Skip to content
LegalVision UK

What is a Children’s Privacy Policy?

Avatar photo

By Sej Lamba

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn
Table of Contents

Many organisations collect certain information, including personal data, from children. However, there are strict rules to follow when doing so. Under the UK General Data Protection Regulation (UK GDPR), providing individuals with transparency about their information, including where you collect a child’s information, is mandatory. The most common way to address this requirement is to issue children with a bespoke ‘Children’s Privacy Policy’. This article will explain what a Children’s Privacy Notice is and the key issues around preparing one.

Why Do Children Need Privacy Information?

Whenever you are processing personal data about children, you will need to be fully transparent about it. Your business must inform them about how you will use their personal data. ‘Transparency’ is one of the key principles under the UK GDPR.

Many businesses do not realise there is a requirement to give children privacy information or that you might need a separate Children’s Privacy Policy. However, this applies even though children are young. The UK Information Commissioner’s Office has issued specific guidance on collecting data from children and providing privacy information to them.

The most common way to provide transparency information is by giving children a ‘Children’s Privacy Policy’ telling them how you will use their personal data.

What to Include?

A Children’s Privacy Policy should set out various information, including but not limited to the following:

  • details of your organisation’s identity and Data Protection Officer, if applicable;
  • your contact details;
  • the kinds of information you collect from children;
  • childrens’ data protection rights;
  • how your business will use personal information;
  • how your business collects data;
  • the rules you need to follow when processing personal data (i.e. the lawful basis you rely upon to process data of children);
  • who you will share their information with and if it will be sent out of the UK; and
  • how long you will keep their information.

If you are not sure what information this document needs to contain, you should seek legal advice. Preparing a Children’s Privacy Notice which meets the UK GDPR requirements, can be extremely difficult. Extra complications arise when the children you are collecting data from are pre-literate, or you are relying on parental consent. These rules are complex, and you should also seek legal advice in those circumstances.

In practice, there is no market standard or prescribed format for a ‘child-friendly’ privacy policy. The expectation is for the document to be very child-focused and easy to understand for children. This is often a difficult task because, in practice, it is unlikely that children will be able to understand complex data protection information. So, this can be very tricky for businesses.

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

Tips for a Children’s Privacy Policy

When preparing a Children’s Privacy Policy, consider the following key tips:

  • know the age ranges of your child audience, so you can tailor the document accordingly; 
  • ensure the document is extremely clear and presented in plain language; 
  • ensure children can easily understand their rights over their personal data; 
  • be creative when preparing the document. Try to use ‘child-friendly’ ways to present privacy information. For example, you could use cartoons, animation, graphics and icons to present the information in an easy-to-understand way. You may also want to consider using video to explain key concepts if your resources and budget allow; 
  • explain the risks involved when processing children’s personal data and how you will mitigate against them in a child-friendly way; and 
  • suggest the child reads the document with the help of their parent or guardian.

It is important to understand that the above are general indicators to consider. Depending on your audience, you will need to draft your unique Children’s Privacy Policy carefully. The UK GDPR gives children’s data enhanced protections. There are several rules to follow, so it is important to understand the legal requirements and ensure your document is compliant.

In addition to the rules around transparency, there are a number of other rules to follow when processing personal data. Organisations should ensure that they follow all of the applicable rules when processing personal data of children. 

Front page of publication
GDPR Essentials Factsheet

This factsheet sets out how your business can become GDPR compliant.

Download Now

Key Takeaways

A Children’s Privacy Policy is a document telling children how an organisation uses their personal data. Organisations must give children various information, as required by the UK GDPR. However, organisations should also ensure that the Privacy Policy is presented in a ‘child-friendly’ way. In practice, this can be difficult to achieve. You should take legal advice if you are unsure about the legal rules around processing personal data about children or how to draft a UK GDPR-compliant Children Privacy Policy.

If you need help creating or updating a Children’s Privacy Policy, our experienced data privacy lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.

Frequently Asked Questions

What is a privacy policy?

A privacy policy is a document that tells individuals about how an organisation uses their personal data and why. It is a key document for UK GDPR compliance.

Do I need to give children a Privacy Policy?

Yes. You must give children the same privacy information about how you use their personal data as you would to adults.

Register for our free webinars

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Sej Lamba

Sej Lamba

Read all articles by Sej

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

3 Documents Your Company Needs to Demonstrate GDPR Compliance

3 Benefits of Using a Lawyer to Draft Documents for My UK Online Business

Does My Business Need a Cybersecurity Policy?

Does My Website Need a Privacy Policy?

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards