Children’s rights
-
The Data (Use and Access) Act 2025 got Royal Assent on 19 June 2025. All the provisions affecting data protection law and the Privacy and Electronic Regulations Communications are now in force. The Department for Science and Innovation (DSIT) has set out the commencement plans. You can find more details on the Gov.uk website.
Control measure: There are measures or tools in place to inform children about their rights and enable them to understand and exercise them.
Risk: If it is not easy for children to exercise their rights, then there may be a breach of articles 12-22 of the UK GDPR.
Ways to meet our expectations:
- Make tools easy for children to find that help them exercise their rights and report concerns.
- Ensure tools are age appropriate, tailored to support specific rights and easy to use.
- Communicate what is happening to a complaint or request, and include ways for the child or their parent to track the progress.
- Provide information about timescales for responding to requests from children and deal with all requests within the timescales set out in article 12(3) of the UK GDPR.
- Take swift action if you receive information indicating there is an ongoing safeguarding issue.
Options to consider:
- Embed a reporting tool in the set-up process which is highlighted and provides a clear and easily identifiable icon or other access mechanism in a prominent place on the screen display.
- Tailor the tools to support each right, for example:
- a ‘download all my information’ tool to support the right of access and right to data portability; or
- a ‘stop using my information’ tool to support the rights to restrict or object to processing.