Rights of Children in a Digital World
What will our children be getting for Christmas?
It is very likely that from a certain age (younger all the time) children will be given presents that are more and more technology based. Mobile phones, tablet devices, interactive learning devices and toys that talk to and interact with children.
As we are all aware the digital world is pretty much part of everyday life for everyone from a very young age. Children now are far more tech-savvy than most adults of a certain age were. Far from toy cars, dolls and action figures, children now are more likely to be playing online games or with other interactive toys that will have significant benefits in relation to education and being ready for an ever-evolving digital world.
Do these gifts come at a price (and not in the financial sense)?
All of these toys and consoles require a certain amount of data to be interactive. Do we know how much personal information our children are giving to the manufacturers of the games and devices (the manufacturers are known as data controllers, under the Data Protections (Jersey) Law 2018)? Are the children giving their personal information in a free and informed way? Are the parents, guardians, carers etc. being consulted about what information is being asked for or worryingly, just taken? Do those giving the presents really understand the technical capabilities and risks associated with the thing being gifted?
All of these are important privacy questions. As adults we are far more aware of our privacy rights and more likely to challenge a person or organisation if we think too much information is being requested and stored. What is it needed or used for? How long will it be kept? Who can see it? Amongst other things.
It is important to understand that in the digital world and a new era of data protection awareness, children have the same rights as adults. There is an expectation that organisations who process the personal data of children will treat it and the children with respect, offer them sufficient protection and seek parental consent where necessary. Where the impact of the digital world on children’s development, on their daily lives and the opportunities available to them is becoming increasingly important, it is more essential than ever to promote respect for children’s rights.
Children can be especially vulnerable to the risks associated with the digital environment. For that reason, protecting the privacy of children online is seen as a priority. As digital advances continue at an alarming rate, determining an appropriate balance between protection and emerging autonomy is more necessary than ever. This office, like other regulators, welcomes the promotion of a child centred approach that involves all actors in the digital environment.
Existing legislation recognises that children’s data merits specific attention and protection. The General Data Protection Regulation (GDPR) and the Data Protection (Jersey) Law 2018 support this view. This includes making reasonable efforts in the circumstances to verify that any consent provided on behalf of a child has in fact been provided by the holder of parental responsibility for the child. There is a requirement for the provision of age-appropriate privacy notices for children.
Technology developers should be encouraged to actively take into account children’s voices and consult with them and parents when developing digital technology. Data controllers are already obliged to;
- adopt a ‘privacy by design’ approach as set out in aforementioned legislation
- consider the rights and freedoms of the data subjects whose data they intend to process when designing new processes and systems.
Whilst technology is part of all of our daily lives, our children, in some cases, understand more than we do about how it works and what it can do (certainly in my case). It pays to be vigilant when our children are online and using interactive toys and devices, to ensure that they are doing so safely.
There are so many benefits to the availability of such technology and the majority of organisations who produce and manage them do so in a fair and transparent way. It is about balancing the benefits against the occasional intrusion into privacy and ensuring that this is fair and acceptable to the child and the responsible parent.
Our office has the following advice for parents:
- Do an internet search to see whether anyone has raised privacy and security concerns about a toy before you buy it.
- Are you comfortable buying a toy that sends an email to your child or connects to social media accounts?
- When a toy asks for personal information, you don’t have to hand it over. Consider using a fake name, birthdate and address in your child’s profile.
- Don’t include pictures of your child.
- Talk to your children about how to set strong passwords and be aware of fake emails.
- Take a look at where your collected personal data is being stored. If it’s on the toy itself, it’s less of a concern than if it’s on a Bluetooth-connected app or uploaded to the cloud (think third-party server).
- Can you as a parent, control the toy and be involved in its setup and management?
- Consider what kind of information the toy collects during play. It could collect images, voice recognition and location data. Are you comfortable with this?
- Remember any device which connects with the internet presents vulnerabilities which need consideration and managing.