The Insurance Council of Australia (ICA) has submitted recommendations to the Office of the Australian Information Commissioner (OAIC) regarding the development of the Children’s Online Privacy Code.
While the general insurance sector supports protections for children online, the ICA is urging regulators to ensure that any new compliance obligations are proportionate to actual risk and do not interfere with insurance operations.
The ICA warned that the introduction of onerous or duplicative rules could hinder service delivery, particularly in time-sensitive areas such as claims processing and fraud detection.
“Insurers are committed to continuously improving the customer experience and made several commitments in the General Insurance Action Plan to improve claims processing. This includes ensuring fast and efficient management of claims as well as complaints,” it said in its submission.
It added: “Insurers are looking for a risk-based application of the code that minimises unnecessary administrative steps that may slow down the claims process or obstruct children from accessing insurance either directly or through a guardian.”
According to the ICA, there are select instances where children or young individuals interact with insurers.
This may occur in cases involving motor, travel, contents, compulsory third party (CTP), or workers’ compensation insurance.
Insurers may also interact with minors as witnesses or claimants, especially in accident or injury scenarios.
However, most engagements involving those under 18 are mediated by adults.
The ICA indicated that it is rare for children under 13 to interact directly with insurers, and where they do, such cases are typically initiated by a parent or guardian.
It advised that any regulatory changes should recognise these operational realities.
“It is very unlikely that children engage with general insurers under the age of 13 years old and, where they do, they are likely to be represented by a parent or guardian. This can include circumstances where a child has been involved in an accident or is a witness to an accident,” it said.
The insurance industry currently operates under multiple legal frameworks that regulate data collection and communications with consumers.
These include the Australian Privacy Principles (APPs), the Insurance Contracts Act, the Corporations Act, the ASIC Act, and the General Insurance Code of Practice.
Because of these overlapping requirements, the ICA proposed that either an exemption or a limited application of the Children’s Online Privacy Code be considered for insurers.
A similar exemption exists in the UK, where insurers are not required to comply with the Age Appropriate Design Code due to the minimal likelihood of children accessing insurance services.
The ICA emphasised the importance of avoiding duplication, stating: “If insurers are captured by the code, the OAIC should clearly identify the risk being addressed and ensure there is no duplication or inconsistency with existing requirements set out by financial services regulation.”
Insurers increasingly use digital platforms, such as apps and chatbots, to provide policy information, process claims, and conduct customer communications.
These tools typically deliver fact-based, consent-driven content and are designed to support essential service delivery.
The ICA warned that age verification protocols or expanded consent processes could impede access to insurance services for minors and their families.
This could have implications for the timely assessment of premiums or the investigation of insurance fraud.
“Delivery of insurance services requires insurers to handle personal information in line with the current APPs for the purposes of assessing a premium, processing a claim or investigating fraud. Any changes to the APPs should avoid limiting insurer’s ability to undertake core services and manage fraud,” the ICA said.
The privacy consultation comes at a time of heightened concern around data security.
A recent study commissioned by Arctic Wolf, surveying over 1,200 IT and cybersecurity professionals worldwide, found that 45% of respondents from Australia and New Zealand ranked data privacy, intellectual property protection, and compliance as their top security concerns for the next 12 months.
In contrast with global regions, where artificial intelligence adoption is the primary driver of cybersecurity strategy, organisations in Australia and New Zealand reported a greater focus on privacy safeguards and regulatory adherence.
