Responsible management of data concerning minors

Fecha de la noticia: 28-10-2020

Privacida datos niños

Young people have consolidated in recent years as the most connected demographic group in the world and are now also the most relevant actors in the new digital economy. One in three internet users across the planet is a child. Furthermore, this trend has been accelerating even more in the current context of health emergencies, in which young people have exponentially increased the time they spend online while being much more active and sharing much more information on social networks. A clear example of the consequences of this incremental use is the need of online teaching, where new challenges are posed in terms of student privacy, while we already know of some initial cases related to problems in the management of fairly worrying data.

On the other hand, young people are more concerned about their privacy than we might initially think. However, they recognise that they have many problems in understanding how and for what purpose the various online services and tools collect and reuse their personal information.

For all these reasons, although in general legislation related to online privacy is still developing throughout the world, there are already several governments that now recognise that children - and minors in general - require special treatment with regard to the privacy of their data as a particularly vulnerable group in the digital context.

Therefore, minors already have a degree of special protection in some of the legislative frameworks of reference in terms of privacy at a global level, as the European (GDPR) or US (COPPA) regulations. For example, both set limits on the general age of legal consent for the processing of personal data (16 years in the GDPR and 13 years in COPPA), as well as providing additional protection measures such as requiring parental consent, limiting the scope of use of such data or using simpler language in the information provided about privacy.

However, the degree of protection we offer children and young people in the online world is not yet comparable to the protection they have in the offline world, and we must therefore continue to make progress in creating safe online spaces that have strong privacy measures and specific features so that minors can feel safe and be truly protected - in addition to continuing to educate both young people and their guardians in good practice in terms of managing personal data.

The Responsible Management of Children's Data (RD4C) initiative, promoted by UNICEF and The GovLab, was born with this objective in mind. The aim of this initiative is to raise awareness of the need to pay special attention to data activities involving children, helping us to better understand the potential risks and improve practices around data collection and analysis in order to mitigate them. To this end, they propose a number of principles that we should follow in the handling of such data:

  • Participatory processes: Involving and informing people and groups affected by the use of data for and about children
  • Responsibility and accountability: Establishing institutional processes, roles and responsibilities for data processing.
  • People-centred: Prioritising the needs and expectations of children and young people, their guardians and their social circles.
  • Damage prevention: Assessing potential risks in advance during the stages of the data lifecycle, including collection, storage, preparation, sharing, analysis and use.
  • Proportional: Adjusting the extent of data collection and the length of data retention to the purpose initially intended.
  • Protection of children's rights: Recognizing the different rights and requirements needed to help children develop to their full potential.
  • Purpose-driven: specifying what the data is needed for and how its use can potentially benefit children's lives.

Some governments have also begun to go a step further and favour a higher degree of protection for minors by developing their own guidelines aimed at improving the design of online services. A good example is the code of conduct developed by the UK which - similarly to the R4DC - also calls for the best interests of children themselves, but also introduces a number of service design patterns that include recommendations such as the inclusion of parental controls, limitations on the collection of personal data or restrictions on the use of misleading design patterns that encourage data sharing. Another good example is the technical note published by the Spanish Data Protection Agency (AEPD) for the protection of children on the Internet, which provides detailed recommendations to facilitate parental control in access to online services and applications.

At datos.gob.es, we also want to contribute to the responsible use of data affecting young people, and we also believe in participatory processes. That is why we have included data security and/or privacy issues in the field of education as one of the challenges to be resolved in the next Aporta Challenge. We hope that you will be encouraged to participate and send us all your ideas in this and other areas related to digital education before 18 November.

Content prepared by Carlos Iglesias, Open data Researcher and consultan, World Wide Web Foundation.

Contents and points of view expressed in this publication are the exclusive responsibility of its author.