Three-D Issue 31: Data protection as the means to children’s rights online

Children’s rights online are finally getting traction. While the struggle to protect children online is as old as the internet itself, with a trail of only modest wins along the way, it is children as rights-holders, as agents rather than victims in the digital age, whose claims are finally being heard.

A crucial development in 2018 was the Council of Europe’s adoption of a new Recommendation CM/Rec(2018)7 of the Committee of Ministers to member States on Guidelines to respect, protect and fulfil the rights of the child in the digital environment. Informing this was social science evidence that digital technologies are increasingly important for children’s education, socialisation, expression and inclusion, although also linked to risks of violence, exploitation and abuse.

In a brave new world where human rights in society generally are threatened by the rapid rise and extraordinary power of dominant global platforms, children are the canaries in the coal mine. Their pioneering enthusiasm positions them as the early warning system of problems for everyone, although until recently, the multiple infringements of their rights to provision, protection and participation have been little heard except by anxious parents and panicky media headlines.

Now the 47 Council of Europe member states are faced with the daunting task of ensuring that – as is often said but less often implemented – rights offline also apply online. As the UN Convention on the Rights of the Child (CRC, 1989) makes clear, fundamental rights should not be ranked, and they are cross-cutting.

But recently, one right in particular has come to the fore: privacy. Article 16 CRC states that

‘No children shall be subjected to arbitrary or unlawful interference with his or her privacy, family, or correspondence, nor to unlawful attacks on his or her honour and reputation.’

What many child rights advocates didn’t anticipate is that, in the digital age, data protection regulation would be crucial in protecting children’s privacy. Nor did they realise until recently that data mediates children’s rights to expression, information and assembly to protection from discrimination and abuse, so that that data protection has consequences (not all of them beneficial) for children’s rights across the board.

In incorporating the European General Data Protection into national law, the UK’s Data Protection Act 2018 took a further step. Section 123 mandates an age-appropriate code of practice for online service providers to ensure “children” are neither treated de facto as adults nor lumped together as a homogenous category. As befits their CRC rights to be treated according to their “evolving capacity” and “best interests,” the Information Commissioner’s Office recently consulted on how digital players should adjust their treatment of children according to age, needs and media literacy, given evidence about whether and how far children of different ages can keep up with and adjust themselves to the (often opaque and agency-denying) demands of the digital environment. With the outcome due soon, efforts to implement children’s rights may bring lessons for the wider public.

For the relevant evidence, see https://ico.org.uk/media/2553818/academics-ii.pdf

Posted by Einar Thorsen