Digital Revolution and the Rise of Mass Surveillance
The digital revolution is widely perceived as the most significant shift in information dissemination ever since the Gutenberg revolution in the 1600s. It is widely viewed as a major and historical event, as was the Industrial Revolution in the 18th century, which brought upon significant changes in the material basis of not just the economy but also society and culture.
In Rosenberg’s terminology, technological innovation progressed through learning by using, and the third stage was when the users learned the technology by using it and developing it. Over time, computers, communication systems, and genetic decoding are all amplifiers and extensions of the human mind. What we think and how we think slowly began to be expressed in material goods, services, and products, from food, shelter, and transportation to defense, health, and education. This gradual collaboration between human minds and machines is sometimes termed the “fourth discontinuity.” [1]
Although industrial ancestors of electronic-based information technologies can be found much earlier, before the 1940s, it was only during the Second World War that various breakthroughs occurred in electronics. The 1970s heralded the start of an era where new electrical information technologies diffused widely and developed at a rapid pace.
Digital Revolution in India
The journey of the digital revolution in India began in the early 1990s with the liberalization of the economy. The government’s decision to open up the telecommunications sector led to increased investment and competition, paving the way for technological advancements. The introduction of private ISPs in 1995 marked the beginning of widespread internet access, which became a catalyst for digital transformation across the country. The IT sector flourished, establishing India as a global outsourcing hub for software and services, which to this day is unmatched. [2]
This rise was further accelerated by the Digital India policy of the government headed by Narendra Modi, with an initiative to transform the lives of the people in India in many ways and to empower the society and to characterize India as a knowledgeable economy and digitally empowered society. It is safe to say that the policy has transformed India’s technological infrastructure.
Key Milestones of India’s Digital Revolution
| Period | Development | Impact |
|---|---|---|
| Early 1990s | Economic Liberalization | Opened the telecommunications sector to competition and investment. |
| 1995 | Introduction of Private ISPs | Expanded internet accessibility across India. |
| Digital India Era | Digital India Initiative | Accelerated digital governance, infrastructure, and citizen empowerment. |
The Rise of Mass Surveillance in the Digital Age
Advancements in information technology have not only revolutionized modern life but also given rise to a new realm of criminal activity known as cybercrime. Threats such as hacking, identity theft, phishing, and ransomware attacks have become increasingly sophisticated, targeting individuals and critical national infrastructure alike. In response to these growing challenges, governments worldwide have turned to mass surveillance as a cornerstone of their cybersecurity strategies. While these technologies have enhanced our daily lives, they are now being utilized to monitor and analyze vast amounts of personal data and communications.
Mass surveillance, at its core, refers to the indiscriminate observation of large populations without specific targets. Many governments, including democratic ones, have normalized such practices under the guise of national security, countering terrorism, and safeguarding intellectual property. However, these measures often raise significant concerns about potential rights violations, posing a serious threat to privacy, freedom of expression, and dissent. The “chilling effect” of constant surveillance can stifle democratic values and discourage public dialogue.
The relationship between surveillance and civil liberties is inherently complex. Governments increasingly deploy advanced technologies for monitoring, often justifying such actions as necessary for national defense and cybersecurity. These practices are not confined to autocratic regimes; even democracies rely on surveillance technologies, balancing security needs against individual rights.
The shift toward mass surveillance is not without historical precedent. For instance, the 2007 cyberattacks on Estonia highlighted the vulnerabilities of interconnected systems, spurring governments to invest in robust surveillance and cybersecurity frameworks. Similarly, the 2017 WannaCry ransomware attack underscored the need for proactive measures to detect and neutralize cyber threats. Today, tools such as AI-driven systems monitor online activities and identify potential risks. The modern-day surveillance state, much like George Orwell’s “Big Brother” in 1984, has evolved to fit in the palm of our hands—our mobile devices, which serve as windows into our lives for those who monitor them. [3]
Major Drivers of Mass Surveillance
- Growing cybercrime threats.
- National security concerns.
- Counter-terrorism initiatives.
- Protection of intellectual property.
- Rapid advancements in artificial intelligence and data analytics.
Major Concerns Arising from Mass Surveillance
| Concern | Explanation |
|---|---|
| Privacy | Collection and monitoring of vast amounts of personal information. |
| Freedom of Expression | Fear of surveillance discourages free speech. |
| Democratic Values | Constant monitoring can weaken democratic participation. |
| Civil Liberties | Raises concerns regarding the proportionality and legality of surveillance. |
The Rise of State-Sponsored Surveillance
“Surveillance,” derived from the French words “sur” (over) and “veiller” (to watch), roughly translates to “to watch over.” The very such instance of surveillance sponsored by the states dates back to the era of the French Revolution, where surveillance committees were formed to track and observe political dissenters. It was in this backdrop that Michel Foucault published his work, Surveiller et punir or Discipline and Punish which popularized the term “surveillance.” [4]
Significant developments occurred when whistleblower and former NSA contractor Edward Snowden made serious revelations with regard to the existence of various complex and well-structured state-sponsored surveillance programs. Such programs were specifically designed to cast an eye on millions of common citizens through private communications on the internet. Snowden’s revelations and subsequent pursuit by the American government sparked public debates around the world questioning the very need for mass surveillance.
Libertarians around the world have advocated for the withdrawal of such invasive surveillance programs, but governments justify it with national security and due diligence. The US courts in the landmark rulings of Klayman v. Obama and American Civil Liberties Union v. Clapper, wherein it was recognized the need to update the existing laws to safeguard citizens from unwarranted intrusions by the government. Remarkably, the judge did not find the state-sponsored surveillance in violation of laws but rather served as a justification for the cause of national security. [5]
It is hard to ignore the fact that people who have control over these systems tend to have significantly more power and control over those who are being surveilled and watched. [6] It’s a common instance that various state-sponsored surveillance systems like those of PRISM (America), TEMPORA (British), and CMS and NATGRID (India) have doubtful backing from statutes. Such is the scope and reach of these systems that they are conveniently used by the governments to collect, watch, and catch any such communications, which has a chilling effect on their fundamental liberties. [7]
Former Home Minister P. Chidambaram asserts that the National Intelligence Grid (NATGRID) will empower intelligence agencies to uncover patterns, trace financial sources, monitor travelers, and identify individuals who require surveillance, investigation, or neutralization. Meanwhile, former Vice President of India, Hamid Ansari, questions the trustworthiness of such covert government mechanisms in a democracy. He expresses concern over the potential for these tools to evolve into instruments of conspiracy or tools that undermine the traditional freedoms inherent in democratic self-governance. [8]
Examples of State-Sponsored Surveillance Programs
| Country | Programme |
|---|---|
| United States | PRISM |
| United Kingdom | TEMPORA |
| India | CMS (Central Monitoring System) |
| India | NATGRID (National Intelligence Grid) |
The Balance Between Digital Surveillance and Civil Liberties
Privacy is one of the most important prerequisites in the execution of personal liberty and freedom. Any attempt to violate it weakens the very foundations on which democracy and good governance have been founded. One area where the right to privacy is most restricted and most curtailed is national security. Different statutes enacted by different governments around the world have given power to authorities over wiretapping, email surveillance, and mobile network access. In the USA, post the 9/11 terrorist attacks, the need for surveillance grossly overrode the concern for civil liberties.
Most scholars agree that the right to privacy is not absolute and must be balanced with legitimate national security concerns. These rights are considered qualified rather than unconditional, meaning they must be interpreted in relation to other rights. For these rights to remain consistent, balanced, and mutually supportive, they must all be upheld to the greatest extent possible but cannot function independently. Privacy relies on security, liberty depends on privacy, and security requires elements of both privacy and liberty.
As such, framing the discussion as a simple trade-off or balancing act between these rights is both misleading and counterproductive. There is no precise method to measure or compare the importance of one right against another in specific situations. Instead, the focus should be on creating clear standards for how these rights interact and establishing systems to manage these interactions effectively. Stephen Coleman, in his paper, argues that while legal discussions on privacy address important points, they cannot fully resolve the deeper ethical questions surrounding privacy and the internet. [9] This raises the broader issue of whether a purely legal framework is adequate for analyzing privacy as a concept or if ethical considerations must also be included.
Key Principles Governing Privacy and Security
| Principle | Explanation |
|---|---|
| Privacy | Essential for protecting personal liberty and individual autonomy. |
| Security | Necessary for maintaining national stability and public safety. |
| Liberty | Depends upon meaningful protection of privacy. |
| Balance | Neither privacy nor security can function effectively in complete isolation. |
Why a Simple Trade-Off Is Misleading
- Privacy and security are interdependent.
- One right cannot simply outweigh another.
- Clear legal standards are preferable to arbitrary balancing.
- Ethical considerations must accompany legal analysis.
Ethics and Philosophy of Surveillance
The discourse on the “ethics and philosophy” of surveillance largely stems from Michel Foucault’s concept of “panopticism.” It was a type of prison where the prison guard would stand on such a vantage point that he would see all the prisoners, but the prisoners could never see the guard. It was parallel to Foucault’s idea of how contemporary society disciplines their citizens and binds them in fear and constraints. [10] This system is entirely rooted and based on a collective psychology of trepidation and being continuously watched. Large-scale, invasive surveillance programs create a type of psychological fear of always being surveilled upon by a larger entity.
After Edward Snowden’s revelations about the extensive scale of mass state surveillance, there was a global shift in privacy culture, emphasizing the protection of civil liberties. A significant response came from technology companies, particularly mobile device manufacturers, who began encrypting their devices. Companies like Apple and Google implemented encryption technology so advanced that even they could not decrypt the data on their devices, despite opposition from governments and law enforcement agencies (LEAs).
These fears of LEAs materialized in incidents like the Paris and San Bernardino, California shootings, where encrypted devices belonging to attackers hindered investigations. Law enforcement argued that such encryption obstructed their ability to solve crimes, rendering court warrants ineffective, as even the companies could not access the data. This challenge is referred to as “going dark.” The case of DOJ v. Apple Inc. [11] exemplifies this conflict.
To address this issue, governments worldwide have pushed for the inclusion of “backdoors” in encryption systems, allowing LEAs access in cases of national security. Recently, India joined the United States, the United Kingdom, Canada, and Japan in urging major tech companies to implement backdoors in their end-to-end encrypted systems. [12]
Major Events Shaping the Surveillance Debate
| Event | Significance |
|---|---|
| Edward Snowden Revelations | Exposed large-scale government surveillance programs. |
| Encryption by Apple and Google | Strengthened user privacy through device encryption. |
| Paris & San Bernardino Attacks | Triggered debate over encrypted devices and law enforcement access. |
| Government Backdoor Demands | Raised concerns regarding privacy versus national security. |
Institutional Bias and Surveillance Powers
An often-overlooked issue in the debates surrounding national security and civil liberties is how intelligence agencies and law enforcement authorities (LEAs) perceive the impact of their actions on individuals and society, particularly concerning security, privacy, and freedom. These institutions often exhibit an inherent “bias in mobilization,” which excludes or suppresses alternative viewpoints and considerations. This perspective significantly influences real-world outcomes, regardless of the legal frameworks or established norms.
Following the 9/11 attacks in the United States and the 26/11 attacks in India, LEAs and governments in both nations significantly escalated surveillance measures, bolstered by widespread public support. The long-term consequences of these policy shifts remain evident in measures like the USA’s Patriot Act and various national surveillance programs in India, which are discussed further in this context.
Central to the debate is the issue of consent and awareness of individuals whose data is being collected and stored, as well as the potential benefits derived from such practices. Surveillance has transcended national boundaries, becoming a global concern as no country wants to compromise its intelligence capabilities in the competitive arena of data collection. The fear is that a single intelligence agency with vast data-processing capabilities could exploit this dominance for digital espionage or diplomatic leverage. This tension underscores the rhetoric of surveillance as a tool for “better security,” which serves not only as a legitimate state concern but also as an effective electoral strategy.
Major Factors Driving Modern Surveillance
- National security.
- Counter-terrorism operations.
- Cybersecurity preparedness.
- Data intelligence competition among nations.
- Political and electoral considerations.
Profiling and the Risks of Mass Surveillance
A concerning issue arising from mass surveillance, both online and offline, is the practice of “profiling.” The GDPR offers a clear definition of profiling, describing it as the automated processing of personal data to assess or predict various personal aspects of an individual, such as their work performance, economic status, health, preferences, interests, reliability, behavior, location, or movements. [13]
In a democracy, one of the most problematic practices is the excessive centralization of information, intelligence, and national security decisions within a small group of decision-makers, particularly when accountability mechanisms are absent. A notable example of this occurred in 2002 when the U.S. Department of Defense authorized a profiling program called “Total Information Awareness.” This program aimed to collect extensive data to identify “suspicious” behavior. However, after its existence became public knowledge, widespread backlash from the public led to its termination. Despite such examples, similar profiling initiatives continue to operate in other countries, including India.
In India, these issues are amplified because several law enforcement agencies, including the Central Bureau of Investigation (CBI), the Intelligence Bureau (IB), and the Research and Analysis Wing (R&AW), operate without any statutory foundation and with limited mechanisms for accountability. This situation exacerbates the power imbalance between the state and its citizens. Surveillance, as Richards highlights, further widens this disparity, enabling potential risks such as selective enforcement, discrimination, and blackmail. [14] These threats become even more significant in the context of covert surveillance activities.
Major Risks Associated with Profiling
| Risk | Description |
|---|---|
| Selective Enforcement | Authorities may disproportionately target specific individuals or groups. |
| Discrimination | Automated profiling may reinforce existing biases. |
| Blackmail | Extensive personal data may be misused for coercion. |
| Power Imbalance | State institutions gain disproportionate control over citizens. |
| Lack of Accountability | Absence of statutory safeguards increases the risk of abuse. |
The Indian Surveillance Conundrum
The Information Technology Act, 2000; the Indian Telegraph Act, 1885; and the Indian Telegram Rules, 1951, are among the surveillance laws in India. The surveillance framework in India is governed by Section 5(2) of the Telegraph Act 1885 and Section 69 of the Information Technology Act 2000 (IT Act 2000), along with the associated rules. Under both legal provisions, the authority responsible for directing the interception, monitoring, and decryption of communications is typically the secretary of the government of India in the Ministry of Home Affairs at the national level and the home secretary at the state level. [15]
This framework lacks judicial oversight prior to the authorization of surveillance by the executive. Even during the review process, the executive holds the power to assess whether the directions issued by the authorizing agency comply with the law, with the review committee being responsible for this task. The Review Committee at the central level includes the Cabinet Secretary, the Secretary of Legal Affairs, and the Secretary of the Ministry of Telecommunications. The committee’s decision is final and is not subject to any parliamentary or judicial review. Furthermore, there is no requirement to provide a hearing to the individual subject to surveillance at any stage.
The first major challenge to the surveillance framework occurred in 1997 when the constitutionality of Section 5(2) of the Telegraph Act was questioned in the PUCL case. It was argued that judicial review of telephone tapping orders was essential to protect privacy rights. However, the Supreme Court, referencing the absence of statutory provisions for judicial oversight and drawing on the English law in the Interception of Communications Act 1985, ruled that prior judicial scrutiny was not feasible as a procedural safeguard. While upholding the constitutionality of the Telegraph Act, the Court issued a series of guidelines that eventually led to the creation of Rule 419A in the Telegraph Rules. These guidelines were intended to prevent the misuse of surveillance powers.
Primary Surveillance Laws in India
| Legislation | Purpose |
|---|---|
| Information Technology Act, 2000 | Provides powers relating to interception, monitoring, and decryption of electronic communications. |
| Indian Telegraph Act, 1885 | Governs interception of telegraphic and telecommunication messages. |
| Indian Telegraph Rules, 1951 | Prescribes procedural safeguards relating to interception. |
Key Features of the Current Framework
- Executive authorization of surveillance.
- No prior judicial approval.
- Executive-led review committee.
- No hearing provided to the affected individual.
- Limited parliamentary oversight.
Aadhaar and the Right to Privacy Debate
At the very heart of the privacy-surveillance debate in India is the Aadhar card mandate. Experts have argued that making Aadhar mandatory for availing public welfare distribution benefits not only affects the most impoverished, but the individual privacy-related risks are quite far-reaching. Aadhaar, being a centralized and unified database linked to multiple government services and schemes as well as documents, acts as a single point of access to compromise and corrupt the massive data linked with it. This makes it all the more vulnerable and the biggest potential target of cyber hackers.
The Indian government introduced a centralized biometric and demographic database of its residents through the Aadhaar Scheme. The constitutionality of this scheme faced challenges before the Supreme Court in 2012. During a 2015 hearing, the government argued that the Indian Constitution did not guarantee a fundamental right to privacy. The Attorney General contended that although the Supreme Court had previously acknowledged the existence of a right to privacy in several judgments, these rulings were inconsistent with earlier decisions by larger benches of the Court in M.P. Sharma v. Satish Chandra and Kharak Singh v. State of Uttar Pradesh. As a result, a nine-judge bench of the Supreme Court convened in Puttaswamy to determine whether privacy constitutes a constitutionally protected right.
Additionally, with data being considered the “new oil,” the Aadhaar program has been integrated into various databases, effectively linking previously unconnected sets of information. This integration increases the potential for profiling by those with access to these databases. In this scenario, individuals remain unaware of how their data is being collected and utilized by both state and non-state entities. India, in particular, has been developing large-scale surveillance and monitoring systems. India is now known to have at least two distinct surveillance systems at various stages of development. The first is the Central Monitoring System (CMS), designed to collect telephony metadata by accessing telecommunications companies’ records. The second is Netra, a mass surveillance program that monitors and captures electronic communications containing specific keywords like “attack,” “bomb,” “blast,” or “kill.” These extensive and far-reaching programs raise concerns due to their questionable legal foundations and their evident infringement on fundamental rights. With two notable programs standing out.
Privacy Concerns Associated with Aadhaar
- Centralized biometric database.
- Integration with multiple government services.
- Potential for extensive profiling.
- Single point of failure for cyberattacks.
- Large-scale collection and linkage of personal data.
Crime and Criminal Tracking Network System (CCTNS)
The CCTNS project, as envisaged by the Ministry of Home Affairs and launched in 2009, was an ambitious project with an intent to place a comprehensive and integrated mechanism and platform to improve the efficiency and effectiveness of policing at Indian police stations. It has been deployed in almost 16,276 police stations. [16] This online database can be seamlessly accessed by law enforcement agencies around the country. Since the CCTNS platform involves recording and storing large amounts of data and information on suspects, law offenders, and convicts, it raises profiling concerns, especially in the absence of a data protection law.
Objectives of CCTNS
| Objective | Description |
|---|---|
| Integrated Policing | Create a unified policing platform across India. |
| Centralized Database | Store criminal and investigative records digitally. |
| Operational Efficiency | Improve investigation and policing effectiveness. |
| Nationwide Accessibility | Enable law enforcement agencies to access information seamlessly. |
Central Monitoring System (CMS)
The Central Monitoring System (CMS) is an advanced telecommunications monitoring infrastructure established by the Government of India to enhance lawful interception and surveillance capabilities. Operated under the aegis of the Department of Telecommunications (DoT), this system aims to centralize monitoring of communications across various platforms, such as phone calls, text messages, and internet traffic, to address national security concerns, curb criminal activities, and enhance intelligence gathering. [17]
The primary objective of the CMS is to provide law enforcement agencies (LEAs) with a streamlined and efficient mechanism to intercept and analyze communications. Prior to the implementation of the CMS, interception was conducted on an ad hoc basis, often requiring direct cooperation from telecom service providers (TSPs). This decentralized process was criticized for inefficiency, potential delays, and risks of data breaches. The CMS, therefore, was conceived to centralize interception under government control, ensuring faster and more secure data access for LEAs [18].
The CMS operates without notifying individuals whose communications are intercepted, violating principles of informed consent. This undermines individuals’ autonomy over their personal data. Drawing from broader surveillance ethics, Coleman argues that systems like CMS lack transparency and ethical accountability. They fail to answer fundamental questions about who decides the legitimacy of surveillance and how affected individuals can seek redress.
In 1997 the Supreme Court decided the Peoples’ Union for Civil Liberties vs. the Government of India; the constitutionality of Section 5(2) of the Telegraph Act was at issue. The section essentially entails that in the event of a public emergency or to maintain public safety, the central or state government, or any officer authorized by them, can issue an order to intercept, delay, or prevent the transmission of telegraphic messages related to specific subjects if it is deemed necessary for national security, public order, or to prevent offenses, with the reasons for such actions recorded in writing.
The first thing to note is if at all Section 5(2) is pertinent to the question of “bulk surveillance” (CMS and NETRA). There are three reasons to answer in the affirmative. Firstly, the impugned act is an 1885 piece of legislation that was drafted when something on the scale of bulk surveillance was unimaginable but was rather targeted at a very different problem, which was the interception of an individual’s telegraphic messages for a particular purpose. Additionally, the terms “classes or class of persons” in S. 5(2) of the impugned act refer to such citizens that are identifiable rather than the citizenry as a whole. Hence, in no way does the impugned section authorize bulk surveillance. The court held that individuals have a privacy interest with regard to the contents of their telephonic conversation and that privacy was a protected right under Article 21.
Features of the Central Monitoring System
| Feature | Description |
|---|---|
| Operating Authority | Department of Telecommunications (DoT) |
| Purpose | Centralized lawful interception and monitoring |
| Coverage | Phone calls, SMS, internet traffic and communications |
| Primary Users | Law Enforcement Agencies (LEAs) |
| Major Concern | Lack of transparency, consent and judicial oversight |
What Constitutes a Good Privacy Law
In India, the primary legislation addressing privacy is the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. [19] These Rules focus on protecting “sensitive personal data or information” and outline the reasonable security practices and procedures that a body corporate or any entity acting on its behalf must follow when collecting, receiving, possessing, storing, or handling such information.
Additionally, Section 72A of the Information Technology Act, 2000, criminalizes the intentional and unauthorized disclosure of information without the concerned individual’s consent, provided it breaches a lawful contract. Violations are punishable by up to three years of imprisonment and a fine. [20]
However, Section 69 of the IT Act creates an exception to privacy and confidentiality norms. It allows the government, if satisfied that it is necessary for reasons such as the sovereignty or integrity of India, national defense, state security, maintaining friendly relations with foreign states, public order, preventing incitement to cognizable offenses, or criminal investigations, to order any appropriate government agency to intercept, monitor, or decrypt information. This includes personal information transmitted, received, generated, or stored on any computer resource. The scope of Section 69 covers interception, monitoring, and decryption for investigating cybercrimes. [21]
In response to concerns about privacy, the grassroots initiative “Save Our Privacy” proposed the Indian Privacy Code, 2018, a civil society-driven framework inspired by global best practices for data privacy and protection. [22] This model code is based on seven core principles designed to test the strength and robustness of any privacy legislation.
Legal Framework Governing Privacy in India
| Law / Provision | Purpose |
|---|---|
| IT Rules, 2011 | Protection of sensitive personal data. |
| Section 72A, IT Act | Punishes unauthorized disclosure of information. |
| Section 69, IT Act | Permits interception, monitoring, and decryption under specified circumstances. |
| Indian Privacy Code, 2018 | Proposed civil society framework for privacy protection. |
Seven Core Principles of a Good Privacy Law
- Privacy and data protection laws should prioritize individual rights. Such legislation or protocols must align with international best practices and be informed by the Supreme Court’s landmark judgment on the right to privacy, with specific reference to the European General Data Protection Regulation (GDPR).
- While laws should accommodate certain exceptions, care must be taken to ensure that these do not overshadow the primary rule. A three-part test should govern exceptions: (a) they must be clearly articulated, (b) limited in purpose, necessary, and proportionate to the intended objective, and (c) supported by adequate procedural safeguards.
- The establishment of a robust Data Protection Authority (DPA) is essential. This authority should have the jurisdiction and mandate to enforce privacy principles and laws. The proposed DPA must function as a grievance redressal platform for the public, with the power to investigate, conduct hearings, and issue orders, including imposing fines and directions.
- In addition to a strong DPA, access to courts must always remain available to the public. While the DPA can serve as the primary forum for resolving grievances, individuals should also have the option to seek remedies through civil courts.
- The government must take an active role in safeguarding user privacy. Although much of the discussion around privacy focuses on private entities and their potential to infringe upon privacy rights, the government holds the most extensive power and information about Indian citizens. It is critical that government bodies, programs, and agencies adhere to privacy protection principles through comprehensive data protection legislation.
- The government or state must not condition access to welfare services on the mandatory sharing of personal data. Denying services under the guise of requiring data collection amounts to coercive consent. Individuals should not be compelled to relinquish their data or fundamental rights as citizens in exchange for access to government services or welfare entitlements.
- Any data protection legislation must impose restrictions on mass or “dragnet” surveillance, as such practices violate the principles of necessity, proportionality, and purpose limitation.
These principles rest on two key foundations: incorporating privacy by design and empowering users with greater control over their data. Together, they strengthen the essence of the legislation while avoiding excessive exceptions. Ultimately, the effectiveness of any privacy law depends on the scope and clarity of its exceptions.
Child-Centric Cybersecurity Laws: Global Perspectives and Their Implications for India
In recent years, it’s become common to hear our parents claim they had better attention spans than our generation and those that follow. A key difference lies in the sources of entertainment during their childhood. Unlike our parents, who were not constantly bombarded with distractions from smartphones and other digital technologies, we—and the generations after us—are undeniably products of a capitalist-driven digital age. Take today’s toddlers, for example—how many parents can truly keep them away from smartphones? A prevalent trend is giving mobile phones to children to pacify them, often exposing them to repetitive content like the viral nursery rhyme “Baby Shark” with its addictive “doo doo doo” refrain. Many of us have likely heard it on repeat, as it plays endlessly on YouTube to soothe a crying child. This underscores a deeper concern: while the immediate goal is to calm the child, the long-term effect is a significant decline in attention spans. Algorithms on platforms like YouTube continuously serve similar content, fostering a cycle of dependency in children that mirrors the attachment seen in adults. [23]
Furthermore, research by Josh A. Firth, John Torous, and Joseph Firth in their article “Exploring the Impact of Internet Use on Memory and Attention Processes” [24] underscores how the overload of information from internet use is closely linked to diminished attention spans, particularly in developing children. Frequent media multitasking, with constant switching between information sources, compromises the brain’s ability to sustain attention. This overload affects brain regions responsible for concentration and cognitive control, including the prefrontal cortex. The internet’s role as an external memory system reduces children’s reliance on their own memory retention, further disrupting the development of attention and memory skills. Over time, this reliance on quick information retrieval diminishes the brain’s ability to focus, affecting neural pathways essential for sustained attention.
A study titled “Impacts of Technology on Children’s Health: A Systematic Review,” based on data from PubMed and the Virtual Health Library (BVS) [25], highlights that excessive internet use significantly affects children’s cognitive and emotional development, leading to intellectual and psychological challenges. Prolonged digital media exposure is linked to reduced cognitive functioning, including declines in verbal intelligence, language skills, and memory, due to decreased gray and white matter volume in brain regions responsible for language processing, attention, executive functions, and emotional regulation. Problematic internet use also contributes to emotional instability and poorer social skills, while appearance-focused games and media negatively impact body image, particularly in young girls, causing dissatisfaction and the internalization of unrealistic standards.
Children’s highly neuroplastic brains make them especially vulnerable to these changes, posing risks to their cognitive development and attention span. This issue goes beyond safeguarding children from online risks; it emphasizes the importance of protecting them from losing themselves in endless digital distractions. It underscores the urgent need for child-centric cybersecurity laws to ensure safe, balanced, and developmentally supportive digital interactions.
Major Concerns Related to Children’s Digital Exposure
- Declining attention span.
- Digital dependency and addiction.
- Reduced cognitive development.
- Memory and concentration impairment.
- Emotional and psychological instability.
- Negative impact on social development.
- Body image issues resulting from online content.
Research Findings on Children’s Digital Well-Being
| Research Area | Key Finding |
|---|---|
| Attention Span | Continuous digital stimulation reduces sustained attention. |
| Memory | Dependence on the internet weakens natural memory retention. |
| Cognitive Development | Excessive internet use affects language, executive functioning, and learning. |
| Mental Health | Problematic internet use contributes to emotional instability. |
| Social Development | Reduced interpersonal interaction adversely affects social skills. |
Legal Framework for Child Protection Laws in India
Under section 67 (B) [26] of the Information Technology Act, 2000, stringent penalties are established for offenses involving the exploitation of children in sexually explicit acts through electronic means. Under the relevant subsections, this prohibits the publishing, transmitting, or facilitating the distribution of material depicting children in sexually explicit, obscene, or indecent forms. Activities such as creating, collecting, browsing, downloading, advertising, promoting, or exchanging such content are punishable under this provision.
Additionally, under subsection (C), grooming behaviors, such as cultivating, enticing, or inducing children into online relationships for sexually explicit acts or any activity offensive to a reasonable adult, and facilitating or recording child abuse in any electronic form are deemed punishable offenses.
Under the act, one of the most plausible sections that protects the children and ensures prosecution is the fact that, under section 77A[27], any offense against children remains an uncompoundable offense. It plays a crucial role in combating online grooming and the misuse of leaked photos of children by providing a robust legal framework to prevent what is also known as child sexual abuse material (CSAM) and penalize such exploits or acts, ensuring the protection of minors in the digital realm.
Important Provisions Under the Information Technology Act
| Provision | Purpose |
|---|---|
| Section 67B | Punishes electronic child sexual exploitation and child sexual abuse material. |
| Section 67B(c) | Criminalizes online grooming and inducement of children. |
| Section 77A | Makes offenses against children non-compoundable. |
Social Media Intermediary Obligations Under the Information Technology Act
A significant social media intermediary providing messaging services is required to identify the first originator of information on its platform when directed by a judicial order or an order under Section 69 of the Information Technology Act, 2000, issued by the Competent Authority. This requirement, governed by the Information Technology (Procedure and Safeguards for Interception, Monitoring, and Decryption of Information) Rules, 2009, specifically addresses content related to severe offenses such as rape, sexually explicit material, or child sexual abuse material (CASM), which are punishable with imprisonment of at least five years. [28]
This obligation aligns with the due diligence requirements under Rule 3(1)(b) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. Intermediaries must actively prevent the dissemination of harmful content, including CASM, which can be shared in fleeting formats such as Instagram reels. Such content harms both the child depicted and other children exposed to it. Once flagged, intermediaries must act promptly if an order under Section 69 [29] of the IT Act is issued, as failure to comply may breach Rule 4(2) and result in the loss of safe harbor protection under Section 79 of the IT Act.
Under Section 79(3)(b)[30], a structured mechanism is in place to address cases where intermediaries host objectionable content. Upon being informed or notified of such content by an appropriate government agency, intermediaries are required to promptly remove or disable access to the content. Non-compliance with such directives leads to the loss of immunity from liability for third-party content, as guaranteed under Section 79 of the IT Act.
Despite these measures, the process still hinges on the filing of a complaint or the issuance of an order. This creates a reactive rather than proactive system. Harmful content like CASM may remain accessible until it is reported or flagged, allowing for its dissemination, even if briefly. To address this, intermediaries must invest in advanced AI tools and moderation policies to pre-emptively identify and mitigate such content before complaints are filed. This would enhance user safety while reducing reliance on external intervention.
Responsibilities of Social Media Intermediaries
- Identify the first originator of information where legally required.
- Remove child sexual abuse material promptly.
- Comply with lawful interception orders.
- Maintain due diligence under the Intermediary Rules.
- Adopt AI-based proactive content moderation.
- Prevent dissemination of harmful content involving children.
Protection of Children from Sexual Offences (POCSO) Act, 2012, and Its Relevant Provisions
The Protection of Children from Sexual Offences (POCSO) Act, 2012, serves as a vital legislative framework for safeguarding the rights and dignity of children below the age of 18 years against various forms of sexual exploitation and abuse. This Act was enacted to comprehensively address heinous crimes such as sexual assault, sexual harassment, sexual abuse, and child pornography, thereby ensuring that children are protected from both physical and psychological harm.
The Protection of Children from Sexual Offences (POCSO) Act establishes a robust legal framework to address offenses involving the exploitation of children, particularly in cases related to child pornography. Section 13 [31] prohibits the use of children for pornographic purposes, encompassing acts such as creating obscene representations of children, displaying their sexual organs, or depicting them in sexual acts for personal gratification or distribution. This provision highlights the gravity of exploiting children in any manner through electronic media.
To ensure accountability, Section 14 [32] prescribes stringent penalties for offenses under Section 13. It mandates a minimum imprisonment of five years along with a fine for the first conviction, escalating to seven years for subsequent convictions. Moreover, individuals who personally engage in the sexual exploitation of children during the commission of such offenses face additional penalties under Sections 4, 6, 8, or 10 of the Act, depending on the nature of the associated offense.
Section 15 [33] addresses the storage of pornographic material involving children, penalizing those who possess such material with the intent to transmit or distribute it.
The Act also emphasizes the accountability of those who abet such offenses or fail to report them. Under Section 16[34], abetment includes acts such as instigating others, engaging in conspiracy, or intentionally aiding the commission of the offense. Abettors are liable for the same punishment as the principal offenders. Similarly, Section 19 [35] mandates that any individual, including children, who apprehends or has knowledge of such offenses must report them to the Special Juvenile Police Unit or local police. Failure to report such crimes is itself an offense, ensuring that individuals with knowledge of such acts cannot escape liability.
Further, Section 20 [36] obligates media personnel, studios, photographic facilities, and similar establishments to report any sexually exploitative material involving children to the authorities. This provision underscores the collective responsibility of individuals and institutions to prevent and address the exploitation of children.
Important Provisions of the POCSO Act
| Section | Purpose |
|---|---|
| Section 13 | Prohibits the use of children for pornographic purposes. |
| Section 14 | Prescribes punishment for child pornography offenses. |
| Section 15 | Punishes possession of child pornographic material for transmission or distribution. |
| Section 16 | Provides punishment for abetment. |
| Section 19 | Makes reporting of offenses mandatory. |
| Section 20 | Requires media and related establishments to report child exploitation material. |
Australia’s Online Safety Amendment and India’s Data Protection Framework
On November 28, 2025, Australia approved the Online Safety Amendment (Social Media Minimum Age) Bill, 2024, which aims to regulate the access of children under the age of 16 to social media platforms. The provisions of the bill will come into effect after 12 months, as outlined in Section 63E. [37] This legislation introduces specific obligations for social media platforms to take reasonable steps to prevent children under 16 from creating accounts. Importantly, the bill does not implement a blanket ban on social media usage by minors but instead establishes an age restriction—focusing on a targeted approach to protect younger users.
Central to this amendment is the concept of an “age-restricted social media platform” under Section 63C[38] of the bill. This section defines such platforms as electronic services primarily designed to facilitate online social interaction. Specifically, the platform must enable users to link to or interact with one another (Subsection 2(1)(a)(ii)) and allow users to post material (Subsection 2(1)(a)(iii)), ensuring the service’s primary purpose is social rather than business or commercial in nature.
Additionally, Section 63C(2)(4) grants the minister the authority to designate services as age-restricted platforms, provided it is deemed necessary to reduce harm to age-restricted users. Before exercising this power, the minister must seek advice from the commissioner (Subsection 2(5)(a)) and consider this guidance, as well as input from other relevant Commonwealth authorities or agencies (Subsection 2(5)(b)). This consultative process ensures that decisions are made with careful consideration of the potential impacts on vulnerable users, aiming to balance user protection with the operational needs of social media platforms.
In essence, the amendment bill creates a regulatory framework that imposes an age restriction on social media usage for children under 16, rather than instituting a blanket ban. It prioritizes creating a safer digital environment for young users by limiting access to certain platforms based on age. This can be viewed as a state-imposed age restriction, as clearly defined under the concept of an age-restricted social media platform. The bill also addresses how platforms must collect and use personal data to enforce age restrictions, as outlined in Section 63F. [39] If an entity collects personal data to verify age, the use or disclosure of this data must be strictly limited to age-restriction compliance or other purposes outlined in the Australian Privacy Principles under the Privacy Act 1988, or with the explicit consent of the individual. Consent must meet several conditions: it must be voluntary, informed, current, specific, and unambiguous, with the individual retaining the right to withdraw consent easily. Social media platforms are also required to destroy the collected data once its purpose is fulfilled. Failure to do so constitutes a breach of privacy under the Privacy Act 1988, which can be subject to complaints under Section 36 [40] of the Act.
Under the new legislation, Australian users will have to prove they are either above or below the prescribed age limit, though the specific methods of age verification, such as whether government-issued identification or digital ID will be required, remain undetermined. Prime Minister Anthony Albanese has clarified that no Australian will be compelled to use government identification for age verification, and platforms must offer reasonable alternatives. Still, the exact methods for verifying age are unclear, leaving some uncertainty regarding how platforms will comply with the new regulation. Additionally, during a Senate Estimates hearing on November 5, 2024, a representative from the Department of Infrastructure, Transport, Regional Development, Communications, and the Arts confirmed that all account holders on Age-Restricted Social Media Platforms (ARSMPs) would need to verify their age, not just users under 16. However, practical implications remain unclear. For example, while platforms like Instagram and Facebook ask for age verification, users often simply agree to terms stating they are above the age limit, and if no form of ID is going to be required, then how the same is going to proceed remains uncertain.
Key Features of Australia’s Online Safety Amendment
| Feature | Description |
|---|---|
| Minimum Age | Restricts social media account creation by children below 16 years. |
| Age Verification | Platforms must take reasonable steps to verify age. |
| Privacy Protection | Collected data can only be used for age verification and related lawful purposes. |
| Consent | Consent must be voluntary, informed, specific, current, and capable of withdrawal. |
| Data Retention | Platforms must destroy personal data after verification purposes are fulfilled. |
Comparative Analysis of Child Safety Frameworks: Australia and India
The Online Safety Amendment (Social Media Minimum Age) Bill, 2024, in Australia, and India’s Digital Personal Data Protection Act, 2023 (DPDPA), share a common goal of safeguarding children in the digital environment but differ significantly in their regulatory emphasis and mechanisms. Australia’s legislation prohibits children under the age of 16 from creating accounts on “age-restricted social media platforms” and places the responsibility on platforms to implement reasonable measures for age verification while ensuring privacy. It mandates that data collected for this purpose be used solely for age verification and destroyed once its objective is achieved. However, challenges arise from legal and practical ambiguities, such as the lack of clear age verification protocols and the Prime Minister’s rejection of government-mandated IDs, creating a regulatory vacuum. Questions persist about how platforms will verify users’ ages effectively without breaching privacy or imposing undue burdens. Developing specialized protocols to reliably determine users’ ages while upholding data protection standards could provide a solution. Until then, the regulation’s implementation remains unclear, leaving platforms and users navigating uncertain compliance requirements. Despite these hurdles, the legislation reflects a state-led intervention aimed at fostering a safer online environment through direct regulation of platform access, prioritizing immediate harm reduction for younger users.
India’s approach, as outlined in the DPDPA, adopts a broader framework emphasizing responsible processing of children’s data. It requires parental or guardian consent for children to access social media platforms, in line with legal principles of majority and contractual capacity in India. The Indian Majority Act, 1875, sets the age of majority at 18 years. [41] Under Section 11 [42] of the Indian Contract Act, 1872, only individuals of legal majority can enter binding contracts. Since user agreements on social media are legally binding contracts, children under 18 cannot independently enter them. Guardians, however, may act on behalf of minors, as affirmed by the Madras High Court in Krishnasami and Anr. v. Sundarappayyar [43], which upheld the power of guardians to enter beneficial or necessary contracts for minors. The 2025 Draft Digital Personal Data Protection Rules further enhance this framework by introducing reliable identity verification for guardians providing consent, adding accountability for platforms, and focusing on ethical data use rather than blanket access restrictions.
India’s Central Government can exempt certain fiduciaries from obligations under the DPDPA, focusing on robust data governance rather than outright restricting access. In contrast, Australia’s regulatory framework adopts a consultative approach. [44] Young people’s input shapes regulations, and exceptions are made for fiduciaries deemed safe by the government. Australia’s minister has authority to designate age-restricted platforms based on harm reduction needs, guided by expert advice, allowing regulations to adapt to evolving risks. Both systems aim to create safer digital spaces but diverge in their priorities: Australia emphasizes direct access control, while India prioritizes data governance and informed consent.
A practical difference lies in enforcement. Australia mandates age verification for all users on restricted platforms, which faces challenges without reliance on government-issued IDs. India, focusing on informed consent through guardian verification, confronts obstacles like regional literacy disparities and its vast user base. Both frameworks ultimately aim to protect children from social media’s harms, reflecting distinct strategies shaped by their unique regulatory philosophies. Australia’s direct access restrictions contrast with India’s nuanced, data-centric approach to safeguarding children online, offering complementary methods to address shared global concerns.
Comparison Between Australia and India
| Aspect | Australia | India |
|---|---|---|
| Primary Law | Online Safety Amendment (Social Media Minimum Age) Bill, 2024 | Digital Personal Data Protection Act, 2023 (DPDPA) |
| Minimum Age | Under 16 years | Under 18 years (through parental consent framework) |
| Regulatory Approach | Access restriction | Data governance and informed consent |
| Age Verification | Mandatory | Guardian verification |
| Main Focus | Platform access control | Responsible processing of children’s personal data |
These multifaceted cybercrimes highlight the urgent need for stronger measures to protect vulnerable groups, especially children, from exploitation and harm in an increasingly digital world.
Conclusion
The evolving dynamics of cybersecurity and mass surveillance present a complex interplay between ensuring national security and safeguarding civil liberties. The digital revolution, while instrumental in fostering connectivity and innovation, has simultaneously exposed individuals to unprecedented privacy risks. Governments worldwide, leveraging advancements in surveillance technology, have sought to combat cyber threats and maintain public safety. However, the normalization of mass surveillance raises critical concerns about its impact on fundamental freedoms, including the right to privacy, democratic accountability, and freedom of expression.
This paper underscores the importance of framing mass surveillance within a rights-oriented approach, advocating for measures that harmonize security imperatives with individual liberties. Judicial oversight, transparent policymaking, and international cooperation emerge as pivotal elements in achieving this balance. Historical precedents, such as the revelations by Edward Snowden, have underscored the risks of unchecked surveillance, necessitating robust legal and ethical frameworks to protect civil liberties.
The analysis also highlights the significance of child-centric cybersecurity laws as a response to emerging digital threats. By comparing the legislative approaches of Australia and India, this paper reveals contrasting priorities: Australia’s focus on direct access control through age-restricted platforms and India’s emphasis on informed consent and data governance. Both approaches underscore the shared global challenge of protecting vulnerable populations, particularly children, from digital exploitation.
Emerging technologies such as artificial intelligence, encryption, and privacy-centric tools hold promise for addressing the dual objectives of security and liberty. However, their deployment must be guided by ethical considerations and a commitment to minimizing invasive practices. The chilling effect of pervasive surveillance, as illustrated through Foucault’s concept of panopticism, underscores the psychological and societal consequences of being constantly monitored.
Ultimately, achieving a sustainable balance between mass surveillance and civil liberties requires a multifaceted approach. This includes clear legal standards, technological safeguards, and an ethical commitment to preserving democratic values. Policymakers must prioritize transparency, accountability, and proportionality to ensure that the pursuit of security does not erode the foundational principles of human rights. In navigating this delicate equilibrium, nations must lead with foresight, leveraging technological advancements to fortify both security and freedom in the digital age.
Key Takeaways
- Mass surveillance must be balanced against fundamental rights.
- Judicial oversight and transparency are essential safeguards.
- Child-centric cybersecurity legislation is becoming increasingly important worldwide.
- Australia and India have adopted different yet complementary approaches to protecting children online.
- Ethical deployment of emerging technologies is critical for preserving privacy and democratic freedoms.
- Future cybersecurity policies should emphasize accountability, proportionality, and respect for human rights.
Endnotes:
- Rosenberg, N. (1982). Inside the Black Box: Technology and Economics. Cambridge: Cambridge University Press.
- Shivi Grover, Exploring the Digital Revolution in Education in India during the COVID-19 Pandemic, 12 International Journal of Social Quality 45 (2022).
- Boghosian, H. (2013). Spying on Democracy: Government Surveillance, Corporate Power, and Public Resistance. San Francisco: City Lights Publishers.
- Keith Guzik, Making Things Stick: Surveillance Technologies and Mexico’s War on Crime.
- Cramer, Benjamin W., A Proposal to Adopt Data Discrimination Rather than privacy as the justification for rolling back data surveillance, Journal of Information Policy, Vol. 8, pp. 5–33 (2018).
- Wright, David; Friedewald, Michael & Gellert, Raphaël. Developing and Testing a Surveillance Impact Assessment Methodology, International Data Privacy Law, Vol. 5, pp. 40–53 (2014). DOI: 10.1093/idpl/ipu027.
- Bhatia, G. (2014). State Surveillance and the Right to Privacy in India: A Constitutional Biography, National Law School of India Review, pp. 127 & 131.
- Ramanathan, U. (2010, July 24). A Unique Identity Bill, Economic and Political Weekly, p. 11.
- Stephen Coleman, Email, Terrorism & Right to Privacy, 8 Ethics and Information Technology 17–27 (2006).
- H. Akın Ünver, Politics of Digital Surveillance, National Security and Privacy, 2 Centre for Economics and Foreign Policy Studies 1–21 (2018).
- 952 F. Supp. 2d 638.
- Shubham Singh, Internet Freedom Foundation, raises alarm over India’s move for backdoor access to encrypted data. 42.
- ‘Profiling’ under Article 4, Chapter 1, General Data Protection Regulation (Jan. 19, 2025, 17:42).
URL: https://gdprinfo.eu/ - Richards, Dangers of Surveillance (n 33), pp. 1935, 1957.
- Indian Telegraph Rules, 1951, Rule 419A(1)–(2); The Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009, Rule 2(d) read with Rule 2(3).
- Comptroller & Auditor General of India, Audit Report on “IT Audit of State Data Centres” (2022).
URL: https://cag.gov.in/uploads/icisa_it_reports/7db9b967001ebeec572b498754f61af4.pdf - Nivedita Saksena & Siddharth Varadarajan, Mass Surveillance in India: Communications Surveillance and the Rule of Law, National Law University Delhi Journal of Legal Studies (2015).
- Internet Freedom Foundation, India’s Surveillance State: Laws and Practices (2021).
URL: https://internetfreedom.in - Available at:
https://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf - Available at:
https://www.indiacode.nic.in/bitstream/123456789/1999/3/A2000-21.pdf - Vijay Pal Dalmia, Data Protection Laws in India, Mondaq (Jan. 20, 2025, 9:40).
URL: https://www.mondaq.com/india/data-protection/655034/data-protection-laws-in-india–everything-you-mustknow#:~:text=The%20Constitution%20of%20India%20does,of%20the%20Constitution%20of%20India - 7 Principles of the Indian Privacy Code, Save Our Privacy (Jan. 20, 2025, 12:40).
URL: https://saveourprivacy.in/principles - Nikhil Pandey, Study Reveals the Science Behind Children’s Short Attention Span, NDTV (20 Oct. 2024).
URL: https://www.ndtv.com/science/study-reveals-the-science-behind-childrens-short-attention-span-6834157 - Firth JA, Torous J. & Firth J., Exploring the Impact of Internet Use on Memory and Attention Processes, 17 International Journal of Environmental Research and Public Health 9481 (2020).
URL: https://doi.org/10.3390/ijerph17249481 - Ricci RC, Paulo ASC, Freitas AKPB, Ribeiro IC, Pires LSA, Facina MEL, Cabral MB, Parduci NV, Spegiorin RC, Bogado SSG, Chociay Junior S, Carachesti TN & Larroque MM, Impacts of Technology on Children’s Health: A Systematic Review, Revista Paulista de Pediatria, 41:e2020504 (2022).
URL: https://doi.org/10.1590/1984-0462/2023/41/2020504 - The Information Technology Act, 2000, No. 21, § 67B.
- The Information Technology Act, 2000, No. 21, § 77.
- Ms. Jaya Thapa, The Protection of Children from Cyber Crimes in India, 3 IJFMR 6 (2024).
URL: https://www.ijfmr.com/papers/2024/3/22957.pdf - The Information Technology Act, 2000, No. 21, § 69.
- The Information Technology Act, 2000, No. 21, § 79(3)(b).
- The Protection of Children from Sexual Offences Act, 2012, No. 32, § 13.
- The Protection of Children from Sexual Offences Act, 2012, No. 32, § 14.
- The Protection of Children from Sexual Offences Act, 2012, No. 32, § 15.
- The Protection of Children from Sexual Offences Act, 2012, No. 32, § 16.
- The Protection of Children from Sexual Offences Act, 2012, No. 32, § 19.
- The Protection of Children from Sexual Offences Act, 2012, No. 32, § 20.
- Online Safety Amendment (Social Media Minimum Age) Bill, 2024, § 63(E).
- Online Safety Amendment (Social Media Minimum Age) Bill, 2024, § 63(C).
- Online Safety Amendment (Social Media Minimum Age) Bill, 2024, § 63F.
- Privacy Act, 1988, § 36.
- The Majority Act, 1875, No. 9, § 3(1).
- Indian Contract Act, 1872, No. 9, § 11.
- Krishnasami and Another v. Sundarappayyar, (1894) I.L.R. 18 Mad. 415.
- Bills Digest No. 39, Online Safety Amendment (Social Media Minimum Age) Bill 2024.
URL: https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/bd/bd2425/25bd39


