Review of Restricted Access System Declaration 2007

Review of Restricted Access System Declaration 2007
Discussion paper
JUNE 2014
Canberra
Red Building
Benjamin Offices
Chan Street
Belconnen ACT
PO Box 78
Belconnen ACT 2616
T +61 2 6219 5555
F +61 2 6219 5353 / Melbourne
Level 44
Melbourne Central Tower
360 Elizabeth Street
Melbourne VIC
PO Box 13112
Law Courts
Melbourne VIC 8010
T +61 3 9963 6800
F +61 3 9963 6899 / Sydney
Level 5
The Bay Centre
65 Pirrama Road
Pyrmont NSW
PO Box Q500
Queen Victoria Building
NSW 1230
T +61 2 9334 7700
1800 226 667
F +61 2 9334 7799
Copyright notice


With the exception of coats of arms, logos, emblems, images, other third-party material or devices protected by a trademark, this content is licensed under the Creative Commons Australia Attribution 3.0 Licence.
We request attribution as: © Commonwealth of Australia (Australian Communications and Media Authority) 2014.
All other rights are reserved.
The Australian Communications and Media Authority has undertaken reasonable enquiries to identify material owned by third parties and secure permission for its reproduction. Permission may need to be obtained from third parties to re-use their material.
Written enquiries may be sent to:
Manager, Editorial and Design
PO Box 13112
Law Courts
Melbourne VIC 8010
Tel: 03 9963 6968
Email:

Introduction

Background

Regulatory framework

Questions

Environmental change

Keeping records

Financial and administrative impact of the restricted access
system on industry

Submissions

Making a submission

Appendix 1—Relevant legislation

Introduction

The Australian Communications and Media Authority (the ACMA) made the Restricted Access System Declaration 2007(2007 Declaration) to declare what constitutes a restricted access system for R18+ and certain commercial MA15+ online content, for the purposes of Schedule 7 to the Broadcasting Services Act 1992(BSA).

Hosting services, live content services, links services, and commercial content services with an Australian connection(designated content/hosting service providers) must have a restricted access system in place if they are to provide access to certain commercial MA15+ content and all R18+ content online. The relevant restricted access system must meet the requirements specified in the 2007 Declaration.

Technology has changed significantly in the seven years since the 2007 Declaration was made, making a review timely.

Consistent with the government’s deregulation agenda, there may also be opportunities to reduce unnecessary costs and administrative burdens on industry. However, deregulatory change must be balanced against the need to ensure effective community safeguards remain in place for Australians accessing online content.

After considering submissions to this discussion paper, the ACMA intends to draft a new restricted access system declaration to replace the 2007 Declaration. The ACMA will seek further comments on this draft.Under Schedule 7 to the BSA, a restricted access system declaration must be in place at all times.

The ACMA invites submissions from industry and the public on matters set out in this discussion paper to assist in the drafting of a new restricted access systems declaration.

Background

The 2007 Declaration was developed in response to the Communications Legislation Amendment (Content Services) Act 2007, which inserted a new Schedule 7 into the BSA.The Explanatory Statement accompanying the 2007 Declaration states that:

Clause 14 of Schedule 7 requires the Australian Communications and Media Authority (ACMA) to develop a restricted access system declaration (RAS Declaration) to regulate access to MA15+ content and R18+ content including content with an Australian connection that is delivered via the internet and via mobile networks, and also both stored and live streamed content.

Prior to the 2007 Declaration, access to online content was regulated by the Restricted Access System Declaration 1999 (No. 1) which applied to R18+ stored internet content hosted in Australia. Access to mobile premium service content was regulated by the Telecommunications Service Provider (Mobile Premium Services) Determination 2005 (No. 1).

The 2007 Declaration specifies the minimum requirements of an access-control system for online MA15+ content that is provided on a commercial basis, and online R18+ content. Different requirements exist for the different classification levels.

For MA15+ content that is provided on a commercial basis, an access-control system must:

require an application for access to the content; and

require a declaration from the applicant that they are over 15 years of age; and

provide warnings as to the nature of the content; and

provide safety information for parents and guardians on how to control access to the content; and

limit access to the content by the use of a PIN or some other means; and

include relevant quality assurance measures.

For R18+ content, an access-control system must:

require an application for access to the content; and

require proof of age that the applicant is over 18 years of age; and

include a risk analysis of the kind of proof of age submitted; and

verify the proof of age by applying the risk analysis; and

provide warnings as to the nature of the content; and

provide safety information for parents and guardians on how to control access to the content; and

limit access to the content by the use of a PIN or some other means; and

include relevant quality assurance measures; and

retain records of age verification for a period of twoyears after which the records are to be destroyed.

If MA15+ content that is provided on a commercial basis or R18+ content is not subject to a restricted access system, it will be prohibited content or potential prohibited content under Schedule 7 to the BSA.

A copy of the 2007 Declaration can be found here.

Relevant legislation, including definitions, can be found at Attachment A.

Regulatory framework

The regulatory framework for drafting a new restricted access system declaration is set out in the BSA.

Under subclause 14(1) of Schedule 7 to the BSA, the ACMA may, by legislative instrument, declare that a specified access-control system is a restricted access system in relation to content for the purposes of Schedule 7 (a RAS Declaration).

Under clause 2 of Schedule 7 to the BSA, an access-control system is a system under which:

1. persons seeking access to content have been issued with a Personal Identification Number that provides a means of limiting access by other persons to the content; or
2. persons seeking access to the content have been provided with some other means of limiting access by other persons to the content.

Under subclause 14(5) of Schedule 7 to the BSA, the ACMA must ensure that a RAS Declaration is in force at all times.

Under subclause 14(2) of Schedule 7 to the BSA, the ACMA may make different provision for R18+ content and MA15+ content.

Under Schedule 7, the obligation to have in place a restricted access system for particular content applies to hosting service providers, live content service providers, links service providers and commercial content service providers who provide a content service that has an Australian connection, where the content (‘excluding eligible electronic publications’) is:

MA15+ content that is provided by means of a content service which operates on a commercial basis; or

R18+ content.

In making a RAS Declaration, the ACMA must have regard to the following matters specified in subclause 14(4) of Schedule 7 to the BSA:

1. the objective of protecting children from exposure to content that is unsuitable for children; and
2. the objective of protecting children who have not reached 15 years from exposure to content that is unsuitable for children who have not reached 15 years; and
3. such other matters (if any) as the ACMA considers relevant.

Other relevant matters include the ACMA’s regulatory policy considerations under subsection 4(3AA) of Part 1 of the BSA, which are, in summary:

to address public interest considerations while not imposing unnecessary financial and administrative burdens on industry; and

to accommodate technological change; and

to encourage the development of technologies and services.

Questions

The ACMA invites submissions on any matters that it should considerin drafting a new restricted access system declaration.

Questions have been provided below to assist in focusing submissions. They are provided as a guide only and are not intended to limit the scope of submissions. Responses can be provided to all or any of the questions.

The ACMA requests that submitters provide reasons to support any views expressed.

Environmental change

In the seven years since 2007 Declaration was made, technology and the way people interact with content has changed.

This may mean that there are new and more effective ways for designated content/hosting services to ensure that:

MA15+ content is accessed only by consumers who are at least 15 years of age

R18+ content is accessed only by consumers who are at least 18 years of age.

There has also been a significant increase in the volume of user-generated content published.

Questions1 and 2

1. What new technologies, if any, are relevant to the drafting of a new restricted access system declaration?
2. Should there be different restricted access system requirements for user-generated content and/or any other content models?

Limiting access

Under the BSA, an access-control system means a system under which persons seeking access to content have been provided with a PIN or some other means of limiting access by other persons to the content.

Clauses 8 and 14 of the 2007 Declaration outline the methods available to industry to limit access to content to an approved applicant. Subclauses 8(2) and 14(2) make specificprovision for a Personal Identification Number (PIN) system or other means of limiting access to content.

Questions3,4and5

1. What factors should be taken into account in determining an effective access-control system?
2. Is the approach to limiting access reflected in clauses 8 and 14 of the 2007 Declaration effective? How could it be made more effective?
3. Is a better approach to limiting access available? If yes, what is it?

Age verification

Clause 13 of the 2007 Declaration requires that designated content/hosting services verify that an applicant for R18+ content is at least 18 years of age by requiring the applicant to provide evidence that the applicant is at least 18 years of age.

Clause 13 also requires that a risk analysis be conducted to identify and assess the risk that a kind of evidence of age submitted to the access-control system could be held or used by another person or a person who is younger than the age identified on the form of evidence. The risk analysis is outlined in further detail at clause 15.

Questions6, 7and 8

1. What factors should be taken into account in determining effective age verification mechanisms?
2. Is the approach to age verification reflected in clauses 13 and 15 of the 2007 Declaration effective? How could it be made more effective?
3. Is a better approach to age verification available? If yes, what is it?

Quality assurance

Clauses 9 and 16 of the 2007 Declaration require that designated content/hosting services must put in place quality assurance measures.

These include, for both covered MA15+ and R18+ content, measures that will be taken to remove an applicant’s access to the content, if the applicant has been given access in contravention of the 2007 Declaration.

For R18+ content, there must also be procedures for conducting periodic internal review of the effectiveness of the risk analysis and the application of the risk analysis.

Questions9, 10 and 11

1. What factors should be taken into account in determining effective quality assurance mechanisms?
2. Is the approach to quality assurance reflected in clauses 9 and 16 of the 2007 Declaration effective? How could it be made more effective?
3. Is a better approach to quality assurance available? If yes, what is it?

Keeping records

Clause 17 of the 2007 Declaration requires that designated content/hosting service providers keep records to demonstrate how the age of an applicant has been verified for each applicant who has been granted access to R18+ content for a period of two years, after which time the records are to be destroyed.

Questions12, 13 and 14

1. What factors should be taken into account in determining effective record-keeping requirements?
2. Is the approach to record-keeping requirements reflected in clause 17 of the 2007 Declaration effective? How could it be made more effective?
3. Is a better approach to keeping records available? If yes, what is it?

Financial and administrative impact of the restricted access system on industry

The regulatory policy specified by parliament in section 4 of Part 1 of theBSA requires the ACMA to regulate designated content/hosting services in a manner that enables public interest considerations to be addressed. These considerations must be addressed in a way that does not impose undue financial and administrative burdens on industry and will readily accommodate technological change.

Internet content hosts, mobile carriage service providers and mobile content service providers are currently subject to the 2007 Declaration when providing applicants with access to age-restricted content. Under Schedule 7 to the BSA, hosting services, live content services, links services, and commercial content services with a connection to Australia,are required to have a restricted access system in place if they are to provide access to covered MA15+ content and R18+ content. The relevant restricted access system must meet the requirements specified in any RAS Declaration made by the ACMA.

Questions15 and 16

1. What are the impacts (including financial costs) on designated content/hosting service providers of complying with the:

access control
age verification
quality assurance
record keeping
requirements of the 2007Declaration?

1. What are the impacts (including financial costs and savings) likely to accrue to designated content/hosting service providers and consumers of their services as a result of any specific changes proposed in your submission?

Submissions

The ACMA invites submissions from industry and the public on matters set out in the discussion paper to assist it in drafting a new restricted access system declaration to replace the 2007 Declaration.

Making a submission

Submissions should be directed:

By email:

By mail:The Manager

Content Classification Section and ACMA Hotline

Citizen and Community Branch

Australian Communications and Media Authority

PO Box Q500

Queen Victoria Building NSW 1230

The closing date for submissions is 13June 2014.

Note: closing date for submissions has been extended to 5pm 8 July 2014.

Each submission should specify:

the name of the individual or organisation making the submission

their contact details (such as a telephone number, postal address or email address).

A submitter may claim confidentiality over their name or contact details (see Publication of submissions below) or may make a submission anonymously or through use of a pseudonym(see Privacy below).

Effective consultation

The ACMA is committed to ensuring the effectiveness of its stakeholder consultation processes, which are an important source of evidence for its regulatory development activities. To assist stakeholders in formulating submissions to its formal, written consultation processes, it has developed the following guide: Effective consultation: A guide to making a submission. This guide provides information about the ACMA’s formal, written, public consultation processes and practical guidance on how to make a submission.

Publication of submissions

In general, the ACMA publishes all submissions it receives, including any personal information in the submissions (such as names and contact details of submitters).The ACMA prefers to receive submissions which are not claimed to be confidential. However, the ACMA accepts that a submitter may sometimes wish to provide information in confidence. In these circumstances, submitters are asked to identify the material (including any personal information) over which confidentiality is claimed and provide a written explanation for the claim.The ACMA will consider each confidentiality claim on a case-by-case basis. If the ACMA accepts a claim, it will not publish the confidential information unless authorised or required by law to do so.

Release of submissions where authorised or required by law

Any submissions provided to the ACMA may be released under the Freedom of Information Act 1982 (unless an exemption applies) or shared with other Australian Government agencies and certain other parties under Part 7A of the Australian Communications and Media Authority Act 2005. The ACMA may also be required to release submissions for other reasons including for the purpose of parliamentary processes or where otherwise required by law (for example, under a court subpoena). While the ACMA seeks to consult submitters of confidential information before that information is provided to another party, the ACMA cannot guarantee that confidential information will not be released through these or other legal means.

Privacy

The Privacy Act 1988 imposes obligations on the ACMA in relation to the collection, security, quality, access, use and disclosure of personal information. These obligations are detailed in the Australian Privacy Principles that apply to organisations and Australian Government agencies from 12 March 2014.

The ACMA may only collect personal information if it is reasonably necessary for, or directly related to, one or more of its functions or activities.

The purposesfor which personal information is being collected (such as the names and contact details of submitters) are to:

contribute to the transparency of the consultation process by clarifying, where appropriate, whose views are represented by a submission

enable the ACMA to contact submitters where follow-up is requiredor to notify them of related matters (except where submitters indicate they do not wish to be notified of such matters).

The ACMA will not use the personal information collected for any other purpose, unless the submitter has provided their consent or the ACMA is otherwise permitted to do so under the Privacy Act.

Submissions in response to this paper are voluntary. As mentioned above, the ACMA generally publishes all submissionsit receives, including any personal information in the submissions. If a submitter has made a confidentiality claim over personal information which the ACMA has accepted, the submission will be published without that information.The ACMA will not release thepersonal information unless authorised or required by law to do so.

If a submitter wishes to make a submission anonymously or through use a pseudonym, they are asked to contact the ACMA to see whether it is practicable to do so in light of the subject matter of the consultation. If it is practicable, the ACMA will notify the submitter of any procedures that need to be followed and whether there are any other consequences of making a submission in that way.

Further information on the Privacy Act and the ACMA’s privacy policy is available at The privacy policy contains details about how an individual may access personal information about them that is held by the ACMA, and seek the correction of such information. It also explains how an individual may complain about a breach of the Privacy Act and how the ACMA will deal with such a complaint.