The digitalisation of our society has a substantial impact on the lives of children and on the rights that are specifically attributed to them by the United Nations Convention on the Rights of the Child (UNCRC), Article 24 of the EU Charter of Fundamental Rights, and many national constitutions. The 2018 Recommendation that was adopted by the Council of Europe’s Committee on ‘Guidelines to respect, protect and fulfil the rights of the child in the digital environment’ acknowledges that the digital environment is “reshaping children’s lives in many ways, resulting in opportunities for and risks to their well-being and enjoyment of human rights”. There is no doubt that the digital environment has enormous potential for the empowerment of children, but I argue that, at the same time, an urgent need for de-responsibilisation of children (and parents) in light of certain digital practices is emerging. 

The use of digital devices and services provides children with many opportunities to effectively realise a number of rights, such as the right to freedom of expression, the right to association and the right to engage in play. Greta Thunberg has three million followers on Twitter where she raises awareness regarding climate change and inspires young people all around the world. Ryan Kaji is a young boy with his own YouTube channel ‘Ryan’s world’ with more than 22 million subscribers. Children and young people communicate, share and create content, often across borders, on social media and through mobile apps. Yet, the platforms that provide children with these fora to exercise their rights are deeply commercial and are built on business models that are data- and advertising-driven. 

At this moment in time, it is hard to assess and to predict the impact that practices such as exploitative data collection, processing and profiling activities in commercial environments will have on children’s lives in the long term. Aside from a potential substantial impact on the right to privacy and data protection, there might be direct and/or collateral effects on the right to development, freedom of thought, freedom of expression and association, as well as the right to protection from commercial exploitation. The Council of Europe’s Committee of Ministers has warned in its 2019 ‘Declaration on the manipulative capabilities of algorithmic processes’1 that “fine grained, sub-conscious and personalised levels of algorithmic persuasion may have significant effects on the cognitive autonomy of individuals and their right to form opinions and take independent decisions”. The Committee also acknowledges that “these effects remain underexplored but cannot be underestimated”. Similar questions are raised about the effects of practices by public actors, such as the deployment of facial recognition technology and other surveillance mechanisms, for instance in schools and other educational environments. The Swedish Data Protection Authority recently fined a municipality for using facial recognition technology to monitor the attendance of students in school because of non-compliance with the EU General Data Protection Regulation (GDPR).2 But aside from violations of data protection obligations, growing up in constantly surveilled environments – in which their movements, behaviour and relationships are monitored – might also negatively affect children in the long term. The EU’s Fundamental Rights Agency, for instance, has recognised that the deployment of facial recognition technologies might lead to a chilling effect on the right to freedom of expression and to freedom of assembly and association.3

 At this moment in time, it is hard to show that the practices described above lead to actual harm on the well-being of children. This makes it hard to advocate for stricter regulation or prohibitions on the deployment of certain technologies. Regulation imposes restrictions on certain behaviours or actors and, hence, there should be a compelling reason to regulate. However, with respect to delicate issues, such as the well-being of children, the ‘precautionary principle’ should be borne in mind. Simply put, this concept, which finds its origins in environmental policy, embraces a ‘better safe than sorry’ approach. The precautionary principle compels society to act cautiously if there are certain – but not necessarily absolute – scientific indications of a potential danger and if not acting upon these indications could inflict harm. The Wingspread statement on the precautionary principle, adopted by academic experts at an environmental conference in 1998, stated that “[w]here an activity raises threats of harm to human health or the environment, precautionary measures should be taken even if some cause and effect relationships are not fully established scientifically”.4

Current legal frameworks that are relevant to the practices in question often prescribe ‘empowerment measures’ as a means of protection. Such measures include transparency towards data subjects (including children), and giving them rights to control the data that is collected and processed. Examples of rights that are included in the Council of Europe’s Convention 108+ and in the EU’s GDPR are the right to information, the right to access, the right to erasure, the right to object, and the right not to be subject to automated decision-making. Yet, as certain practices are so opaque and complex, and their effects difficult to grasp, ‘being informed’ or ‘having rights’ often does not amount to being protected. The responsibility for understanding how data is processed and assessing whether it is fair cannot be placed solely on children’s shoulders, nor on those of their parents. On the contrary, fair processing of children’s personal data requires legal restrictions on certain practices – keeping the precautionary principle in mind; enhanced responsibilities for data controllers – both public and private actors; and stronger enforcement by Data Protection Authorities. ‘De-responsibilisation’ of children and their parents inevitably leads to ‘(re)responsibilisation’ of policymakers, data controllers and regulators. They should take the ‘best interests of the child’ (Article 3, UNCRC) as a primary consideration in how they make decisions about processing children’s personal data. Children’s Rights Impact Assessments that consider potential effects on the full range of children’s rights should guide such decisions.5 Investing in longitudinal, fundamental and empirical research into such effects is, in that respect, of primordial importance.