Data protection agencies roll out strategies for safeguarding children’s data

The UK Information Commissioner’s Office (ICO) has released a new strategy for its Children’s code, aimed at protecting the data of minors who use social media and introducing stronger age assurance tools.

“Children’s privacy must not be traded in the chase for profit,” says Information Commissioner John Edwards in a news release outlining the regulator’s priorities for the next year. “How companies design their online services and use children’s personal information have a significant impact on what young people see and experience in the digital world.”

“I’m calling on social media and video-sharing platforms to assess and understand the potential data harms to children on their platforms, and to take steps to mitigate them.”

The Children’s code was introduced in September 2021 to ensure apps, websites, games and other online entities handle childrens’ data in a responsible manner that respects privacy and protects sensitive personal information such as biometrics. Since it came into effect, major social media platforms including Facebook, Instagram and YouTube have made changes to their targeted advertising and age verification policies to accommodate the code.

For users under 18, YouTube has turned off autoplay and added reminders to take a break. Facebook and Instagram began requiring a date of birth for registration and barring accounts that cannot be verified as belonging to an individual older than 13.

The ICO has also collaborated with Ofcom and other regulators to develop “an aligned approach on age assurance.”

The full code and a more complete list of selected achievements can be found here.

Spanish age verification project wins engineering award

Spain’s data protection agency, AEPD, has been recognized for its age verification project. A news release says the General Council of Professional Colleges of Computer Engineering of Spain (CCII) gave the nod to the AEPD in the ‘Public Project’ category of the National Computer Engineering Awards, for “the implementation of a project that allows the protection of a group with greater vulnerability from a series of risks that may be encountered while surfing the Internet.”

AEPD’s work on age verification guidelines, which recently won approval from the European Data Protection Committee, was prompted by the agency’s belief that current age verification systems are ineffective. The agency says unreliable methods include “self-declaration of age, sharing credentials with the content provider, allowing the content provider to estimate the age or relying on so-called trusted third parties.”

The initiative is part of the agency’s overall global strategy for minors, digital health and privacy.

Meta does not want to listen to the FTC

Mark Zuckerbarg’s Meta Platforms, which owns Facebook and Instagram, is trying to stop the Federal Trade Commission from tightening a 2020 privacy settlement that bans the company from profiting from minors’ data, according to a report from Reuters.

Meta’s present indignation is part of a larger debate over whether the company misled (or misleads) parents about protections for children. The company argues that the FTC should not reopen the 2020 case because Meta already paid a $5 billion fine and made changes to its privacy safeguards. They are also standing on transparency, saying they disclosed the privacy bugs in 2019

Their stance comes as no surprise, given that the company sued the FTC in November in what Reuters calls “a broad constitutional challenge against the agency’s ability to be both an investigative body and an adjudicative one.” It also already tried to block the settlement from being reopened with a lawsuit in March. In short, Facebook does not want the FTC looking into its privacy practices.

However, its arguments have so far not convinced the regulator, or the courts, that it can be trusted with minors’ personal information and biometric data. The social media giant lost the March action in the U.S. Court of Appeals for the D.C. Circuit, which ruled that the company could not delay the FTC review, citing strong public interest in Meta’s privacy controls.

Article Topics

AEPD  |  age verification  |  biometrics  |  children  |  data protection  |  FTC  |  Information Commissioner’s Office (ICO)  |  Meta  |  social media