This article is written by Monisha M & Deepika R, students of Department of Legal Studies, VELS
In today`s world, just like adults, children may be at risk of having their online identity stolen or misused. Children can unwittingly reveal too many personal details online, leaving open to identity theft and also unexplained bills, emails and letters regarding government benefits or tax payment may indicate a stolen identity. It is excellent for children to build relationships and share interests online, but it is essential to talk with them about what could happen if they share too much. Parents should teach the privacy and information they shouldn’t share online and encourage them to think about which friends they communicate with are likely to share with others. This paper identifies the various issues children face online. Reference has also been made to the conclusions from the studies by researchers involving the techniques.
Thus an attempt has been made to give an overview of the children’s online privacy and data protection. The entire system is based on intimate understanding of child protection.
WHAT IS CHILDREN`S ONLINE PRIVACY:
The Children’s Online Privacy Protection Act (COPPA) gives parents control over what information websites can collect from their kids. The COPPA Rule puts additional protections in place and streamlines other procedures that companies covered by the rule need to follow. The COPPA FAQs can help keep your company COPPA compliant. Learn about the COPPA Safe Harbor Program and organisations the FTC has approved to implement safe harbour programs. You can also get information about ways to obtain verifiable parental consent– including new methods the Commission has approved – and seeking approval and the process for seeking support for new courses.
CHILDREN’S ONLINE PRIVACY PROTECTION RULE:
The Children’s Online Privacy Protection Act (COPPA) applies to websites for kids, but it also may apply to sites aimed at general audiences. Read this revised publication to find out when your site is subject to COPPA.
What do the main child privacy laws say?
Here’s a recap on what these main privacy laws means for kids:
COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age. On operators of other websites or online services with actual knowledge that they are collecting personal information online from a child under 13 years of age.
GDPR applies to both children and adults alike and includes certain child-specific clauses that aim to protect children’s data. Children merit additional protections because they are less likely to be familiar with the risks, consequences and safeguards regarding their personal and public data. The GDPR has a non-standardized definition of a child, with the default age set to those 16 years old and below. Member States are permitted to lower the age cap to define children in the GDPR, but to no younger than 13 years old. This is an option nearly half the Member States have exercised.
CPRA determined that companies collecting personally identifiable information of consumers must clearly and transparently inform them when they employ automated decision-making technology. The CPRA beefs up punishments for breaches involving children’s data. Any administrative fines are three times as much for kids’ PII. Additionally, the law also will affect how consent is managed and obtained by regulated companies, allowing parents to have more control over the personal information of their children.”
Children’s online privacy must be protected, but not all are equally vulnerable on internet:
The Personal Data Protection Bill, 2019, which is likely to be tabled during the budget session next year, is currently being examined by the Joint Parliamentary Committee. The proposed legislation aims to protect children’s personal and sensitive data by specifying the age of consent below which strict processing conditions kick in. The provision is much needed because it ensures that children’s inability to understand the risks on the internet does not make them vulnerable to exploitation. But given the dynamic nature of the world wide web, implementing these provisions might be a challenge.
The Personal Data Protection (PDP) Bill, 2019 classifies any person below 18 as a child. Their data cannot be processed without the consent of parents or a guardian and the verification of the child’s age. The Srikrishna Committee, which conceptualised the Bill, explained that 18 was chosen to ensure consistency with other domestic laws. It agreed that the cut-off age may be too high and may need to be revised, keeping in mind a child’s development. In contrast to India’s approach, the United State’s Children’s Online Privacy Protection Act has capped the age of consent at 13, and verifiable parental consent is needed only for younger people. Europe’s General Data Protection Regulation suggests a range between 13 and 16 years.
Need to factor in different maturity levels of children
The PDP Bill, 2019, does not distinguish between a 17-year-old and a 13-year-old. It prescribes the same rules for different age groups, and no child under the age of 18 has the right to consent to process their data. Such blanket restrictions could deprive children of meaningfully using the internet. We live in a time where information awareness has fastened the pace of mental growth in children, who now demonstrate the capability to become stakeholders in society building and can guide policymaking. Greta Thunberg, the 17-year-old Swedish environmental activist who uses social media to raise awareness about climate change, is a prominent example of this phenomenon. There are others like the late Aaron Swartz, a computer programmer and internet freedom activist. At the age of 14, exhibited a deep understanding of the internet and issues related to its access. The absence of a graded approach to consent may prompt service providers to take a risk-averse approach by simply excluding children from accessing internet-based services.
In contrast, threshold-based, content-related provisions, which factor in the maturity levels of children of different age groups, can avoid creating impediments in their internet engagement. At the same time, a child’s access to specific online activities could be preconditioned on parental consent. The graded approach to immaturity can be seen in India’s Juvenile Justice Act, 2000, distinguishing 16-18-year-olds as adults. The law factors in their mental and physical capacity to commit an offence, the ability to understand the consequences of the crime, and the circumstance in which it was saved. This is at variance with the Shri Krishna Committee’s rationale of keeping the age at 18.
USING AND RETAINING CHILDREN’S PERSONAL DATA
Personal data collected from children should be treated in a fair, lawful manner and processed in accordance with well-established data protection principles. Collecting children’s data should be limited to what is necessary for the use and delivery of websites, platforms, products, services or applications, and children’s personal data should not be used for purposes outside their consent or knowledge. In this context, the processing of children’s personal data for marketing raises concerns. It can be challenging for children to understand how their data are processed and shared for monetisation. For this reason, companies bear an even greater responsibility to assist children in understanding and exercising their data protection rights. Limiting the collection, processing and retention of children’s personal data can also help to prevent loss, theft and misuse, and these data should be accorded the highest organisational and technical protection. Any personal data collected from or about children be accurate and up to date, and children must have the right to correct or request the deletion of their data.
ENSURING CHILDREN’S ACCESS TO INFORMATION
While children have the right to be protected from online violence and discrimination, these rights must be balanced with consideration of their rights to freedom of expression and access to information in the digital world, mainly through online platforms and services. For instance, filtering and removing illegal or harmful content can help to protect children online but should not infringe on children’s rights to share their views or access beneficial information. Similarly, blocking and monitoring tools can help empower parents or guardians to guide children in safely exploring the Internet, but should bear in mind children’s growing autonomy to exercise their expression and information rights. Generally, efforts should be made to provide beneficial information and content online in a manner that is accessible to children with regard to their evolving capacities.
EDUCATING AND INFORMING CHILDREN ONLINE
Navigating the online environment can be incredibly challenging for children, who often do not understand the commercial nature of the Internet. As it is increasingly difficult for children to grasp how their data are being collected, processed, shared and monetised online, it is ever more critical that children are educated and informed about managing their privacy. Similarly, given children’s developing levels of digital literacy, online commercial content must be adequately identified as such. Children should be equipped with the information and skills necessary to enjoy their privacy, protect their reputation and exercise their freedom of expression online.
CHILDREN’S ONLINE PRIVACY AND DATA PROTECTION IDEAS:
1: DETERMINE IF YOUR COMPANY IS A WEBSITE OR ONLINE SERVICE THAT COLLECTS PERSONAL INFORMATION FROM KIDS UNDER 13.
3: NOTIFY PARENTS DIRECTLY ABOUT YOUR INFORMATION PRACTICES BEFORE COLLECTING PERSONAL INFORMATION FROM THEIR KIDS.
4: GET PARENTS’ VERIFIABLE CONSENT BEFORE COLLECTING PERSONAL INFORMATION FROM THEIR KIDS.
5: HONOR PARENTS’ ONGOING RIGHTS WITH RESPECT TO PERSONAL INFORMATION COLLECTED FROM THEIR KIDS.
6: IMPLEMENT REASONABLE PROCEDURES TO PROTECT THE SECURITY OF KIDS’ PERSONAL INFORMATION.
The rise of online internet activities in modern times has brought many threats to children’s online privacy. In the absence of stringent legal provisions, the protection of such rights of children seems a daylight dream. However, after the increase in online crimes like cyberbullying, phishing, stalking, and data breaches, the government became a little anxious. It tabled a data protection bill for the protection of the right to the online privacy of the individual, The provisions for the children’s online right was put under part IV of the Act having only one section. If bills seem too short to occupy the proper provisions for children’s online privacy protection, the government should have framed separate fully-fledged bills like COPPA and CPCPI.