed that schools, police, parents and employers may be reading their online profiles. This may be because they do not think of the internet as a public place, or of their personal profile as a highly accessible, public document.[75] Even where websites provide privacy control options for profiles (and many do), many young people choose a public profile in order to maximise their potential for making friends, not necessarily understanding the reality of what it means to be ‘public’ on the internet. Others are knowingly using social networking websites for self-promotion—but again, some question whether that self-promotion is undertaken with a full, mature understanding of the consequences. As one commentator has noted, ‘the teenagers chattering away online are media literate, but they are not media wise’.[76]

67.79 A reliance on parental teaching on this topic may not be sufficient. Many adults do not understand adequately their privacy rights.[77] Further, although many adults are now using social networking websites, they are often less sophisticated about privacy in this environment than even their younger counterparts.[78]

67.80 The need to provide information to children, young people and their parents about the operation of the online environment has been acknowledged in Australia. A number of Australian websites provide information—and in some cases software tools—to assist with controlling privacy in the online environment.[79] ACMA provides advice and guidance to children, young people and parents on a number of telecommunications issues, such as safe use of mobile chat services.[80]

67.81 A body that has been influential in the development of educational material for the online environment is NetAlert. Established in 1999 by the Australian Government, it was a not-for-profit community organisation that provided advice and education on internet safety issues. No longer a separate entity, NetAlert continues to exist as an internet safety initiative under the management of ACMA and the Department of Broadband, Communications and Digital Economy (DBCDE). ACMA conducts the NetAlert Outreach and Research program, which provides information on current trends in internet safety and undertakes targeted awareness-raising campaigns and activities.[81] The DBCDE manages the NetAlert—Protecting Australian Families Online initiative, a particular package focused on child safety in the online environment.

67.82 In addition to information for parents and teachers, the NetAlert website includes a number of interactive educational programs on internet safety, including: Netty’s World aimed at young children to age 7; CyberQuoll aimed at upper primary school students; Cybernetrix aimed at secondary school students; and Wise Up To IT aimed at young people aged 16 and over.[82] The educational materials are of high quality, and in an age-appropriate way cover topics such as inappropriate internet content, cyber bullying, stalking and paedophile activity, computer security, and identity theft. All of the material focuses on the dangers of chat websites, but has not yet addressed the newer realities of social networking websites.[83] CyberQuoll, for example, provides a good scenario on the dangers of posting photographs online, and considers the consequences of peer use of the photographs as well as paedophile activity. At present, the Cybernetrix program for the older age group does not give much information on social networking websites, although it does alert young people to the dangers of providing personal information online and provides links to the OPC website. The Wise Up To IT website has a more limited breadth of material.

67.83 Specific educational material about social networking websites is beginning to appear in Australia and overseas. Many of the social networking websites themselves include tips and suggestions for controlling privacy of individual profiles, but privacy commissioners around the world are now producing and publishing their own educational material on social networking. Some of the initiatives have included:

  • a pamphlet for college students developed by the Information and Privacy Commissioner of Ontario, in conjunction with Facebook, about selecting and using social networking websites;[84]

  • a special website developed by the United Kingdom Information Commissioner’s Office for young people which focuses on online social networking;[85] and

  • a series of frequently asked questions on the issue of privacy and social networking websites, including links to other websites providing information and assistance on social networking, developed by the OPC and published on its website.[86]

[39] J Wyn and others, Young People, Wellbeing and Communication Technologies [Prepared for Victorian Health Promotion Foundation] (2005) Youth Research Centre, University of Melbourne.

[40] Office of the Privacy Commissioner, Your Privacy Rights: FAQs—Social Networking <www.privacy> at 14 April 2008.

[41] ‘It’s Like MySpace, But With Training Wheels’, Sydney Morning Herald (online), 13 July 2007, <www.>.

[42] A Moses, ‘Pollies Chase the Youth Vote on MySpace’, Sydney Morning Herald (online), 29 May 2007, <>.

[43] ‘Social Networkers Disclose Too Much Personal Info, Says CA’, OUT-LAW (online), 9 October 2006, <>.

[44] A Moses, ‘Pollies Chase the Youth Vote on MySpace’, Sydney Morning Herald (online), 29 May 2007, <>; C Walters, ‘Kevin, 49, Seeks Friends He Can Count’, Sydney Morning Herald (online), 13 July 2007, <>.

[45] See Ch 68 for a discussion on decision-making capacity and brain development of children and young people.

[46] YouGov, What Does Your NetRep Say About You? [Research Commissioned by Viadeo] (2007).

[47] In an attempt to address these concerns, New South Wales passed laws in 2007 that require convicted sex offenders to provide police with all of their active electronic communication identifiers, details of their internet service providers, and details of their internet service type. Convicted sex offenders are also required to notify police of any changes to those details, including all their active email addresses, chat room identities, and landline and mobile telephone numbers: Child Protection (Offenders Registration) Amendment Act 2007 (NSW). A consultative working group was established by the Australian Government in September 2007 to address issues about potential abuse of social networking websites by sex offenders: H Coonan (Minister for Communications‚ Information Technology and the Arts) and D Johnston (Minister for Justice and Customs), ‘NetAlert—Working Group Convened to Prevent Predation through Social Networking Sites’ (Press Release, 13 September 2007).

[48] P Bazalgette, ‘Your Honour, It’s About Those Facebook Photos of You at 20 …’ The Observer (online), 20 May 2007, <>.

[49] J Wyn and others, Young People, Wellbeing and Communication Technologies [Prepared for Victorian Health Promotion Foundation] (2005) Youth Research Centre, University of Melbourne, 14–17.

[50] A Lenhart and M Madden, Teens, Privacy & Online Social Networks (2007) Pew Internet & American Life Project, i–ii.

[51] K Coughlin, ‘Facebook’s Facelife Uncovers What Many See as Flaws: Social Networking Sites’ Mainstream Aspirations are Turning Off Purists’, Times-Picayune (online), 5 November 2006, <>; ‘Facebook Apologizes for Ad Platform “Mistakes”’, Sydney Morning Herald (online), 6 December 2007, <>.

[52] ‘Facebook Banks on Privacy’, Sydney Morning Herald (online), 16 July 2007, <>.

[53] P Bazalgette, ‘Your Honour, It’s About Those Facebook Photos of You at 20 …’ The Observer (online), 20 May 2007, <>.

[54] YouGov, What Does Your NetRep Say About You? [Research Commissioned by Viadeo] (2007), 6.

[55] Ibid, 4.

[56] See, eg, M Mann, ‘Some Job Hunters are What They Post’, National Law Journal (online), 9 May 2007, <>.

[57] MySpace, Terms of Use Agreement (2008) <> at 5 May 2008.

[58] Facebook, Terms of Use (2007) <> at 5 May 2008.

[59] See discussion in Ch 69.

[60] M Hersh, ‘Is COPPA a Cop Out? The Child Online Privacy Protection Act as Proof that Parents, Not Government, Should be Protecting Children’s Interests on the Internet’ (2001) 28 Fordham Urban Law Journal 1831, 1870.

[61] H Valetk, ‘Playing with Privacy: Virtual Communities Raise New Questions’, (online), 24 May 2007, <>.

[62] Consent Decree and Order for Civil Penalties, Injunction and Other Relief—United States v, September 2006; R Urbach, ‘FTC Tackles Social Networking’, DMNews (online), 21 November 2006, <>.

[63] See Deleting Online Predators Act of 2007 HR 1120 IH (US) and Protecting Children in the 21st Century Act S 49 IS (US).

[64] H Valetk, ‘Playing with Privacy: Virtual Communities Raise New Questions’, (online), 24 May 2007, <>.

[65] Age verification and parental consent verification mechanisms are discussed further in Ch 68.

[66] H Valetk, ‘Playing with Privacy: Virtual Communities Raise New Questions’, (online), 24 May 2007, <>.

[67] Australian Communications and Media Authority, ‘ACMA Welcomes Release of International Guideline for Safer Online Networking’ (Press Release, 3 April 2008).

[68] United Kingdom Home Office Task Force on Child Protection on the Internet, Good Practice Guidelines for the Providers of Social Networking and Other User Interactive Services (2008), 24–32.

[69] Ibid, 28–29. See also ‘MySpace Touts New Safety Measures for Teens’, Sydney Morning Herald (online), 15 January 2008, <>.

[70] I Berson and M Berson, ‘Children and Their Digital Dossiers: Lesson in Privacy Right in the Digital Age’ (2006) 21 International Journal of Social Education 135, 142.

[71] Ibid, 141.

[72] Ibid, 142.

[73] Ibid, 142.

[74] C Albanesius, ‘Teens Don’t Understand Privacy Policies’, PC Magazine (online), 10 April 2008, <www.>

[75] C Thomas, ‘Kids Think Posting Online is Private, Say Educators’, Hamilton Spectator (online), 1 May 2007, <>; S Steinbach and L Deavers, ‘The Brave New World of MySpace and Facebook’, Inside Higher Ed (online), 3 April 2007, <>.

[76] P Bazalgette, ‘Your Honour, It’s About Those Facebook Photos of You at 20 …’ The Observer (online), 20 May 2007, <>.

[77] In the 2004 Australian survey of community attitudes to privacy, 35% indicated they had some level of knowledge, 34% indicated very little, and 4% said they had no knowledge of their rights when it comes to protecting personal information—only 22% indicated they had an adequate amount of knowledge, and 4% said they had a lot of knowledge: Roy Morgan Research, Community Attitudes Towards Privacy 2004 [prepared for Office of the Privacy Commissioner] (2004), 11. This question was not asked in the 2007 survey, although generally awareness of federal privacy laws has increased: Wallis Consulting Group, Community Attitudes Towards Privacy 2007 [prepared for the Office of the Privacy Commissioner] (2007), 6.

[78] See, eg, D Devlin, ‘Baby Pics on the Net: Public or Private?’ Yahoo? Tech (online), 30 May 2007, <> and comments posted on that website.

[79] See Ch 9 for a full discussion of privacy-enhancing tools for the online environment.

[80] Australian Communications and Media Authority, Submission PR 268, 26 March 2007.

[81] NetAlert, About NetAlert <> at 14 April 2008.

[82] All of the websites are linked from NetAlert, Website <> at 14 April 2008.

[83] However, the NetAlert website contains some information on social networking websites, including some safety tips: NetAlert, Social Networking <> at 14 April 2008.

[84]Information and Privacy Commissioner of Ontario, ‘Think About Your Privacy When Selecting a Social Networking Site: Commissioner Cavoukian’ (Press Release, 12 October 2006). See also brochure Information and Privacy Commissioner of Ontario and Facebook, When Online Gets Out of Line—Privacy: Make an Informed Online Choice [pamphlet] (2006). At the time the pamphlet was developed, college students were the main users of Facebook.

[85]United Kingdom Information Commissioner’s Office, Welcome to the ICO Pages for Young People (2007) <> at 15 April 2008.

[86]Office of the Privacy Commissioner, Your Privacy Rights: FAQs—Social Networking <www.privacy.> at 14 April 2008
. This information was first published in December 2007.