The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Data sharing between users concerns how other people, within and outside of a service, can see and download user profile information, service activity (such as social media posts or gameplay stats) and user interactions. The Children’s code Data sharing standard outlines expectations on data sharing for online services likely to be accessed by children.

The links below give examples and information on how data sharing between users impacts children’s rights. We also offer code recommendations on how to positively support and mitigate risks to these rights in this context.

Article 6: Life, survival and development 

Children have an inherent right to life and survival, and their physical and emotional development should not be impeded.

Data sharing with other users can risk this right where it exposes children to risks of physical or emotional harm (for example stalking, bullying and harassment). This could be through on-by-default settings or by not having adequate transparency and safeguards.

Article 8: Development and preservation of identity

Children have a right to develop and preserve their identity, including:

  • nationality;
  • name;
  • family relations;
  • gender; and
  • other personal identity characteristics.

This right is at risk when services share children’s data relating to identity with other service users. This could be through on-by-default settings, or by not having adequate transparency and safeguards. Services can support this right by giving children profile options that can protect identity characteristics (for example avatars in gaming or auto-generated user names).

Article 13: Freedom of expression

Children have a right to seek, receive and impart ideas of all kinds, through any medium of their choice.

Services can support this right by providing off-by-default settings for children to share data that allows them to express themselves (for example participating in online debate or sharing self-made content). This right is at risk where exposure to abuse from other service users has a chilling effect on children's speech. This could be through on-by-default data sharing or by not having adequate transparency and safeguards.

Article 16: Protection of privacy

Children have a right to be protected from arbitrary or unlawful interference with their privacy.

Services can support this right by using pro-privacy nudges when children are about to share data with other users. For example, explaining the privacy implications of sharing data, or highlighting associated privacy settings. This right is at risk when services share children’s data with other users with on-by-default settings, or by not having adequate transparency.

Article 19: Protection from violence, abuse and neglect

Children have a right to be protected from all forms of physical or mental violence, abuse, maltreatment or exploitation.

Data sharing with other users can risk this right where it exposes children to risks of violence or abuse (for example stalking and harassment). This could be through on-by-default settings, or by not having adequate transparency and safeguards.

Children’s code recommendations on data sharing with other users:

  • Ensure settings that allow the sharing of children’s data with other users are set to off by default, unless you can demonstrate a compelling reason otherwise, taking into account the best interests of the child.
  • Any default settings related to data sharing should specify the purpose of the sharing and who you are sharing the data with. Settings which allow general or unlimited sharing are not compliant.
  • Provide clear information about what you do with children’s personal data in more specific, ‘bite-size’ explanations. Do this at the point at which you share the personal data. This is sometimes referred to as a ‘just-in-time notice’.
  • Depending on the child’s age and the risks inherent in the processing, you should prompt them to speak to an adult before they activate any new use of their data. You should also say to not proceed if they are uncertain.
  • Allow users the option to change their data sharing settings either permanently or just for the current use.
  • Retain inter-user data sharing choices or high privacy defaults when you update the software.

Do not use nudge techniques to lead or encourage children to provide unnecessary personal data or turn off privacy protections. Nudge techniques are design features which lead or encourage users to follow the designer’s preferred paths in the user’s decision making. For example, presenting one choice more prominently than another, or framing one alternative more positively than another.