Limitations of Digital Safety Laws: Why Are Children Still at Risk Online? Operation X-ray Wick: Case Study

Online Child Abuse

Source: BBC (2020)

Recently, it was in the news that a 27-year-old man in Australia has been charged with 596 offences after police found more than 23,000 videos and images of alleged child abuse on his electronic devices. Operation X-ray Wick was the name of the investigation that led Queensland police to find the man who “actively targeted” children (aged between 7 and 15 years) on social media and gaming platforms, allegedly committing hundreds of child-abuse-related offences against 459 victims in Australia and 15 other countries (Livingstone, 2025).

The Detective Acting Chief Superintendent Denzil Clark of Queensland Police expressed that, while such trauma caused to children is significant, there has been an “increasing prevalence of children being groomed, coerced, or threatened into taking and sending sexual images of themselves, often through popular apps, games and social media sites” (Livingstone, 2025; QPS, 2026a).

Operation X-ray Wick: Seized electronic devices from the man’s residence

Source: QPS (2026a)

Concerns about the potential online harm to children have been rising, prompting the government to introduce strict digital rules. For example, the Australian Government has taken a very restrictive stance by banning platform users under sixteen from accessing social media. Despite these tough regulations, incidents like the cases leading to Operation X-ray Wick still occur. This raises an important question: why are children still at risk online despite the strict measures? But before we delve into the question, let’s examine the existing laws to curb online harm.

Digital Governance Policies in Australia

Over the years, Australia has built an impressive framework of digital safety policies.

The Online Safety Act 2021

The key child harm prevention-centric elements of the Online Safety Act include:

• Social media minimum age framework (SMMA) – The age-restricted social media platforms should take steps to prevent children under 16 from having accounts.
• Image-based Abuse – Provides mechanisms to seek the removal of explicit or intimate images. SIMMA started on 10^th December 2025, after the Parliament passed the Online Safety Amendment Act 2024.
• Online Content Scheme – Designed to protect consumers, particularly children, from exposure to harmful material. Users can complain to eSafety about illegal or offensive content. eSafety can order the removal of ‘worst of the worst’ forms of online content, including child sexual abuse material.
• Cyberbullying – eSafety offers a complaints service for Australian children who experience serious cyberbullying. eSafety can take down a full range of online services used by children, from social media platforms, websites, games and messaging services.
• Rapid website blocking – empowers eSafety to respond to online crisis by blocking access to materials promoting, depicting, instructing or inciting violent conduct. (Australian Government, 2025)

At first glance, the above policies may appear decisive. They demonstrate political will to protect children from online harm. However, despite such restrictive policies, the legislation has not been able to mitigate online child abuse completely. The number of crimes related to online child harm in Australia is still significant.

The AFP-led Australian Centre to Counter Child Exploitation (ACCCE) recorded a 41% increase in reports of child sexual abuse in the financial year 2024-2025. According to the AFP Commander Human Exploitation, the 41 per cent rise in reports of online child sexual abuse is indeed concerning, as it involves intense horror and trauma for the victims and their family members (AFP, 2025b).

Issues of Digital Safety Norms: Limitations

According to Rickard (2025), although the Act mandates age restrictions, the online age verification is a relatively underdeveloped area of regulation within Australia. The jurisdictions are yet to legislate that platform services mandatorily employ specific enabling technology.

Moreover, platforms are supposed to put efforts into implementing technologies to detect known abuse material, such as that generated by artificial intelligence, online grooming, and live-streamed abuse. In fact, eSafety requires transparency notices every six months from Google, Apple, Microsoft, Meta and other big tech firms. However, according to the AFP (2025b) report, there are serious safety gaps that put children at risk.

This reflects that policies mandating platform transparency technologies are not sufficient, as they are only useful for companies to meet regulatory requirements and not to curb online child abuse crimes in reality.  This indicates a critical limitation of the laws; even if the policies make online safety mandatory, they alone may not ensure technological effectiveness.

In fact, according to Scanlan (2026), there is a wide gap between what technology can do and what the companies are doing in reality to address online child harms. Even though companies like Microsoft have put in serious efforts to expand their detection of known abuse material within Outlook, the overall tech giants continue to fall short of expectations with respect to policy implementation. The following are some of the highlights of the AFP (2025b) report that reveal companies are not doing enough to address online abuse of children.

Social Media Platform Legislation Implementation Gap according to the AFP (2025b) Report

• Google and Meta continue to leave video calling services like Messenger and Google Meet unmonitored for live-streamed abuse, though they use detection tools on their other platforms.
• Discord and Apple are failing to implement proactive detection. In fact, Apple still relies heavily on user reports rather than automated safety technology.
• Discord, Apple, Google Chat, Meet, Messages, Microsoft Teams and Snap are still not using available software to detect the sexual extortion of children.

According to Scanlan (2026), the major concern is related to online activities in live video and encrypted environments. Companies making investments in developing tools to detect live online child sexual exploitation and abuse are still inadequate.

The following is the dashboard launched by eSafety that tracks the progress of technology companies with respect to the implementation of protection technologies.

The dashboard reveals how platforms are using tools to detect child abuse and exploitation within live streams

Source: Scanlan (2026)

The above table shows that other than Google’s YouTube, Meta’s Facebook Live, Instagram Live and Microsoft’s Skype, none of the platforms have implemented appropriate technologies for child protection.

But why is the platform industry so reluctant to implement or invest in tools that can protect children against online harm?

Platform Resistance

Platform resistance or the platform’s reluctance to implement adequate measures is often influenced by diverse financial and operational pressures faced by them. For instance, to access stricter child protection tools might involve costly investments, time-to-time technology upgradations, appropriate staff training, and require greater operational efforts to comply with the protection process. Moreover, due to stricter norms, the businesses might face reduced engagement, slow platform growth, and eventually lose significant user based which in turn may impact overall profitability.

Frances Haugen (2021), a former Facebook product manager, testified before the U.S. Congress in 2021 that there has often been a conflict of interest between what is good for the public and what is good for the company. And, Facebook has often chosen to optimise their own interests like earning more revenue. She also revealed that the leadership very well know how to make appropriate platform safety technologies. But, they will not make them as they prioritise astronomical profits over the well-being of people.

Week Platform Accountability

Even though the Digital Safety Act has shifted considerably from a voluntary to a mandatory compliance-driven framework, increasing the pressure on social media companies, accountability is still perceived to be in a “work in progress ” stage (Grant, 2022). It becomes quite evident from the compliance gap identified in the AFP (2025b) report.

So, unless there are stricter governmental laws that compel companies to ensure optimal public safety, companies will continue to put their own benefits before user safety. This reveals that one of the major causes behind cases that result in investigations like Operation X-ray Wick is the existence of a significant gap in platforms’ legal entitlement and compliance. There is minimal legal provision for platform accountability, and hence it largely remains weak.

User Safety and Privacy Dilemma

Laws ensuring digital safety often raise ethical dilemmas, especially in the context of prioritising privacy or surveillance. In fact, the Digital Safety bill advocated for content moderation as one of the means to protect children from harmful content. Contents that are “harmful but legal” are supposed to be moderated or removed by the platforms (Woods and Perrin, 2021). Often, while strengthening moderation or detection systems, companies may face issues related to privacy or freedom of speech. As a result, platforms often express their difficulty in balancing child safety and civil liberties.

Content Modification Issues

Even though moderation of harmful content is commonly recommended, online platforms face several limitations. The content moderation process is largely invisible to users. Moreover, due to the sheer volume of content uploaded, moderation is often delayed and may be subject to errors. Further, automated tools that use algorithms to detect and remove child sexual exploitation material may miss detecting content that is not included in the database of identified bad content. So, this explains that despite strong laws, online child abuse remains a major concern.

Recommendations

To an extent, the above-discussed limitation can be overcome based on the following recommendations.

The target should not be the content, but rather the focus should be on the design of the platform service. According to Woods and Perrin (2021), the system design has an impact on what happens online. So platforms can focus on three major points of influence that may reduce the effect on the occurrence of harm”: a. the point at which the user engages with the platform (for instance, the sign-up process), b. the mechanisms of content dissemination (for instance, search engines, hashtags, feeds, algorithms) and c. mechanism by which recipient users engage with content (for instance commenting, sharing, forwarding etc).

So, the platform systems should be developed based on the “Duty of Care” model, where instead of judging individual pieces of content, focus should be on how algorithms recommend content, and the working of the reporting tools. Based on the nature of platforms and the user base, stricter regulations are needed. So, independent regulators, or a differentiated “Duty of Care” approach, can be adopted to ensure safety standards designed according to the type of platform (Law, 2024). For instance, platforms serving children should be designed to ensure users are protected from typical online harms like exposure to harmful content, grooming or cyberbullying.

Further, the basis of regulation or moderation should be transparent so that concerns related to freedom of speech or privacy can be addressed.

The social media design choice provided by the eSafety Commission can also be viewed to learn how platform design can contribute to a safer online experience (eSafety Commissioner, 2026).

The advice released by the Queensland Police post Operation X-ray Wick can also be considered to keep children safe from online harm.

Advice and Resources from The Queensland Police

• Use Daniel’s Law. Daniel’s law gives Queenslanders an important tool to keep young people safe. The law introduces a disclosure scheme that allows members of the public to access certain information about reportable offenders on Queensland’s Child Protection Register (QPS, 2026b).
• Who’s chatting to your kids? It is a set of advice and information provided to reduce online risks for children (QPS, 2023).
• Visit eSafety Commissioners to enhance knowledge of online safety, with a comprehensive suite of information, resources, and reporting tools to ensure children have a safe experience online (eSafety Commissioner, 2024).
• Participate Out of the dark #doiknowu campaign that provides resources to help young people stay safe online (QPS, 2019)
• Access Think U Know to obtain information on topics like sexting, cyberbullying, online privacy, online child exploitation and so on (AFP, 2025a).

The Queensland Police also advised reaching out to the Australian Centre to Counter Child Exploitation (ACCCE). ACCCE brings together specialist expertise and skills, and supports investigations into online child sexual abuse and developing preventive strategies to ensure a safer online environment.

Overall, due to increasing reports of online child abuse cases and police involved in investigations like Operation X-ray Wick, laws adopted by the Australian Government, like the Digital Safety Act (2021), strengthen regulations to a great extent. However, they still face several risks like platform resistance, free-speech and privacy issues, and moderation limits. Hence, it is highly recommended that moderation, transparency, duty of care, and safe platform designs be focused on to protect children from online harm.

References

Australian Federal Police. (2025 a). ThinkUKnow Australia. https://www.thinkuknow.org.au/ 

Australian Federal Police. (2025b). 41 per cent jump in online child sexual exploitation reports underscores need for whole-of-community approach. https://www.afp.gov.au/news-centre/media-release/41-cent-jump-online-child-sexual-exploitation-reports-underscores-need

Australian Government. (2025). Current Legislation. Infrastructure, Transport & Vehicles. https://www.infrastructure.gov.au/media-technology-communications/internet/online-safety/current-legislation 

BBC. (2020). Coronavirus: Online child abuse warning during lockdown. BBC. https://www.bbc.com/news/technology-52067507 

eSafety Commissioner. (2024). eSafety Commissioner. Australian Government. https://www.esafety.gov.au/ 

eSafety Commissioner. (2026). Safety by Design. https://www.esafety.gov.au/industry/safety-by-design

Grant, J. I. (2022). Australia’s Online Safety Act compels disclosures from tech firms. Tech Policy Press. https://www.techpolicy.press/australias-online-safety-act-compels-disclosures-from-tech-firms/ 

Haugen, F. (2021). Statement of Frances Haugen: Written testimony before the U.S. Senate Committee on Commerce, Science, and Transportation, Subcommittee on Consumer Protection, Product Safety, and Data Security. U.S. Senate Committee on Commerce, Science, and Transportation. https://www.commerce.senate.gov/wp-content/uploads/media/doc/Frances%20Haugen%20Written%20Testimony.pdf 

Law, S. (2024). Effective enforcement of the Online Safety Act and Digital Services Act: unpacking the compliance and enforcement regimes of the UK and EU’s online safety legislation. Journal of Media Law, 16(2), 263–300. https://doi.org/10.1080/17577632.2025.2459441

Livingstone, H. (2025). Australian police charge man with abuse of 459 children. BBC. https://www.bbc.com/news/articles/cp8736x1m05o 

Queensland Police Service. (2026a). 596 online child abuse charges. My Police Queensland. https://mypolice.qld.gov.au/news/2026/02/05/596-online-child-abuse-charges/ 

Queensland Police Service. (2026b). Daniel’s Law. Queensland Government. https://www.police.qld.gov.au/initiatives/daniels-law 

Queensland Police Service. (2023). Who’s chatting to your kids? Queensland Government. https://www.police.qld.gov.au/policelink-reporting/reporting-cybercrime/children-and-the-internet/whos-chatting-to-your-kids 

Queensland Police Service. (2019). Do you really know your online friends? #DoIKnowU. My Police Queensland. https://mypolice.qld.gov.au/news/2019/11/03/do-you-really-know-your-online-friends-doiknowu/

Rickard, D. (2025). Report of the statutory review of the Online Safety Act 2021. Department of Infrastructure, Transport, Regional Development, Communications and the Arts, Australian Government. https://www.infrastructure.gov.au/sites/default/files/documents/report-of-the-statutory-review-of-the-online-safety-act-2021-february-2025.pdf

Roberts, S. T. (2019). Behind the screen: Content moderation in the shadows of social media. Yale University Press.

Scanlan, J. (2026). Australian child sexual abuse material reports rose 41% – and big tech still isn’t doing enough to stop it. Startup Daily. https://www.startupdaily.net/topic/politics-news-analysis/australian-child-sexual-abuse-material-reports-rose-41-and-big-tech-still-isnt-doing-enough-to-stop-it/ 

Woods, L., & Perrin, W. (2021). Obliging platforms to accept a duty of care. In M. Moore & D. Tambini (Eds.), Regulating big tech: Policy responses to digital dominance. Oxford University Press. https://doi.org/10.1093/oso/9780197616093.003.0006