Children represent about 41% of India’s population and the pandemic has exposed them to a digital age far more than the earlier norms. Therefore, it becomes a pertinent question to ask how safe our children are in the cyberspace while creating their digital footprints, where digital presence is no more a mere luxury but a need of society.
Every moment we spend on the internet, be it social media or research on the search engine, we influence the database. Hence, it becomes a matter of utmost importance for the stakeholders, be it parents, guardian, teachers, or gatekeepers of privacy, to understand the volume of the personal data and the digital footprints that we leave across.
COVID-19 and Increased Presence of Children on the Internet
Since COVID 19, children form a significant part of a population connected to the internet through various gadgets, be it for schools or other purposes. When children are using several devices based on the “Internet of Things”, there is something about childhood that ought to be protected and exposing them in suitable measures. A simple example could be when we teach our kids how to ride a bike; we just don’t teach them how to paddle and push the breaks; we also teach them the limitations of riding a bike on when and where and how they can ride.
Parents are supposed to protect children’s interests, but, often, parents are incapable of saving their own data and digital privacy.
The relevance of children’s privacy has been further substantiated through scholarly research establishing how the notion of privacy amongst parents and how they perceive their children has changed dramatically in the last decade.
Children are now independent data subjects on their own who are connected to multiple devices and generate their digital data through the webserver. They have their own unique digital identity; they have their rights, interest, and preferences. This needs to be considered while laying down the rules for data protection.
Loopholes in Policies Aimed at Protecting Children
Current privacy laws globally do not adequately represent children’s data protection rights separately, and many countries don’t consider them. Kids of seven years old are now prone to more privacy abuse with the IoT toys, gadgets etc. We may have a monitoring or consent mechanism, but nothing has been proved to be airtight. Children are more vulnerable because they have a significantly lesser understanding of how algorithms can affect them.
UN Convention on the Right of the Child was passed in the year 1989. Article 16 of the convention protects the child's rights; they define child as someone under the age of 18. However, domestic legal systems worldwide do not form a consensus on one single definition while determining who a ‘child’ is.
For different purposes, the definition of ‘child’ can differ, say, for driving license, for work, for taxation, and they can be different in different countries.
Similarly, the Personal Data Protection Bill, 2019 in India does not distinguish between children of various age brackets and lays down one single blanket provision at multiple points. Not only this, social media giants allow a kid of 13 years to create a digital profile and consent to the “community guidelines” rules of platforms while leaving out the children’s right to consent for processing the data.
Assessing the children’s psychological growth in the digital arena with decades-old customary norms leaves us with false results of how society progresses in the digital age. One of the examples of Greta Thunberg’s social media awareness campaign on climate change at the age of seventeen years is an example of how children’s maturity and mental growth can no longer be evaluated on a customary scale of our perceived libra balance.
How Other Countries Are Dealing With Children’s Privacy Issues
In General Data Protection Rules by European Union, several recitals empower us to deal with issues related to children. When we speak about data collection, consent is not the only article for a lawful basis; another point is a legitimate interest. We have to balance the child's right and not the rights of parents who may not be in a position to communicate or understand the rights.
Earlier this year, fines were issued to schools in Iceland when a school’s management learning software exposed the personal data of 400 children. Similarly, in a Swedish case, the legitimacy of the school’s attendance software platform was challenged. Data protection authorities reiterated that though attendance is a legitimate concern, using the facial recognition system without privacy mechanisms in place is not a fair way to collect the data.
Things that organisations must remember, be it public or private, that even though parents may consent on behalf of the child, but the children are still the data subjects, they still hold the rights.
When parents consent to some authority on behalf of the child, the presumption is parents may have the child’s best interest in mind. Still, given the literacy of digital issues amongst the population, we cannot guarantee it. Therefore, for data protection experts, it becomes essential that parents be given adequate tools to protect their children's data.
Can ‘Privacy By Design’ Concept Address Some Concerns?
Now the question comes in how to fix things? For-profit companies are generally the biggest offenders in this space. And not just these companies but also schools and universities. An easy example could be when a digital marketing team of a school uploads a picture of their students studying in their classes, how often students’ consent is taken. Here, consent doesn’t mean to be taken at the time of joining schools.
‘Privacy by design’ concept handles the privacy of the products right at the stage of manufacturing. A good design emerges when empathy is integrated into the technologies. When a product is being designed, the demographic details of the target users are already researched. Based on that, many norms are beginning to be set: such as what data will be collected, if techniques such as anonymisation and pseudonymisation would be used, and how the information will be verified.
If privacy’s broad criteria of legitimate interest, consent, and privacy can be factored in the right at the stage of design, India can bring the standards to be at par with standards in the global arena. Especially when we as a nation are stepping in designing our curriculums with international standards and state of the art technology.
(The author is Assistant Professor at University of Petroleum and Energy Studies, Dehradun. Pulkit has pursued his LL.M from Tel Aviv University, Israel in Law and Technology and is currently pursuing his Ph.D from University of Ottawa, Canada.)
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)