It is generally accepted that more protections are necessary for children and their data when they access online content and services. The past year has seen the wheels of law and regulation rapidly turning in response to this need.
In April of this year, the government published its Online Harms White Paper, setting out proposals for a package of legislative and non-legislative measures to keep UK users, especially children and vulnerable groups, safe online. This initiative has coincided with a separate Call for Views issued by the Information Commissioner on a draft statutory Age Appropriate Design Code of Practice (Code). The draft Code sets the standards for how website and app providers collect and use children's data in compliance with the Data Protection Act 2018 (DPA18). The ICO is currently reviewing the responses to the Call for Views and the Code is expected to be presented to the Secretary of State by 23 November. There will will be a one year compliance holiday after it comes into force (see our article for more).
Tighter regulation of online service providers is only a part of the broader picture when it comes to safeguarding children. Parents are clearly on the frontline and while technology creates some of the challenges they face, technology tools are now equally seen as part of the solution by supporting parents in managing their child's safety.
Arguably this process starts from birth where devices like baby monitors are invaluable for parents, providing the comfort of continued observation and monitoring from a distance. Technology developments have also led to use of cot cameras and sensors that monitor a baby's temperature and breathing.
The use of technology to support responsible parenting becomes even more important as a child grows and starts to show an interest in online sites, apps and games. Many parents aim to control what their child can access, to have visibility over what their child is doing online and to control who they interact with. Software tools have a part to play in helping parents, including by the application of parental filters, creating curated walled gardens of content and through family managed accounts, providing transparency for the parent and child.
Tools also exist to enable parents to track their child's location when they are out of the house. Apps on a child's phone can continually share the child's location back to their parents. Tools can also be used to geo-fence a permitted zone of movement for their child outside of the home or school and where any travel by the child beyond this pre-determined ring fence means the parent is automatically notified. Location tracking is also available by way of bracelets worn by a child or through Radio Frequency Identification (RFID) tags embedded in their clothing.
Tracking your kids in this way can seem like a great idea when they are just starting to do things without you, but at some point, they are likely to start to assert their independence and become more secretive about what they are doing. Some parents turn to tools that offer stealth tracking software at this point. These tools embedded in their child's devices may covertly track their child's location, their social media or other online activity, or they may even capture key logging strokes or audio recordings in order to read what is being typed or hear what is being said.
As we understand more about the range of potential options it becomes clearer that simply because such tools exist, does not mean their use is necessarily appropriate. Clearly there is a balance to be struck between technology as a tool to assist with responsible parenting and safeguarding and using technology as a form of disproportionate and intrusive parental control. In the latter case intrusive surveillance arguably becomes part of the wider problem of protecting children's data and privacy, in particular, where the surveillance takes no account of the ability of the child to make responsible choices for themselves.
The DPA18 stops short of applying to the processing of personal data in the course of purely personal or household activities but it is relevant where the processing of personal data in a domestic context involves processing the personal data of others, such as the use of covert 'nanny cams', the inappropriate siting of CCTV cameras or the use of data captured from a child's device to infer information about others, for example, fellow pupils or teachers.
It is also worth noting the United Nations Convention on the rights of Children and in particular Article 16 which states:
"1. No child shall be subjected to arbitrary or unlawful interference with his or her privacy, family, or correspondence, nor to unlawful attacks on his or her honour and reputation.
2. The child has the right to the protection of the law against such interference or attacks."
The Convention right is clearly relevant to safeguarding children online yet may be equally important in preventing unwarranted intrusion in private life from within the family.
Some may argue that any excessive use of surveillance technology by parents is only a response to the limited nature of current legal and regulatory online controls and safeguards for children (which the Online Harms White Paper and IC Code initiatives are seeking in part to address). Notwithstanding this point, there remains the risk that any unwarranted use of surveillance technologies within a family may, over time, encourage children to accept this level of surveillance as normal, creating a cycle of behaviour and expectations that a child takes with them into adulthood which may ultimately undermine the effectiveness of any legal or regulatory protections.