IP East - Children and the digital age
A minor as the end user of a service is never easy to address. In contractual terms the age of capacity (for England and Wales) is 18 years old and despite putting in place terms and conditions, the general rule is that a minor can void a contract at will. This benefit is one way though; the minor can enforce most contracts.
Technology and minors is less straight forward. Children are avid users of apps and social media, many of which are aimed specifically at children. Those apps and sites all, to a greater or lesser extent, obtain and process personal data of varying degrees of sensitivity.
The question for data handlers is when to obtain consent and from whom. In the UK there are currently no legislative boundaries; instead businesses have ‘guidance’ and ‘best practices’ from various organisations and bodies, including the Information Commissioner’s Office (ICO).
When is parental consent required?
Current ICO guidance states that parental consent would normally be required before collecting data from children under 12.
The guidance / best practice commentary also suggests an organisation may want to ‘assess’ what personal data is being obtained and consider whether parental consent should still be obtained even in respect of minors over the age of 12.
While the UK has a ‘best practice guidance’ approach, organisations need to be conscious of the ‘reach’ of their service. In the US these matters are legislated and the age at which a minor can give consent is currently 13, below that parental consent will always be needed.
How to obtain parental consent
The ICO guidance for children under 12 is that, if the information is low risk and minimal, a tick box for the child confirming that parental permission has been granted with a follow-up email to the parent may be sufficient. If the information is of a more sensitive nature, such as the publishing of a photograph, then it may be necessary to get a signed consent form / email acknowledgement.
Where the minor is over 12 the logistical difficulty of obtaining consent is obvious; the possibility for provision of false information is high, the chances that a child is likely to discuss with their parent the issue of consent low and verifying consent would be difficult and time consuming. In real terms it seems that few, if any, take this step for “older minors”.
Social networking services
The Home Office Task Force for Child Protection on the Internet suggests that providers of social networking services (SNS) and user interactive services should put in place procedures to deny access to users who declare they are under 13. The threshold of 13 is primarily as a result of US legislation.
As is clear from above, this area is fraught with potential difficulties and whilst the ICO and other task force guidance / best practice might be “ideal” it is not necessarily practical or in line with the realities of SNS and app use.
Many organisations, even those based in the UK, choose to tie in with the age set by US legislation and to deny access to those under that age. This is a practical step to address the fact that use may go beyond the territory in which they are based but also to adopt a reasonable age over and above which the issues of parental consent are less likely to be material.
There are a number of other ways in which an organisation can help itself.
- Adopt an active and fast complaint resolution service
- So far as is practical, actively monitor content to remove items that are inappropriate
- Consider the wording that is being used to explain the obtaining and use of personal data, as the language needs to be of a level which can be properly understood by all relevant target groups (including minors).
The scope of the internet means there will always be risks in processing data that may have been submitted by minors. Obtaining parental consent is fraught with practical difficulties. Most service providers deal with the issue by adopting a prudent minimum age for use, coupled with clear terms and conditions, a rapid response to complaints and their own internal monitoring.
The content of this article is for general information only. For further information regarding children and the digital age, please contact Maria Peyman
. Law covered as at April 2016.