Privacy is critical for children as they develop their individual personalities and identities; as they grow, play, learn and study; and as they speak their minds, and learn to express themselves freely. 

Privacy is also a fundamental human right, for all people, including children. Now marking its 30^th anniversary, the Convention on the Rights of the Child (UNCRC) recognizes that children have sovereignty over their personal information and must be protected from “unlawful interference with their correspondence.”1

In other words: children have a right to control how informa- tion about them is collected, used and shared. 

At the intersection of privacy and expression 
Today, the space in which correspondence and self-expression play out is as much digital as physical; perhaps more so. Revolutions in information and communications technology make it easier and faster than ever before for children to transmit and receive information. 

As children increasingly use these digital, online tools, they are leaving longer and wider trails of digital information about their interests, locations and preferences, even their appearance and daily routines; but also that of their friends and peers. 

They post images, pictures, texts and memes that express different aspects of their personalities. They socialize and communicate with friends and peers; next door and around the world in chatgroups. Many use technologies to engage in civic and political discussions, to help them with schoolwork, or to look for a job. 

In many cases, online information gives children access to facts and data on topics that may be perceived to be taboo in their societies; sexuality, reproduction, physical changes, and mental health, for example. This is particularly true for girls, who often have difficulty accessing information about their changing bodies and how to manage menstruation, for example. 

How this information is accessed, used, stored or destroyed is obviously a fundamental concern. Children’s right to privacy demands that they are able to access this information – and express themselves – in private, without interference from third parties, including governments and the companies who own the platforms that children frequent. 

But just as “almost every act online is an act of expression”2 it also generates indelible traces of information which can be seen by unintended parties. 

What happens to children’s data? 
In an increasingly interconnected world, personal data has become a new commodity. Data generated through social media platforms and internet browsing is used to enable better and more personalised experiences, customize health and education information, improve welfare services, and track health risks and pandemics. 

But it is also used to profile and track children for targeted marketing and advertising, including for products that are harmful or inappropriate for them. This is an enormously powerful and self-perpetuating tool that companies can use to extract more and more data from their users, including children, to generate more revenue.

This data has no age restriction. Children’s data is collected, used, stored and sold in exactly the same way as adults’ data. Even data created by parents, friends or schools, or data gathered through tracking and monitoring devices, can shape a child’s data profile. In some cases, data may even have been gathered before birth and certainly before children are able to knowingly consent to its collection and use.3

What we can do 
For parents, governments and the technology industry, this represents not just a concern, but a fundamental responsibility to develop proactive, preventative and protective measures, that transfer some control and power to children and young people over their data, while finding ways to keep them safe and protected. 

For the most part, regulatory structures have not kept pace with this astonishing rise of digital data collection and usage. Therefore, we call on governments and the technology industry to work together to strengthen policies and regulatory frameworks that protect children’s data across its entire life-cycle: from data creation and collection, through its use, storage and processing, to its destruction. 

This includes the right to have personal data erased – the ‘right to be forgotten’ – which is especially important for children as they navigate their path through childhood, and forge digital identities along the way. 

The European General Data Protection Regulation provides a useful model. It indicates that internet users, including children, should be given clear and transparent privacy notices that explain to children how their data will be collected and processed. It also goes one step further, saying that everyone, including children and young people, should have access to their personal data and the chance to fix any incorrect information. 

This is especially important when privacy terms and conditions on social media platforms are often barely understood by highly educated adults, let alone children.4 Children need to have real opt-in or opt-out opportunities in relation to how their data are used by the provider or other commercial entities, and terms and conditions need to be clear and understandable for children. As some children have argued themselves, this should extend to deleting historical social media profiles, for example.

As we call on governments and industry to take action, we also call on parents and guardians to take an active role in coaching their children to use online tools responsibly; to understand the risks, and to take steps to ensure that their data are protected. 

Of course, while younger children may require greater parental involvement, those who are approaching adulthood may not require such stringent parental data protection oversight.5 This flexible approach is consistent with the UNCRC’s concept of the “evolving capacities” of children and young people to exercise rights on their own behalf. 

Parents can also be good role models in their own use of digital platforms, and openly discuss with children the risks of using them. This can all be done while respecting children’s individuality and right to express themselves, allowing the child “to develop a healthy sense of self, apart from his and her parents.” 6

As any parent knows, monitoring children’s online behaviour is an almost impossible task. But having open, constructive and positive conversations about the safe and responsible use of digital platforms can make a critical difference. 

By joining forces, governments, industry, parents and children themselves can build trustworthy products, services and governance structures that balance the interests of individuals, groups and industry,7 and ensure that every child’s right to privacy and protection when online is upheld. 

The UNCRC, adopted in the same year in which the World Wide Web was invented, remains a powerful lens to examine and uphold universal values and principles; ones that are applicable today as much as they were over 30 years ago. As these values and principles are being translated into national and international regulations, guidance and standards, children stand to gain more freedom, more protection and more power over their own digital footprint.