DATA PROTECTION FOR CHILDREN ONLINE

AUTHOR

Name: Anish

College: PUSSGRC, Hoshiarpur (Panjab University)

Semester & Year: 6th Semester & 3rd Year

ABSTRACT

In the digital age, children are spending more time online for socializing, learning, and playing. Kids can gather and understand a vast amount online, but they are also more exposed to risks because of it. When proper security measures are established, websites, applications, and platforms may gather and handle children’s personal data and frequently exploit it. This study analyzes the laws and regulations that protect children’s data globally and in India at present, as well as the types of dangers encountered by youth online. With the help of examination of literature, case law, and analytical insights, the study concluded that there are many primary concerns include informed consent, data misuse, and the lack of reliable age verification techniques. The study also provides us suggests to improve legal safeguards, fostering global cooperation, and raise awareness to make the internet a more secure place for children.

KEYWORDS

Children, data protection, online privacy, cyber safety, digital consent, legal frameworks

INTRODUCTION

Digitalization is changing the lives of children worldwide. Technology is used by many children in many ways such as for learning, creating, and talking to others around the world. While technology has provided an opportunity to connect the world, it has also created concerns about privacy issues, such as collecting, using, and abusing children personal data. Let’s take some examples that have both the positive and negative effects of technology-related experiences.

As children learn digital literacy, they may not understand the extent to which they share personal information in their public digital spaces. They may not even realize that they are sharing items of personal information with games, websites, or apps on their phones. Companies then gather, share, or sell this information. This data may record children’s names, ages, photographs, locations, browser history, and biometric identifiers.

Individually and collectively all over the world, we are beginning to realize that children’s online information requires protection. The General Data Protection Regulation (GDPR) in the EU and the Children’s Online Privacy Protection Act (COPPA) in the US are two critically important regulatory tools, while in India, the Digital Personal Data Protection Act (DPDP) of 2023 is used to protect children’s online information.

HYPOTHESIS

The existing legislative traditions cannot guarantee sufficient data protection to children, as they are the most vulnerable online. There should be stronger rules and regulations to better protect the children’s online privacy. It also ensures that these rules mainly focus on children.

REVIEW OF LITERATURE

A lot of academic writing and legal analysis supports the idea that children need different privacy protections. Sonia Livingstone’s work for the EU Kids Online project shows that children do not know much about privacy settings or how online data is collected. Her research also indicates that digital services need to be designed for individuals of all ages.

Daniel Solove and Woodrow Hartzog are two legal scholars who have written a lot about digital privacy. They point out that once children’s data is collected, it can last forever and be used in many different ways.

Vidushi Marda’s work with the Internet Democracy Project in India demonstrates how Indian laws lack clear rules regarding obtaining parents’ permission and ensuring that children’s data remains private. Reports from UNICEF and Save the Children further illustrate how dangerous the internet can be for children, from targeted ads to online grooming. They also suggest that there should be global data protection frameworks that address all of these risks.

RESEARCH METHODOLOGY

This research employs a doctrinal legal research methodology. The study involves reviewing existing laws, international treaties, case law, journal articles, policy documents, and official reports on children’s data protection.

There are many primary sources used in this research such as the Digital Personal Data Protection Act, 2023 (India), GDPR, COPPA, and judicial pronouncements. Secondary sources consist of scholarly articles, NGO reports, and expert opinions.

A comparative approach is adopted to examine the effectiveness of Indian regulations in light of international standards. Case law analysis and legislative interpretation are also utilized to assess the enforcement mechanisms and protections available for children.

WHY CHILDREN NEED SPECIAL PROTECTION

Special protection for children is necessary since children are one of the most vulnerable members of society in terms of physical, mental, and emotional nature. The abuse, discrimination, exploitation, and neglect become their vulnerabilities due to the developmental stage they are in. The reasons can be summarized in the following way.

Developmental Vulnerability: Children are at a sensitive stage of physical, emotionally and cognitive growth; therefore, they are highly prone to any form of harm. They have narrow knowledge about the risks and they lack emotional maturity hence they are not always able to understand danger and to react accordingly in case of threat. They are unable to guide, support, and protect themselves like adults and therefore, any lapse in these roles by the caregivers can put them at the risk of being abused, neglected, or exploited. Their needs can be either ignored by societal systems, be it legal, educational, or economic, or they can simply not focus on their safety. In other words, without safety, children can easily be manipulated, silenced, or hurt. As a result, children require special protections.
Legal Acknowledgement: The Convention on the Rights of the Child (CRC) points out that children have full human rights, no matter their dependability nor their age. Due to their physical and mental inability, the CRC has required special protection to safeguard them, allow them to develop, and therefore observe dignity. It lays stress on the fact that any decisions that impact the children have to be made with the best intentions of the children in mind.
Consequences of Abuse: Traumatic violence, neglect, or exposure to exploitation during early years can break the normal trajectory of brain development, making it impossible to control emotions and leading to long standing serious health issues. Often leads to poor performance in school; low self-esteem; inability to create healthy relationships. Because of their manipulation in such negative experiences, children may adjust their behavior in the long run in a way that is unique to the person or identity type and potentially makes one vulnerable too: mental illness, substance abuse issues, and loneliness.
Disproportionate Harm: The physical vulnerability, emotional sensitivity, and dependence of children on adults mean that climate crises, armed conflict, and digital risks will have even more serious consequences for the health, safety, and development of children, along with societal disruption.
Narrow Political voice: Since children have no voting rights and no formal positions in the formulation of policies, their interests are frequently dismissed. Their policies could fail to consider their special needs and long-term welfare without legal protection and the pressure of society.

RULES MADE BY THE GOVERNMENT FOR CHILDREN DATA PROTECTION

United Nations Convention on the Rights of the Child (UNCRC)

This organization works for the data protection of children as described in Article 16 and Article 17. Children have a right to privacy under Article 16, and it protects children from people who shouldn’t have access to any aspect of their personal lives, families, or communications. Article 17 of the UNCRC focuses on the fact that children should receive the right information and, to help them flourish, should not have access to media that is detrimental to their growth.

General Data Protection Regulation (GDPR)

“Children’s consent” or “minors’ consent” is defined in Article 8 of the GDPR. It defines that children’s consent under the age of 16 years is invalid consent for processing their personal data when they are provided online services; consent must be given/authorized by a parent/guardian. This act provides additional protection to the child, since they may not be fully aware of the risks of data privacy.

Children’s Online Privacy Protection Act (COPPA, USA)

The USA made this act for the protection of minors. Under the law, websites and online services must obtain validated parental approval for children under the age of 13 before collecting their personal information. The idea behind this is to protect children’s rights, as well as to make the parents aware of any data collection by the online services.

India: Digital Personal Data Protection Act, 2023 (DPDP)

India’s Digital Personal Data Protection (DPDP) clearly defines a child (anyone under the age of 18 years is a child) by setting a clear age limit for digital protection of a child or minor. Before processing children’s personal data, data fiduciaries must get verifiable parental consent. This act was made to protect the children from the online platforms tracking their personal information, like their profile, or they cannot put targeted ads on their phones. They also have to keep the children away from or safe from harmful content on social media. But it doesn’t have clear technological standards for age verification or strict compliance measures, which makes it difficult to authenticate identities and enforce rules. These are the drawbacks that make this act less effective in nature.

Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

Under this act, the mediators must make reasonable efforts to protect the children from social media platforms by many methods, such as barring obscene, pedophilic, or criminal content (i.e., harmful content). Regulatory compliance does not consider children’s privacy and lacks specificity for children in regard to their data and online interactions. Indeterminate concerns arise about the extent to which minors are being safeguarded online.

TYPES OF DATA COLLECTION FROM CHILDREN

Kids can be bothersome and do bad things because they are weak by nature. It’s good to hear what youngsters have to say about school and safety. Lawyers, parents, and instructors need to know about the numerous kinds of information that can be collected so they can use it properly.

Personally Identifiable Information (PII): This collection of names and places can help you find a child. You should write down their name, date of birth, address, and how to get in touch with them. You should also write down the name of their school and the grade they are in. This will help you get a broad idea of who they are. Many things require personally identifiable information (PII), such as keeping medical records safe or signing a child up for school. People who shouldn’t be able to get to it or utilize, it shouldn’t be able to.
Behavioural Data: You can look online to see what your youngster is doing and saying. There are a lot of ways to find out how someone looks on different devices and how long they spend on apps and social media. These records demonstrate what they liked and didn’t like, as well as how they learnt best. Still, they make individuals worry that someone is watching them and make it more likely that customized, adverts will be used to deceive people.

You can use this information to figure out where a youngster is in real life. Most of the time, cell phones and other smart gadgets with GPS tracking integrated in keep this kind of information. Knowing where you are at all times can help keep you secure. You can see your child go to school. If the child’s parents or guardians don’t notice and think it’s okay, the child’s safety could be at stake.

Biometric data: It is a widespread and up-to-date approach to get information. Each person in this group has something that makes them different, such their fingerprints or a photograph of their face. Smart toys with cameras or microphones and biometric school attendance systems that check to see whether you are who you say you are can provide you this kind of information. Sometimes, it’s safe and advantageous to collect genetic information from kids. But it needs strong moral and legal protections because it can’t be modified and could have ramifications that last a long time.

Interaction Data: It reveals how youngsters talk to and work with each other online. You can find a lot of stuff online, such how-to videos, public posts on social networks, and chat logs from messaging applications. Their teachers might be able to utilise this information to help kids do better in school or keep them safe. It does make you think about your right to privacy, your right to free expression, and the fact that someone might be watching you.

You should think about your child’s safety, health, and best interests when they say things like this. Parents should be able to get information only if they can talk to each other openly, the information is well protected, and everyone observes the law.

CHALLENGES IN DATA PROTECTION FOR CHILDREN

Not knowing: It’s tricky because a lot of people don’t know about it. Many youngsters and their parents don’t know how digital businesses collect and use their data. Businesses may learn a lot about people when they click, browse, or use an app. They might not be aware of this. Families can’t choose the optimum privacy and safety settings because they don’t know enough about how to put them up. Kids are in danger, but they don’t realize it.
It’s hard to tell if something is real: It’s impossible to know what’s real, even when it comes to age. Many websites and services have age limits, but youngsters are very excellent at getting around them. They can simply lie about their age or other personal information to get on sites or see things that are meant for older people. It’s hard for companies to follow their own regulations, and it’s hard for the government to keep kids safe from content or data-gathering tactics that aren’t right for their age.
Having problems getting parents to say yes: Getting your parents’ permission is the hardest part. A lot of websites should ask youngsters’ parents for permission before taking their stuff. But the checks that make sure everyone is on the same page don’t always work. The site can’t be confident that the person who gave permission is a parent or guardian and not merely a child acting like an adult. People can learn stuff about kids through this hole without their parents’ permission, which is against the guidelines that are designed to keep youngsters safe.
Sending information from one country to another: Sending information between countries is already hard enough. Most of the time, kids’ information isn’t retained where they live. People all throughout the world commonly keep it on their PCs. It’s hard to sue companies that utilize children’s information in a harmful way. It’s hard for parents and the government to punish criminals and do the right thing because each country has its own set of standards.
The best approach to make money using data: Many people aspire to generate money with data. Many IT businesses make a lot of money by doing things like displaying kids adverts that are more fun for them. In other words, they watch what kids do online and display advertisements that are relevant to them. These advertisements make kids want to buy stuff or use particular services. This is bad because it takes advantage of kids’ inherent curiosity and their ability to encourage people to give them money, even if their parents don’t fully understand or agree with it.
There aren’t enough cops: Last but not least, there are rules that aren’t strong enough. There are laws and rules to protect kids’ information, but the people who are supposed to enforce them don’t always have the tools or freedom they need. They might not have enough lawyers, staff, or money to adequately look into rule violations, punish firms that break the rules in a constructive way, or stop people from doing harmful things. People may not be able to keep youngsters safe even if they sincerely want to. Companies can do whatever they want without worrying about getting in trouble.

CASE LAWS

1. Justice K.S. Puttaswamy v. Union of India (2017) 10 SCC 1

The Supreme Court of India recognized that Article 21 of the Constitution preserves the right to privacy in the case of Justice K.S. Puttaswamy v. Union of India (2017). Individuals sued because they didn’t like the Aadhaar plan, which required collecting biometric data and made individuals concerned about privacy and being watched. It threw out the earlier decisions in M.P. Sharma and Kharak Singh because it thought that privacy was a fundamental aspect of freedom and dignity. It set up a three-part criterion for any government breach of privacy: it had to be legal, necessary, and fair. This significant choice led to more choices concerning LGBTQIA+ rights, data protection, and digital governance in the future.

2. In re Facebook, Inc. Consumer Privacy User Profile Litigation (USA) 3:18-md-02843 (N.D. Cal.)

As part of the “In re Facebook, Inc. Consumer Privacy User Profile Litigation” in 2018, people said that Facebook shared their private information with outside groups, like Cambridge Analytica, without their permission. A lot of California lawsuits were merged into one that touches more than one district. Most of the case was about identity theft and debt scams. People who sued Facebook said the company didn’t follow its own rules and lied to users about how apps and business partners could access their data. The court didn’t agree with Facebook that users didn’t want privacy. In this case, this meant that some important things might move forward. A contract worth $725 million in 2023 set a new record. In the history of the United States, this is the finest agreement ever for a class action.

3. Google’s COPPA Violation (2019) FTC File No. 172 3083

In 2019, many argued that Google and its firm YouTube broke the Children’s Online Privacy Protection Act (COPPA) by acquiring personal information from kids under 13 without their parents’ permission. The FTC and the New York Attorney General alleged that YouTube made millions of dollars by using cookies to keep track of people who watched kids’ videos and then showing them adverts that were specific to them. YouTube said it was a terrific site for kids, yet it didn’t obey COPPA. The deal was for $170 million, which is a record amount. The FTC got $136 million, and New York got $34 million. YouTube committed to be tougher about identifying video, tell artists what they need to do to satisfy COPPA, and limit the amount of information it collects on kids’ content as part of the settlement.

4. Campbell v. Facebook (USA) 951 F.3d 1106 (9th Cir. 2020)

In Campbell v. Facebook (2013), people argued that Facebook exploited URLs that were shared in private chats without their permission. They argued that this was against the Electronic Communications Privacy Act and the California Privacy Code. The court said that certain of Facebook’s actions, such sharing information with other firms and garnering more “likes,” might be illegal interception. It was fine to bring a class action lawsuit to get an injunction. In 2017, after a lot of legal fights, a “non-monetary settlement” was struck. certain people didn’t believe Facebook’s promise to be more honest about how it uses data and make certain changes was enough. The Ninth Circuit agreed with the settlement in 2020, even though several individuals thought it was unfair.

These cases highlight the evolving judicial approach toward digital data protection and the need for specialized child-oriented interpretation of privacy laws.

SUGGESTIONS

Strict Age Verification System

There should be development of better AI-based or biometric systems. Platforms should find it effortless to identify trustworthy age verification, thereby preventing minors from utilizing adult services.

Privacy by Design

The government should make it mandatory for the platforms to design child-centric privacy settings by default. So that children can be protected from fraud.

Parental Consent Reform

There should be step-by-step verification for parental consent to prevent misuse of the information.

Educational Curriculum

There should be an introduction of digital literacy and privacy education in school curricula from an early age.

Child Data Protection Authority

There should be the establishment of a specialized regulatory body for handling children’s data complaints and audits. This will ensure that complaints are resolved more quickly and that there is less misuse of information.

Global Harmonization of Laws

There should be international cooperation between the governments for cross-border data. This step can help in taking legal action against the offenders.

Ban on Behavioral Advertising

There should be restrictions on the targeted ads for children below a certain age. This can lead to a reduction in manipulation and commercial exploitation.

Right to Be Forgotten

The right should be given to the children to erase digital footprints created during their minority. This step can help in reducing fraud.

CONCLUSION

A study indicated that youngsters are more likely to get wounded online than adults. The law needs to do more to keep youngsters safe and defend their rights. Even if GDPR, COPPA, and India’s DPDP Act are all wonderful laws, they are hard to police, it’s still hard to check someone’s age, and it’s still hard to get countries to cooperate together. The study argues the case for these things, such as privacy-by-design in platforms, stronger rules about permission, and initiatives to teach people how to use technology. The rules for kid data must be the same in every country. Additionally, people need the “Right to Be Forgotten” to protect their privacy and safety for life. In order to keep kids safe online, we must act quickly, get together, and keep them at the centre of it all.

REFERENCES

WEBSITES

CASE LAWS