GDPR And Children's Data: What Brands Need To Know

Share this content:

Collecting data from children is already subject to legislation in the United States. But as GDPR comes into effect, there are certain provisions brands that work with children's data need to pay attention to.

Age of consent changes

Under GDPR, “processing of the personal data of a child” is only allowed by law when the child is at least 16 years old. If a child is under 16 years of age, companies must obtain consent from the child's parent or legal guardian to collect and process their data. Any collection of data from children under the age of 13 is prohibited.

The United States' current Children's Online Privacy Protection rule (COPPA) allows for organizations to begin collecting data without parental consent at age 13. This means that brands collecting data may need to expand their current consent obligations to include children up to age 16.

Brands who seek consent must also “make reasonable efforts” to verify that parental consent is valid. However, it does not explicitly state how organizations are supposed to do this, only that it must be done by “taking into consideration available technology.”

Notably, GDPR also states that any privacy notice from organizations looking to collect data directly from a child must write their privacy notice in a way that is clear and easy to understand for children.

“Given that children merit specific protection, any information and communication, where processing is addressed to a child, should be in such a clear and plain language that the child can easily understand.” 

This is where some brands need to take notice – and another look at how their privacy policies are worded. In general, privacy policies need to be written in such a way that makes them accessible to potential users – which can already be a challenge if jargon and legalese is used.

Brands need to consider how certain policies are explained when speaking to a child. In these use cases, it's not just making the copy appropriate for general audiences – it's for an audience that may not have as clear of an understanding of their rights.

Protection of data

Generally, GDPR stresses the importance of clarification when data collection is being use for the purpose of marketing or advertising:

“This is of particular relevance in situations where the proliferation of actors and the technological complexity of practice make it difficult for the data subject to know and understand whether, by whom and for what purpose personal data relating to him or her are being collected, such as in the case of online advertising.”

As we said earlier this week, companies that host third-party advertisers or collect “personal data” from EU audiences need to ensure that users opt-in before that data is collected.

In the United States, there are already measures that organizations collecting data from children need to follow in order to protect children from third-parties that may not have as stringent policies in place.

Keeping advertisers at 'arm's distance'

Recently, concerns over child data protection came to light after the release of Facebook's Messenger Kids app, which is recommended for children as young as six years old. Facebook asserts they are compliant under COPPA because parents are required to manage accounts for their children. But how the data collected from the app and shared with third-party vendors is still ambiguous.

Storybooth, a media company that collects stories from children to turn into animated video, regularly collects data from minors through story submission.

 “We have an extremely hard line against third parties getting access to them through what we can control,” Paul Beck, CMO, said. “On YouTube for example, we are about to pass a million subscribers with whom we are extremely engaged with from a notification, content consumption, conversation and insights gathering perspective.  We do not allow third parties to engage with them directly on our channels where we can control it.”

“As a policy, we work to 'protect' our audiences, rather than simply abiding by laws and rules,” Beck continued. "We have checks and balances set up to ensure we stay ‘arms distance,' protecting them from third-party access to our audience.”

Related Slideshows

Sign up to our newsletters

Company of the Week

USAData helps businesses find new customers and grow their current customers through a combination of data and digital marketing services, and easy-to-use SaaS technology products. We enrich customer data so businesses can more effectively target and communicate with customers, and connect them with their best look-alike prospects through digital and traditional channels. We make it easy through simple, self-serve applications and APIs, as well as through full-service programs managed by our Data and Digital experts. 

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above