Born to be filed?

I visited the University of Nottingham in the UK last week to discuss and plan a future Privacy Laws & Business event in London. How to balance young people securing their data rights while establishing their identity, exploring the wider world and developing healthy relationships? How can companies transition from being seen as part of the problem to being actively and effectively involved in seeking solutions? Regulation and self-interest could both play a role. Contact me if you want to join or support this initiative.

The idea for a one-day event developed out of a session at PL&B’s Cambridge Conference(1). Many Data Protection Authorities claim protecting young people’s privacy as one of their top priorities. But how best to achieve this worthwhile aim?

Age: Many sites intended for young people set their age policies at the US Children’s Online Protection Act threshold of 13 which makes little sense when maturity comes in stages. Some countries, such as Hungary and the Netherlands, have set a threshold of 16. Lesson plans, published by Ontario’s Information and Privacy Commissioner(2) in Canada, provide materials for four different age groups.

Harm: There are online services, such as violent material, pornography, alcohol and drugs which many people agree are harmful and so should not be accessible to children. But there is no consensus on what constitutes “harm” or “online harm.” Views on what causes harm undoubtedly diverge in different cultures for advertising directed to older teens of 16 or 17. Age verification techniques are improving but there will always be a margin of error, and many young people easily defeat this protection.

Parental consent is attractive in theory but what if the two parents disagree on what is right for the same child? What if they change their minds? How can the law address what should happen when older teens want to pursue a subject with which their parents disagree for cultural or religious reasons? As children mature, they should develop their sense of agency and identity. They cannot be let loose on the Internet at the age of 18 and be expected to thrive.

The digital age of consent: Ireland’s Data Protection Commission states clearly: “Regardless of the age of the child, it is important for adults to realise that any personal data which relates to their child, is and remains, the personal data of their child. It does not belong to anyone else, such as a parent/guardian and parents/guardians do not have an automatic entitlement to that personal data. Within the specific context of the online environment …. the digital age of consent is 16 years and any processing of children’s personal data below the age of 16 years is only lawful with the consent of a parent/guardian.”(3)

Striking a balance: France’s CNIL has published eight recommendations to enhance the protection of children online recognising the need to strike a balance between autonomy and protection of children.(4)

Enforcement: John Edwards, the UK’s Information Commissioner has declared his 2024-2025 priorities for protecting children’s data: “Children’s privacy must not be traded in the chase for profit. How companies design their online services and use children’s personal information have a significant impact on what young people see and experience in the digital world.”(5) The new Children’s code strategy covers social media and video-sharing platforms. The ICO will continue to enforce the law and drive conformance with the code by industry.

Targeted advertising incentivizes engagement: The US Federal Trade Commission issued a report in September A look behind the screens: Examining the Data Practices of Social Media and Video Streaming Services. It declares: “The more time Children and Teens spend online, the more likely they are to have their information collected and see ads. … Companies reported studying and analysing User Engagement to serve content …. As digital media consumption increases, Children and Teens see more advertising and marketing messages. … Children and Teens may be lured through these ads into making purchases or handing over personal information and other data via dark patterns.”(6)

How can companies be part of the solution?

The big tech companies with huge resources note the perception that they are part of the problem and wish to be seen to be part of the solution - more protective of teens, as shown by Meta’s Instagram. The rollout of this programme will first be in the US, UK, Canada and Australia. The company’s FAQs address valid questions, such as:

  • How are you ensuring teens don’t lie about their age?
  • Can teens opt out of these protections?
  • Will parents be able to read their teen’s messages through this feature?

TikTok states “those accounts registered to teens ... 13-15 experience TikTok differently to those aged 16-17.”(7) With a Privacy Policy of 6,443 words, I expect that there are not many teens, parents or adult users who have read it, although readers are helpfully directed to related, shorter documents.

Companies in many countries are likely to see increased public, shareholder and regulator awareness, and consequent pressure against constant monetising of people’s data. These companies have the resources to adapt their business models so should better explain how they are using personal data. They will then continue to flourish, safeguard their reputations and provide services which people of all ages want.

A factor which limits such pressure is that online marketing continues to attract an ever increasing proportion of advertising revenue so, in many ways, more and more companies are drawn into this eco-system based on knowing individual’s preferences.

Regulation and self-interest could both play a role. Is a whole generation born to be filed?

Contact me if you want to join us in planning this PL&B event in the first half of next year on young people’s data and the law.

Regards

Stewart Dresner
Publisher, Privacy Laws & Business

REFERENCES
  1. Conference Highlights - videos 11 to 13
  2. IPC Ontario - Privacy Pursuit! Lesson Plans
  3. Ireland DPC - Children, Parents and Data Protection: Can I make a complaint on behalf of my child?
  4. CNIL - 8 recommendations to enhance the protection of children online
  5. ICO - Priorities to protect children's privacy online
  6. Federal Trade Commission - A Look Behind the Screens: Examining the Data Practices of Social Media and Video Streaming Services
  7. TikTok - Teen privacy and safety settings

October 2024

News & Blogs

October 2024 Report Contents

Next