A University of Newcastle study in the BMJ finds the law's age checks rely on self declaration, letting most under 16s keep their existing accounts or borrow someone else's.
Three months after Australia's under-16 social media ban took effect, 86% of teenagers under 16 in a University of Newcastle study were still using at least one of the platforms the law was meant to lock them out of. The barrier is not teen hacking, sophisticated or otherwise. It is the design of the age check itself.
A peer-reviewed study published in the BMJ and led by Dr Courtney Barnes at the University of Newcastle and the Hunter Medical Research Institute surveyed 408 Australian adolescents aged 12 to 17 before the ban and again three months in, the first peer-reviewed look at how the law was actually playing out in practice. The Engadget synthesis tracks the same finding.
The headline number, 85% plus of under-16s still on TikTok, X, Facebook, Instagram, YouTube, or Snapchat, hides a more granular story about which teens, and how. Between 54% and 68% of under-16s said they kept using their existing pre-ban accounts. Usage held roughly steady among 12 to 13 year olds, declined among 14 to 15 year olds (78% to 69%), and actually rose among 16 to 17 year olds (80% to 89%) over the same window. The over-16 rise is suggestive, not causal. The study did not isolate the ban as the reason, and survey respondents were self-reporting.
The more revealing number sits in how teens encountered the gate. About two thirds of under-16s reported being asked their age. The most common age check was self-declaration (24% to 39% of encounters), followed by selfie or ID upload (13% to 27%). Asked how they got past the checks, 15% to 19% used fake accounts, 9% to 29% used someone else's account, around 11% used private browsers, and very few said they used a VPN. In short, the law's enforcement layer ran on the honour system, and the honour system bent.
A BMJ editorial accompanying the study, written by Dr Amrit Kaur Purba of the London School of Hygiene and Tropical Medicine, framed the result as a "partially implemented policy" whose "mechanism intended to restrict access was not reliably activated." That language matters because it points the fix at a specific layer. Replace self-declaration with third-party age estimation or identity-linked verification. Treat borrowed and fake accounts as a verification-design problem rather than a teen moral failing. Accept that compliance is a moving target that has to be measured, not assumed.
Australia's eSafety Commissioner, Julie Inman Grant, has been saying similar things in public. In a Senate Estimates opening statement she described the law as a "very blunt approach," and her office has flagged five platforms for compliance issues. Reporting from the Sydney Morning Herald and Jurist captured the regulator's frustration with the gap between the law on the books and the experience of teens logging in.
The caveats are real. The University of Newcastle team called the findings "early days" because three months is a short window. The survey is self-reported, so the share of teens finding a way around the checks is more likely a floor than a ceiling. The BMJ's full text was paywalled at the time of writing, so the quantitative findings here come from the institutional release and the BMJ editorial abstract, not from the methods section itself. The 12-month follow-up will be the real test of whether the gap narrows as platforms adjust their age-assurance stack or holds steady.
What to watch next: whether the Australian government moves from platform-side self-declaration toward third-party age-estimation services or an ID-linked verification regime, which platforms the eSafety Commissioner escalates next, and what the next survey wave shows when this cohort passes the one-year mark.
For now, the lesson is not that Australia's ban failed. It is that a ban without a verification mechanism is a request, and three months of data show most teens said yes to the platforms and no to the request.