Social media and video-sharing platforms need to make children's privacy online their priority, urged the UK's data protection body.
The Information Commissioner’s Office (ICO) has set out its strategy for the upcoming year to help service providers better address potential privacy and security risks for children across their platforms. This focuses on default privacy settings, geolocation data, targeted ads, recommender algorithms, and parental consent for children under 13.
As part of its Children's Code of Practice initiative launched in 2021, the ICO has also pledged its commitment to cooperate with other UK and international regulators to boost kids' data protection standards globally.
How the UK plans to protect children's privacy
"Children’s privacy must not be traded in the chase for profit," said John Edwards, UK Information Commissioner, in an official announcement. "How companies design their online services and use children’s personal information have a significant impact on what young people see and experience in the digital world."
It isn't enough, in fact, for parents to protect their kids' digital lives with VPN services and other security software. Even when parental controls are active, children can still be exposed to serious data harm or other threats by simply accessing a social media or video-sharing app.
For instance, these platforms are infamous for heavily tracking users' location data. This can expose everyone, but even more so the youngest, to real physical threats.
How algorithms use behavioral profiling and children’s search results to feed them content can also be problematic on different levels. On one side, this can facilitate harmful content to reach kids. On top of that, according to ICO, the design of these "recommender systems" can also encourage children to spend more time on the platform and/or share more personal information with the provider.
These, alongside the risk of targeted advertisement, are the main concerns of the UK's data protection regulator which now recommends turning off these options by default on children's accounts. ICO also seeks to change the rules on how these services gain consent to use children's personal information. Parental consent will be required for account holders under the age of 13.
"I’m calling on social media and video-sharing platforms to assess and understand the potential data harms to children on their platforms, and to take steps to mitigate them," said John Edwards.
🆕 We’re calling on social media and video sharing platforms to improve their data protection practices to keep children safer when using their services. Our new strategy sets out the priority areas we want them to focus on in the coming year 👇 https://t.co/lGueGXSFOI pic.twitter.com/4GenU0Gvx8April 3, 2024
The ICO's efforts to improve children's privacy online don't stop in the UK, either.
The data protection body is committed to cooperating further with organizations in and out of the country to raise the global data protection standards for kids.
In this context, Edwards is meeting this week with international regulators and online services to "encourage stronger digital protections for children." He attended the IAPP Global Privacy Summit 2024 in Washington DC to explore children's digital harms linked to artificial intelligence and advertising technology. He's then traveling to Seattle and San Francisco to meet with big tech companies and push for the ICO's priorities to be met by 2025.
He said: "Children’s privacy is a global concern, and businesses around the world need to take steps to ensure children’s personal information is used appropriately so it doesn’t leave them exposed to online harms."