Children make data footprints too: how to protect children’s data through data literacy and an understanding of data rights

Data footprints, we all make them and we leave them all over the online sphere

Yet many of us are unaware of these little digital markers. Nor do we fully consider the negative implications of leaving them in certain environments. From posting our personal information on Instagram to the cookies that are placed on our devices when we surf the web – our online behaviour is continually being captured. This data is used (and sometimes, misused) by companies to create user profiles that inform decisions such as the ads and services we are targeted with or the loans we are considered eligible for. However, growing awareness of data misuse and their impact – real or perceived – appears to be ushering in reforms to legislation and enforcement powers.

For example, China recently announced its new Personal Information Protection Law (PIPL), while the EU has long been a front-runner in adopting a rights-based approach to data processing, as expressed in its General Data Protection Regulation (GDPR). The upshot of this changing landscape is that technology companies are taking notice. Some, like the search engine provider, DuckDuckGo, has sought to make its privacy-protecting practices a source of competitive advantage. It’s fair to say that today this topic is more at the forefront of people’s minds than it has been in the past, but how does this translate when it comes to children’s data protection?

When it comes to tracking and gleaning information from children’s digital footprints the picture is complex. While progress is being made, the focus of a lot of the legislation and regulatory guidelines being developed is narrow. They don’t always address the broad and varied ways that organisations’ – both private and public (especially the latter) – data practices and choices can impact children.

Instead, a lot of legislation and media attention focuses on the risks to children from exposure to inappropriate online content, cyberbullying and excessive screen time. These are important considerations that are worth tackling but they are also limited if you consider the full scale of children’s data footprints. Still, there are some encouraging moves on the legislative front e.g. the ICO’s Age Appropriate Design Code. This statutory code applies to the so-called “information society services”(ISS) providers that offer many of the applications that children use while online.

Another significant challenge is that those closest to children, such as parents and guardians, don’t always have a full grasp of the wide range of places their children’s data footprints are being captured. They are often unaware of which organisations and institutions are tracking these footprints and what decisions are being made about their children based on information collected. This means parents are often ill-equipped to address children’s fears and concerns as identified by Defend Digital Me. It also means they might be unsure of how best to advocate for the children in their care.

A parent or guardian looking to get a handle on these matters will probably have questions such as:

● Beyond their online engagement via social media or gaming platforms, where else might my child or ward be leaving digital footprints?

● How can I help my child or ward be knowledgeable about how their digital footprints might be used, their data rights and give them the confidence to assert these rights?

Let’s take each of these questions in turn.

A good way of addressing this first question might be to briefly consider an example of inappropriate or controversial uses of children’s data.

In 2019, it came to light that gambling companies had been using data from the Learners Record Service (LRS) for verification purposes. The LRS which is operated by a statutory body, the Skills Funding Agency, collects data relating to learners registering for relevant post-14 qualifications such as GCSEs, AS, A2 etc. It contains personal data of tens of millions of people who, as children, passed through state schools in England. According to LRS’ own privacy statement this data should only be used “by organisations specifically linked to … [record holder’s] education and training”. As many as 12,000 organisations had access to LRS in 2019.

This example shows that it’s not just ISS providers like social media and gaming platforms that should be held to account – questions must also be asked of trusted institutions. The excitement around EdTech is legitimate but it is also appropriate to critically assess the adoption of data-centric technologies in schools.

With regards to the second question, data literacy is key to helping children develop a sense of agency and an expectation of autonomy when it comes to their data. Helping children understand, in an age appropriate way, the broader ecosystem in which they are operating is a good place to start. For example, asking questions and having conversations about some of the less visible actors in an online interaction can help them understand the role of advertisers and algorithms in shaping what gets presented to them online. This means expanding conversations beyond important child protection issues like cyberbullying, abuse and exploitation to include other child rights issues such as privacy and freedom of expression.

These might seem like complex topics to discuss with young children but research has shown that kids as young as seven can begin to map abstract concepts like privacy in an online scenario to offline equivalents. In turn, this approach can help parents and guardians avoid setting overly restrictive rules or excessive tracking of their child’s online engagement.

Learning and growing together

Today’s children and youths are true digital natives, born in a world where their life experiences are increasingly shaped by data-centric technologies both on- and offline. It’s never been more important to develop an understanding of the digital forces at play. Parents and guardians can play an important role in guiding them along the way. Fortunately there are a growing number of helpful resources, including Defend Digital Me and 5 Rights Foundation.

Data literacy is important for children but in helping them acquire it, adults might learn a lot too.

About the Author

Ade Adewunmi is Strategy and Advising Manager at Cloudera Fast Forward. Cloudera Fast Forward Labs Research accelerates your data and machine learning initiatives with a research subscription and working prototypes.

Featured image: ©SeventyFourImages