Table of Contents
Many organisations collect certain information, including personal data, from children. However, there are strict rules to follow when doing so. Under the UK General Data Protection Regulation (UK GDPR), providing individuals with transparency about their information, including where you collect a child’s information, is mandatory. The most common way to address this requirement is to issue children with a bespoke ‘Children’s Privacy Policy’. This article will explain what a Children’s Privacy Notice is and the key issues around preparing one.
Why Do Children Need Privacy Information?
Whenever you are processing personal data about children, you will need to be fully transparent about it. Your business must inform them about how you will use their personal data. ‘Transparency’ is one of the key principles under the UK GDPR.
Many businesses do not realise there is a requirement to give children privacy information or that you might need a separate Children’s Privacy Policy. However, this applies even though children are young. The UK Information Commissioner’s Office has issued specific guidance on collecting data from children and providing privacy information to them.
What to Include?
A Children’s Privacy Policy should set out various information, including but not limited to the following:
- details of your organisation’s identity and Data Protection Officer, if applicable;
- your contact details;
- the kinds of information you collect from children;
- childrens’ data protection rights;
- how your business will use personal information;
- how your business collects data;
- the rules you need to follow when processing personal data (i.e. the lawful basis you rely upon to process data of children);
- who you will share their information with and if it will be sent out of the UK; and
- how long you will keep their information.
If you are not sure what information this document needs to contain, you should seek legal advice. Preparing a Children’s Privacy Notice which meets the UK GDPR requirements, can be extremely difficult. Extra complications arise when the children you are collecting data from are pre-literate, or you are relying on parental consent. These rules are complex, and you should also seek legal advice in those circumstances.
In practice, there is no market standard or prescribed format for a ‘child-friendly’ privacy policy. The expectation is for the document to be very child-focused and easy to understand for children. This is often a difficult task because, in practice, it is unlikely that children will be able to understand complex data protection information. So, this can be very tricky for businesses.
Continue reading this article below the formCall 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
Tips for a Children’s Privacy Policy
When preparing a Children’s Privacy Policy, consider the following key tips:
- know the age ranges of your child audience, so you can tailor the document accordingly;
- ensure the document is extremely clear and presented in plain language;
- ensure children can easily understand their rights over their personal data;
- be creative when preparing the document. Try to use ‘child-friendly’ ways to present privacy information. For example, you could use cartoons, animation, graphics and icons to present the information in an easy-to-understand way. You may also want to consider using video to explain key concepts if your resources and budget allow;
- explain the risks involved when processing children’s personal data and how you will mitigate against them in a child-friendly way; and
- suggest the child reads the document with the help of their parent or guardian.
In addition to the rules around transparency, there are a number of other rules to follow when processing personal data. Organisations should ensure that they follow all of the applicable rules when processing personal data of children.
This factsheet sets out how your business can become GDPR compliant.
Key Takeaways
A Children’s Privacy Policy is a document telling children how an organisation uses their personal data. Organisations must give children various information, as required by the UK GDPR. However, organisations should also ensure that the Privacy Policy is presented in a ‘child-friendly’ way. In practice, this can be difficult to achieve. You should take legal advice if you are unsure about the legal rules around processing personal data about children or how to draft a UK GDPR-compliant Children Privacy Policy.
If you need help creating or updating a Children’s Privacy Policy, our experienced data privacy lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.
Frequently Asked Questions
A privacy policy is a document that tells individuals about how an organisation uses their personal data and why. It is a key document for UK GDPR compliance.
Yes. You must give children the same privacy information about how you use their personal data as you would to adults.
We appreciate your feedback – your submission has been successfully received.