All of the early thinking about the internet – thinking which determined how it was set up at a fairly fundamental level – was framed by a belief that overwhelmingly the future users would be highly educated, therefore literate and numerate, responsible adults. However, now we know across the world one in three of all human internet users is a child. This rises to about one in two in many lower income countries and these have large populations. In the UK and other richer nations the proportion hovers around one in five. Whichever way you look at it, everywhere children are a substantial and persistent body of internet users.
The 5 Rights Foundation is doing a great job in getting us all to think about the data protection implications of children being such a huge constituency. In doing so it points out they are only following what, in Recital 38, the GDPR declared to be self-evident: “Children merit specific protection with regard to their personal data”.
In their latest publication 5 Rights tells us these matters have become urgent. Why? Because the UK’s Information Commissioner has issued its proposed “Age Appropriate Design Code”, as required by the Digital Economy Act. 2017.
There has been a lot of industry push back in respect of parts of it but 5 Rights suggests this is to some degree a product of confusing issues about age appropriate content with issues of age related data protection standards. Is this a distinction which is easy to see at a conceptual level but which, in reality, is hard to implement at a practical one?
Thinking caps on please. 5 Rights have proposed an interesting way out.
Desiderata 