Rapid digital migration exposes data privacy concerns for children
The broad, global migration towards virtual platforms following widespread Covid-19 lockdowns has highlighted the need for the digital privacy of children to be properly secured and protected. With more time spent in the digital world, child exposure to digital marketing is growing rapidly.
© Karel Joseph Noppe Brooks – 123RF.com
Digital device proliferation amongst children and adolescents was high before the pandemic, and it has increased exponentially since. According to Unesco, in May 2020, more than 60% of learners globally were affected by school closures due to the Covid-19 pandemic. Around half of children affected by school closures had access to online platforms, causing an extreme spike in unregulated screen time among children. Spending more time in the digital world meant that children had greater exposure to influencer marketing tactics and branded environments, such as is prevalent in video games (particularly “advergames” – games designed to promote a product or service).
Targeted advertising
A crucial area of concern in contemporary digital marketing is what legal and policy framework guides digital advertising in respect of the rights of children. The marketing industry has long targeted children in advertising campaigns, however past studies have shown that self-regulation has not adequately addressed the need to look after children’s rights in respect of advertising.
The responsibility threshold is over-simplistic. Parental consent and age-gates are treated as the primary tools for age verification, however further scrutiny is needed as to whether these solutions technically and socially solve the problem in real world scenarios, or whether alternatives are needed. Programmatic marketing, and its potential for misinformation, is a greater threat to children, who may not yet have developed the cognitive or educational abilities to scrutinise such media appropriately.
GDPR
In Europe, some effort has been made towards correcting this, in respect of data protection. The General Data Protection Regulations (GDPR) provide for special conditions in respect of the obtaining of consent, with consent of children younger than 16 years requiring parental authorisation (this age can be lowered by member states to no less than 13 years), an obligation to ensure communication with children is transparent and in plain language as well further miscellaneous provisions for the provision of helplines, awareness and participation in establishing codes of conduct and special rules in respect of profiling of children.
PoPIA
The recent substantive implementation of key provisions of the Protection of Personal Information Act (PoPIA) in South Africa contains stringent measures to address digital privacy for persons under the age of 18. PoPIA will now bring South Africa in line with international data protection laws by regulating the processing of the information of natural and juristic persons and placing more onerous obligations on responsible parties that process such information in South Africa. The privacy rights of children are closely guarded in PoPIA and consent to contact them must be received from a competent adult. The Act defines a child as a natural person under 18 who is not legally competent to take any action or decision in respect of any matter concerning him or herself, without the assistance of a competent person. There is a general prohibition with respect to the processing of personal data of children in the Act, with a few exceptions.
Common standards
However, outside of data protection law, there are few common standards in respect of how modern digital advertising (such as programmatic advertising) should operate in respect of children. It has been argued that children are less likely to appreciate or understand the complex commercial intent behind complex modern advertising, with the harms such influence on children being severe, such as negatively influencing children dietary concerns, sexualisation of children, creating or reinforcing stereotypes or radicalisation.
The structural framework for digital advertising requires assessment in the context of the rights of children, and a policy framework needs to be developed that clearly identifies industry roles and responsibilities in respect of children’s rights regarding digital advertising, such as initiatives undertaken by Unicef and the World Health Organisation.
Further, alternate age verification technologies need to be explored to prevent the ‘minimum age threshold compliance’ becoming a safe haven. Such solutions could include devices and browsers provided to children being enabled to issue anonymised flags to programmatic systems, which systems can be architecturally designed to limit certain kinds of advertisement to such devices or browsers.
Special ethical policies and guidelines should be adopted when targeting children via digital marketing. If companies that deliver online marketing campaigns implement such policies they can help to ensure that the rights of children are properly protected, as the world migrates further into a virtual reality.