Emily Keaney, ICO Deputy Commissioner (Regulatory Policy), said:
“Children see sharing their personal information online as necessary to avoid social exclusion, our new research has found.
Our Children’s Data Lives research shows that, for many children, their data is the only currency they have and sharing their personal details was often seen to be a necessary exchange to access apps and services to help them make and stay in touch with friends.
Youngsters said they are unaware of how companies collect and use their data and generally trust ‘big companies’. The research found that platform design can exacerbate this lack of understanding, making it difficult for children to make informed decisions about their privacy.
It’s not surprising that children’s longing for acceptance and to fit in the physical world also extends to their digital lives. That’s why we’re working in the background to make the online world a safer place for children to learn, play and connect with others.
We’ve been encouraging companies to improve their children’s privacy practices, including our review of 34 social media and video sharing platforms as part of our Children’s code strategy.
Of those, we specifically asked 11 companies to explain issues relating to default privacy settings, geolocation or age assurance, and to show how their approach conforms with the code, following concerns raised by our review.
While most of them have engaged voluntarily with us as a result, we have issued information notices* to three companies. These notices compel companies Fruitlab, Frog and Imgur to provide us with details on how they approach matters such as geolocation, privacy settings or age assurance. Frog and Imgur have already responded to our notice, and we are considering all the information provided.
We’ll provide further updates on our Children’s code strategy, including what we’ve learned with our call for evidence and ongoing engagement with industry.”
*An information notice is a formal request (under section 142 of the DPA 2018) for a data controller, processor or individual to provide the ICO with information, within a specified time frame, to assist us with our enquiries or investigations. We will issue an information notice when we consider it necessary to do so. Organisations have the right to appeal an information notice.