The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Services use privacy information, policies and community standards to:

  • set user expectations for how services use their data;
  • highlight the choices users have in regards to privacy; and
  • outline wider content, user behaviour and age restriction policies.

The Children’s code Transparency and Policies and community standard standards outline expectations for the design of the privacy information, policies and community standards of online services likely to be accessed by children. The links below give examples and information on how these service features impact children’s rights under the UNCRC. We also offer code recommendations on how to positively support and mitigate risks to these rights in this context.

Article 5: Parental guardianship and the evolving capacities of the child

The rights and responsibilities of parents and guardians to provide appropriate support to children to exercise their rights must be respected. Services must recognise that this support changes as children grow and their capacities develop.

Services can support this right by providing different versions of privacy information. This would allow children (and parents where appropriate) to seek more or less detail, as their capacities and data literacy develop.

Article 12: Respect for the views of the child

Children who are capable of forming their own views have rights to express them, in all matters that affect them.                                                             

Services can support this right by consulting with children and parents when developing privacy policies and community standards. They can also support by providing resources for children under 13 (the minimum age of consent) to discuss their privacy choices with parents.

Article 13: Freedom of expression

Children have a right to seek, receive and impart ideas of all kinds, through any medium of their choice.

This right is at risk where a failure to uphold service user behaviour policies exposes children to abuse. This may have a chilling effect on their freedom of speech and expression.

Article 16: Protection of privacy

Children have a right to be protected from arbitrary or unlawful interference with their privacy.

This right is at risk where services share children's personal data with other users or third parties against service policies, or without meeting the code’s Transparency standard principles.

Article 23: Children with disabilities

Children with mental and physical disabilities have a right to have their needs recognised and have equal opportunity to access and participate in digital services and communities.

This right is at risk where services do not provide privacy information and community standards in accessible formats. This is unfair to children with disabilities and does not follow UK equalities law.

Article 32: Protection from economic exploitation

Children have a right to be protected from economic exploitation of all forms.

This right is at risk where services do not communicate to children and parents the policies and community standards that relate to how they generate revenue from users’ data. It is also at risk if the service does not meet the code’s Transparency standard principles.

Article 36: Protection from other forms of exploitation

Children have a right to be protected from all forms of exploitation detrimental to their welfare.

This right is at risk where privacy information, policies and community standards are inaccurate or misleading.

Article 42: Knowledge of rights

Children and parents have a right to be made aware of the rights they hold under the UNCRC - in this context as they apply to their data and the Children's code.

Services can support this right where policies and community standards give children and parents information on the rights they hold under the Children’s code.

Children’s code recommendations on privacy information, policies and community standards:

  • Actively uphold and enforce your policies and community standards – including privacy policies, user behaviour policies and content policies.
  • Provide the privacy information in a clear and prominent place on your online service. You should make this information easy to find and accessible for children and parents who seek out privacy information.
  • Provide clear information about what you do with children’s personal data in more specific, ‘bite-size’ explanations. You should do this at the point at which you use their personal data. This is sometimes referred to as a ‘just-in-time notice’.
  • Depending on the child’s age and the risks inherent in the processing, you should prompt them to speak to an adult before they activate any new use of their data. You should tell them not to proceed if they are uncertain.
  • Consider if there are any other points in your user journey when it might be appropriate to provide bite-sized explanations. This could be to aid the child’s understanding of how you are using their personal data.
  • Present privacy information in a way that is likely to appeal to the age of children on your service. This may include using:
    • diagrams;
    • cartoons;
    • graphics;
    • video and audio content; and
    • gamified or interactive content that interests children, rather than relying solely on written communications.

Privacy dashboards, layered information, icons and symbols can also aid children’s understanding.

Consider how you can tailor the content and presentation of the information you provide depending on the age of different child users. Incorporate mechanisms to allow children or parents to choose which version they see. Perhaps allow them to down-scale or up-scale the information, depending on their individual level of understanding.