During the summer, the Children’s Commissioner held a round table event with multiple government agencies, the ICO (Information Commissioner’s Office) and commercial organisations including Facebook and Snapchat to investigate the long-term effects that large-scale processing of children’s personal data will have on them now and during adulthood.
The Children’s Commissioner has published a report from the event called “Who knows what about me?”, which details suggestions for policy and practices for protecting children’s personal data. The key suggestions are:
- The Centre for Data Ethics and Innovation to focus on children’s data.
- Obligations created for automated decision-making to be more transparent.
- Companies to give explicit privacy notices that are prominent on apps, toys and products aimed at children.
- Schools to increase children’s awareness about data sharing and their data footprint.
- Companies to use appropriate language for privacy notices that are aimed at children.
- A statutory duty of care to be introduced for social media companies.
The report looks into the collection and sharing of children’s data by direct collection and inferred data processing. Both the positives and negatives for the collection and use of children’s data are discussed, but it predominantly highlights the concerns regarding what all this data processing means in terms of the impact on a child’s adult life with regard to long-term opportunities and life chances, and not just the here and now.
Obvious areas such as social media are discussed, but also new technology such as smart toys and other connected devices. The report also picks up on concerns around data collection and sharing from essential public services, which the Children’s Commissioner says children have little control over and refers to children being “datafied” from birth. This is the concerning element, as we often assume public services will have implemented safeguards and protection for our children, and normally don’t have any option but to let public services process our personal data.
The report goes on to look at how personal data is being addressed in other areas, such as the current consultation on the guidance for sex education and relationships, and use of predictive analytics by local authorities, which shows that the government is thinking about how personal data sharing will affect every area of a child’s life and into adulthood.
The wider dangers of sharing personal data, such as decisions about being granted bail, job offers, and credit applications, are also considered, and not just the ‘stranger danger’ aspect, which is already well known. Having said that, with technological advances such as Snapchat’s live location finder, the risks are becoming more apparent.
The report can be used to help schools educate their pupils and to increase awareness for parents with the aim of reducing children’s digital footprints. There are good, real-life examples in the report that will bring the real dangers to life, such as the use of Dojo reward points in schools, connected baby monitors and fingerprint scanning as a payment method in school canteens.
The GDPR (General Data Protection Regulation) became law in Europe just two months before the round table meeting and is referenced throughout the report. Interestingly, the report signals areas that still need improvement and suggests increased legal protection for children’s personal data is still required – for example, the growing need and concern for transparency, age-appropriate privacy notices and the special protection children require.
The report includes five top tips for protecting children’s personal data for both children and parents.
- Stop and think when you’re about to share some personal information. Ask yourself, “Do I need to share this?” If you can’t do what you want (e.g. play a game) without giving away this information, ask yourself, “Is it worth it?” Sometimes it is, but lots of times it isn’t.
- Read the Children’s Commissioner Digital 5 A Day guide if you spend lots of time online and on social media, to help you think about other ways you can spend your time: connect, be active, get creative, give to others and be mindful.
- Look through terms and conditions to understand what data is collected when you use social media, websites and gadgets.
- Mute smart speakers when you don’t want them to listen to you.
- Talk to an adult you trust if you are worried about someone else knowing something about you, or if you want to learn more about your data rights.
- Don’t post photos and videos that reveal personal information about your children online. Sometimes it isn’t obvious – for example, tagging a child at home on their birthday gives away their date of birth and home address.
- Change the default passwords on all the gadgets your children use – whether it’s a smart speaker, Internet-connected toy or location-tracking watch. Don’t forget the router!
- Make sure the gadgets you buy your children are genuine. Counterfeit versions can be less secure than the originals.
- Watch out for security updates and install them as soon as you are prompted.
- Talk to organisations that hold information about your child about what information they collect and why, including schools, online services and retail loyalty schemes. Raise any concerns you have.
The full report can be found here.