Collect and retain only the minimum amount of personal data you need to provide the elements of your service in which a child is actively and knowingly engaged. Give children separate choices over which elements they wish to activate.
What do you mean by ‘data minimisation’?
Data minimisation means collecting the minimum amount of personal data that you need to deliver an individual element of your service. It means you cannot collect more data than you need to provide the elements of a service the child actually wants to use.
Why is it important?
Article 5(1)(c) of the GDPR says that personal data shall be:
“adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)”
Article 25 of the GDPR provides that this approach shall be applied by default to ‘each specific purpose of the processing’.
It sits alongside the ‘purpose limitation’ principle set out at Article 5(1)(b) of the GDPR which states that the purpose for which you collect personal data must be ‘specified, explicit and legitimate’ and the storage limitation principle set out in Article 5(1)(e) which states that personal data should be kept ‘no longer than is necessary’ for the purposes for which it is processed.
How can we make sure that we meet this standard?
Identify what personal data you need to provide each individual element of your service
The GDPR requires you to be clear about the purposes for which you collect personal data, to only collect the minimum amount of personal data you need for those purposes and to only store that data for the minimum amount of time you need it for. This means that you need to differentiate between each individual element of your service and consider what personal data you need, and for how long, to deliver each one.
You offer a music download service.
One element of your service is to allow users to search for tracks they might want to download.
Another element of your service is to provide recommendations to users based on previous searches, listens and downloads.
A further element of your service is to share what individual users are listening to with other groups of users
These are all separate elements of your overall service. The personal data that you need to provide each element will vary.
Give children choice over which elements of your service they wish to use
You should give children as much choice as possible over which elements of your service they wish to use and therefore how much personal data they need to provide.
This is particularly important for your collection of personal data in order to ‘improve’ ‘enhance’ or ‘personalise’ your users’ online experience beyond the provision of your core service.
You should not ‘bundle in’ your collection of children’s personal data in order to provide such enhancements with the collection of personal data you need to provide the core service, as you are effectively collecting personal data for different purposes. Neither should you bundle together several additional elements or enhancements of the service. You should give children a choice as to whether they wish their personal data to be used for each additional purpose or service enhancement. You can do this via your default privacy settings, as covered in the earlier section of this code.
Only collect personal data when the child is actively and knowingly using that element of your service
You should only collect the personal data needed to provide each element of your service when the child is actively and knowingly engaged with that element of the service.
It is acceptable to collect a child’s location when they are using a maps based element of your service to help them find their way to a specified destination, and if you provide an obvious sign so that they know their location is being tracked.
It is not acceptable to continue to track their location after they have closed the map or reached their destination.
Further reading outside the code: