LSE - Small Logo
LSE - Small Logo

Sonia Livingstone

August 14th, 2017

Children’s privacy rights are prominent in the Data Protection Bill but there’s many a slip…

4 comments

Estimated reading time: 5 minutes

Sonia Livingstone

August 14th, 2017

Children’s privacy rights are prominent in the Data Protection Bill but there’s many a slip…

4 comments

Estimated reading time: 5 minutes

Last week, the UK government announced its plans for a new Data Protection Bill that would give people “more control over their personal data” and enable them to be be “better protected in the digital age.” LSE’s Sonia Livingstone looks the implications of the Bill for child rights and highlights areas that might need more work. 

Unexpectedly for many interested observers, in these slow days of summer, the government has suddenly announced its statement of intent regarding the Data Protection Bill that will bring the European General Data Protection Regulation into UK law by next year. As my colleague Orla Lynskey observes, this welcome extension of UK citizens’ rights is, from the UK’s point of view, little more than a re-branding exercise for the already-agreed European regulation with, she adds, some “lamentable” and “glaring” UK mistakes thrown in for good measure.

But for those of us concerned with child rights, it is even more welcome that the statement of intent includes 23 mentions of the word “child.” Anyone following our series of posts on this blog, extending the insights from our GDPR Expert Roundtable last October, will know that we’ve been calling for a process that involves public consultation, rigorous evidence, and includes the views of children (as is their right).

Someone glancing through the long list of organisations that responded to the (opaquely named and easily missed) “Call for views on the General Data Protection Regulation derogations will be perhaps partially reassured at the range of views available to the government, although remarkably few of them represent children (or, indeed, parents). It is unclear though whether any of them submitted, or are even aware of, relevant evidence concerning children’s ability to consent to providing their personal data on private (or public) online information services (though I sent in mine and I’m sure the Children’s Commissioner for England sent in hers, as I’m assuming did Young Scot).

Expectations are running high – there’s a discussion paper just out from UNICEF on business responsibilities for children’s privacy rights in a digital world; a Council of Europe consultation ongoing for member states to promote, protect and fulfil children’s rights in the digital environment; the recent House of Lords report on growing up with the internet reviewing the evidence that privacy-by-design is now urgent; a current class-action lawsuit against Disney for exploiting kids’ personal data without parental consent; and more.

So do those 23 mentions in the government’s Statement of Intent cut the mustard?

  • 13 not 16 as the age of consent: see the claim that this “will require parents or guardians to give consent to information services where a child is under the age of 13.” No surprises there, no change from present practice, and certainly this is good for teenagers’ participation in the digital world. But since Ofcom’s evidence shows that fewer than half of 12-15 year olds can identify an online sponsored result, let alone understand how companies exploit their personal data, this surely must be accompanied by a significant increase in media education, as well as better privacy-by-design.
    • Perhaps 13 was chosen because, as John Carr has noted, once Ireland – where the big social media companies are based – decided on age 13, the UK’s decision was all-but irrelevant. Incidentally if it were really the case that “Child online safety is one of the top priorities for this government” then 16 would have been a better age – if kids couldn’t go online without parental permission till they were 16, I’d guess that much cyberbullying, sexting and other online trouble would be eliminated among teens.
    • But of course this is to beg the crucial question about under-age use. Here the Statement is inadequate, noting weakly that “We expect responsible websites to have minimum age rules and policies to ensure that children are not exposed to inappropriate content.” We’ve always expected them to be responsible, but what’s going to change? Facebook blames parents for the fact that it is used by 55% of the 26% of 8-11 year olds with a social media account and even more 12 year olds, and Instagram doesn’t even ask (presumably hoping that if they don’t ask, it’s not their problem).

 

  • Media education will be vital. Whatever the government’s reasons, and whatever one’s expectations of social media and other online providers (and, indeed, the Information Commissioner’s Office, which is already backing away from fining companies), the importance of education remains considerable. The Statement says: “Through our work on online safety, the government aims to give children the tools they need to maximise these opportunities, including through education and awareness, to build their digital literacy skills, and stay safe online.” Great. But we’ve said this since 2009 when the UK Council for Child Internet Safety was formed (and before). So, have we made progress? Hard to say, especially since the complexity of what children need to know – think of the Internet of Things, robots, AI, VR, algorithmic processing and more – is surely outpacing teaching training.

 

  • The right to be forgotten is strongest for children, including once they’ve grown up: “a post on social media made as a child would normally be deleted upon request.” Good idea, but we’re all waiting to see how that is going to be practical. What kids know already is that once their posts have been screen-shot and shared, there’s little to be done.

 

  • The right to know looks set to be interesting – “privacy notices – which set out how an organisation plans to use the personal data it collects – [must] be in a format which children can understand” (which is far from easy).

 

  • That’s all, folks. Nothing to answer the many legal and regulatory queries raised in a recent EC Better Internet for Kids expert meeting regarding, for instance, the legitimacy of data profiling of children, protections for children aged 13-17, what constitutes an ‘information society service’ ‘directly offered to a child’, other legitimate grounds for processing a child’s data other than consent, etc.

Next is for Parliament to debate the Bill, with the first reading in September and presumably much lobbying and argumentation to follow. Let’s hope that in the headline-grabbing struggles to regulate ill-prepared businesses, children’s right to privacy is not overlooked. Let’s hope, too, that everyone who cares about children’s rights in the digital environment now gets involved.

This post gives the views of the author and does not represent the position of the LSE Media Policy Project blog, nor of the London School of Economics and Political Science.

About the author

Sonia Livingstone

Sonia Livingstone OBE is Professor of Social Psychology in the Department of Media and Communications at LSE. Taking a comparative, critical and contextual approach, her research examines how the changing conditions of mediation are reshaping everyday practices and possibilities for action. She has published twenty books on media audiences, media literacy and media regulation, with a particular focus on the opportunities and risks of digital media use in the everyday lives of children and young people. Her most recent book is The class: living and learning in the digital age (2016, with Julian Sefton-Green). Sonia has advised the UK government, European Commission, European Parliament, Council of Europe and other national and international organisations on children’s rights, risks and safety in the digital age. She was awarded the title of Officer of the Order of the British Empire (OBE) in 2014 'for services to children and child internet safety.' Sonia Livingstone is a fellow of the Academy of Social Sciences, the British Psychological Society, the Royal Society for the Arts and fellow and past President of the International Communication Association (ICA). She has been visiting professor at the Universities of Bergen, Copenhagen, Harvard, Illinois, Milan, Oslo, Paris II, Pennsylvania, and Stockholm, and is on the editorial board of several leading journals. She is on the Executive Board of the UK Council for Child Internet Safety, is a member of the Internet Watch Foundation’s Ethics Committee, is an Expert Advisor to the Council of Europe, and was recently Special Advisor to the House of Lords’ Select Committee on Communications, among other roles. Sonia has received many awards and honours, including honorary doctorates from the University of Montreal, Université Panthéon Assas, the Erasmus University of Rotterdam, the University of the Basque Country, and the University of Copenhagen. She is currently leading the project Global Kids Online (with UNICEF Office of Research-Innocenti and EU Kids Online), researching children’s understanding of digital privacy (funded by the Information Commissioner’s Office) and writing a book with Alicia Blum-Ross called ‘Parenting for a Digital Future (Oxford University Press), among other research, impact and writing projects. Sonia is chairing LSE’s Truth, Trust and Technology Commission in 2017-2018, and participates in the European Commission-funded research networks, DigiLitEY and MakEY. She runs a blog called www.parenting.digital and contributes to the LSE’s Media Policy Project blog. Follow her on Twitter @Livingstone_S

Posted In: Children and the Media | Data Protection | LSE Media Policy Project | Privacy

4 Comments