Data Protection for Next Generation: Putting Children First | IGF 2023 WS #62

Report

The discussion focuses on the necessity of age verification and data minimization in relation to children’s rights in the digital environment. It is argued that companies should not collect additional data solely for age verification purposes, and trust in companies to delete data after verification is considered crucial to protect children’s privacy.

Another important point raised in the discussion is the need for the early incorporation of children’s rights into legislation.

The inclusion of children in decision-making processes and the consideration of their rights from the beginning stages of legislation are emphasized. This is contrasted with the last-minute incorporation of children’s rights seen in the GDPR.

The discussion also advocates for the active participation of children in shaping policies that affect their digital lives.

Examples of child-led initiatives, such as Project Omna, are mentioned to illustrate the importance of including children’s perspectives in data governance. The argument is made that involving children in policy-making processes allows for better addressing their unique insights and needs.

The role of tech companies is also explored, with an argument that they should take child rights into consideration during their product design process.

Collaborating with tech companies to develop age verification tools is suggested as a means of ensuring the protection of children’s rights.

Additionally, it is noted that children, often referred to as “Internet natives,” may have a better understanding of privacy protection due to growing up in the digital age.

This challenges the assumption that children are unaware or unconcerned about their digital privacy.

The discussion concludes by highlighting the advocacy for education and the inclusion of children in legislative processes. Theodora Skeadas’s experience in advocacy is mentioned as an example.

The aim is to educate lawmakers and involve children in decision-making processes to create legislation that better safeguards children’s rights in the digital environment.

Overall, this discussion underscores the importance of age verification, data minimization, the incorporation of children’s rights in legislation, the active participation of children in policy-making processes, and the consideration of child rights in tech product design.

These measures are seen as vital for protecting and promoting children’s rights in the digital age.

Report

The discussion revolves around various important topics related to internet development, youth engagement, and online safety. Dot Asia, which operates the .Asia top-level domain, plays a crucial role in these areas. In addition to managing this domain, Dot Asia uses the earnings generated from it to support internet development in Asia.

Moreover, Dot Asia runs the NetMission program, which aims to engage young people in internet governance. These initiatives are viewed positively as they promote internet development and youth engagement in Asia.

Another significant development is the launch of the .Kids top-level domain in 2022.

This domain is specifically designed to involve and protect children, based on the principles outlined in the Convention on the Rights of the Child. By prioritizing children’s rights and safety, the .Kids initiative aligns with the principles of the convention.

This positive step highlights the importance of involving children in policy-making processes that affect them.

Cooperation among stakeholders is emphasized for ensuring online safety. Various forms of online abuses and domain name system (DNS) abuses exist, requiring collaborative measures to create a safer online environment.

The .Kids top-level domain is seen as a valuable platform to support online safety initiatives. By creating a dedicated space for children, it can contribute to the development and implementation of effective online safety measures.

The discussion also focuses on privacy, particularly in relation to data collection and age verification.

Privacy is not just about keeping data secure and confidential but also about questioning the need for collecting and storing data in the first place. The argument is made that data should be discarded after the age verification process to strike a balance between protecting children and safeguarding their privacy.

The use of pseudonymous credentials and pseudonymized data are suggested as appropriate approaches for age verification.

These methods allow platforms to verify age without accessing or storing specific personal information, addressing privacy concerns while still ensuring compliance with age restrictions.

Additionally, it is highlighted that trusted anchors should delete raw data after verification, and regulation and audits are necessary for companies that hold data.

The importance of building the capacity for child participation in internet governance is also emphasized. These factors contribute to creating a safer, more inclusive, and child-centric online environment.

In summary, the discussion focuses on various important aspects of internet development, youth engagement, and online safety.

Dot Asia’s initiatives and the introduction of the .Kids top-level domain reflect positive steps toward promoting internet development and protecting children’s rights. The importance of stakeholder cooperation, privacy considerations, and child involvement in policy-making processes are also highlighted.

By addressing these aspects, stakeholders can work together to create a safer and more inclusive online space for all.

Report

Civil society organizations play a crucial role in advocating for child-centred data protection. They can engage in advocacy related to law and policy, as well as litigation and regulatory requests. For example, Professor Sonia Livingstone’s work on the use of educational technology in schools and the launch of the UK’s Digital Futures Commission highlight the importance of civil society organizations advocating for proper governance of educational technology in relation to children’s data protection.

Litigation and making requests to regulators are another important avenue for civil society organizations to advance child-centred data protection.

This is evident in cases such as Fair Play’s complaint about YouTube’s violation of the Children’s Online Privacy Protection Act, which resulted in Google and YouTube paying a significant fine. These actions demonstrate the impact civil society organizations can have in holding tech companies accountable for their data protection practices.

Community-based human rights impact assessments are crucial for ensuring child-centred data protection.

This involves consulting with companies, working with technical and legal experts, and including meaningful consultation with children. By involving children in the process, civil society organizations can better understand the implications of data processing and ensure that their rights and interests are taken into account.

Civil society organizations should also involve children in data governance.

Involving children in activities such as data subject access requests can help them understand the implications of data processing and empower them to participate in decision-making processes. Additionally, auditing community-based processes involving artificial intelligence could involve older children, allowing them to contribute to ensuring ethical and responsible data practices.

Education about data processing and its impacts is crucial for meaningful child involvement.

It is important for people, including children, to understand the implications of data governance for their rights. Practical activities, like writing to a company to request their data, can be incorporated into education to provide a hands-on understanding of the subject.

Civil society organizations need to collaborate with experts for effective child involvement.

In complex assessments, a wide range of expertise is required, including academics, technologists, and legal experts. By collaborating with experts, civil society organizations can ensure that their efforts are based on sound knowledge and expertise.

Age verification should not be the default solution for protecting minors’ data.

Other non-technical alternatives should be investigated and considered. Different jurisdictions have differing views on the compliance of age verification products with privacy laws, highlighting the need for careful consideration and evaluation of such solutions.

In efforts to protect children’s data, it is essential to centre the most vulnerable and marginalised children.

Children are not a homogeneous group, and it is important to address the varying levels of vulnerability and inclusion across different geographies and demographics.

Designing products for the edge cases and risky scenarios is crucial for digital safety.

Afsaneh Rigo’s work on inclusive design advocates for designing from the margins, as this benefits everyone. By considering the most difficult and risky scenarios, civil society organizations can ensure that digital products and platforms are safe and accessible for all.

In conclusion, civil society organizations have a vital role to play in championing child-centred data protection.

Through advocacy, litigation, regulatory requests, human rights impact assessments, involvement in data governance, education, collaboration with experts, exploring non-technical alternatives to age verification, considering the needs of the most vulnerable children, and designing for edge cases, these organizations can contribute to a safer and more inclusive digital landscape for children.

Report

The discussion on children’s privacy rights in the digital environment emphasised the importance of protecting children from data exploitation by companies. One argument raised was the need for regulatory and educational strategies to safeguard children’s privacy. Age-appropriate design codes were highlighted as a valuable mechanism for respecting and protecting children’s privacy, considering their age and understanding the link between privacy and other rights.

Professor Sonia Livingstone, who was part of the drafting group for general comment number 25, stressed the need for a comprehensive approach that ensures children’s privacy rights are incorporated into the design of digital products and services.

The .Kids initiative was discussed as an example of efforts to promote child safety online.

This initiative, which focuses on children’s rights and welfare, enforces specific guidelines based on the Convention on the Rights of the Child. It also provides a platform for reporting abuse and restricted content. Edmon Chung, in his presentation on the .Kids initiative, highlighted the importance of protecting children’s safety online and addressed the issue of companies exploiting children’s data.

USAID’s involvement in digital innovation and international development was also mentioned.

The organisation works with colleagues in various countries and supports initiatives related to digital innovation. Their first digital strategy, launched in 2020, aims to promote technological innovation and the development of inclusive and secure digital ecosystems. USAID is committed to protecting children’s data through initiatives such as promoting awareness, aligning teaching methods with EdTech tools, and working on data governance interventions in the public education sector.

The discussion also brought attention to the risks children face in the digital environment, including online violence, exploitation, and lack of informed decision-making regarding data privacy.

It was emphasised that digital tools play a significant role in protecting children and aiding in areas such as birth registration, family tracing, case management, and data analysis. However, the risks associated with digital tools must also be addressed.

Civil society organisations were recognised for their crucial role in advocating for child-centered data protection.

They engage in advocacy related to law and policy, and their efforts have resulted in updated guidance on children’s privacy in educational settings and the investigation of violations of children’s privacy laws. The importance of involving children in data governance and policy development was highlighted, along with the need for meaningful consultation and education.

The discussion underscored the need for age verification mechanisms and risk assessments to ensure the protection of children online.

The development of age verification products that comply with privacy laws was seen as a vital step. Concerns were raised regarding the lack of transparency and oversight in current age assessment methods. It was suggested that products should be designed for difficult and risky scenarios to benefit all users.

Overall, the insights from the discussion highlighted the importance of protecting children’s privacy in the digital environment and called for action to create a safer and more inclusive online space for children.

Report

During the discussion, various topics relating to data governance and the impact of digital technology on protecting children’s rights and promoting their well-being were covered. One significant highlight was the influence of the United States Agency for International Development (USAID) in technological innovation, as well as its efforts in humanitarian relief and international development.

With 9,000 colleagues spanning 100 countries, USAID plays a significant role in funding initiatives to improve digital literacy, promote data literacy, enhance cybersecurity, bridge the gender digital divide, and protect children from digital harm.

Digital tools were identified as increasingly important for adults working to protect children.

These tools, such as birth registration systems and case management support, help facilitate the protection and integration of children into broader social and cultural norms. However, it was acknowledged that increased digital access can also lead to increased risks, including cyberbullying, harassment, gender-based violence, hate speech, sexual abuse and exploitation, recruitment into trafficking, and radicalization to violence.

The negative consequences of these risks were highlighted, such as limited exposure to new ideas, restricted perspectives, and impaired critical thinking skills due to data algorithms.

To address these risks, it was argued that better awareness, advocacy, and training for data privacy protection are crucial.

The lack of informed decision-making about data privacy was identified as an issue that transfers power from the data subject to the data collector, with potentially long-lasting and harmful consequences. Recognizing the need for safer digital environments, data governance frameworks were presented as a solution to mitigate the risks of the digital world.

These frameworks can create a safer, more inclusive, and more exciting future.

The importance of responsible and ethical computer science education for university students was emphasized. Collaboration between USAID and the Mozilla Foundation aims to provide such education in India and Kenya, with the goal of creating technology with more ethical social impacts.

The integration of children’s rights in national data privacy laws was also advocated, highlighting the need for a legal framework that safeguards their privacy and well-being.

Empowering youth advocates for data governance and digital rights was seen as a positive step forward, with projects like Project Omna, founded by Omar, a youth advocate for children’s digital rights, gaining support and recognition.

The suggestion to utilize youth networks and platforms to inspire solutions further highlighted the importance of involving young voices in shaping data governance and digital rights agendas.

The tension between the decision-making authority of adults and the understanding of children’s best interests was acknowledged.

It was argued that amplifying children’s voices in the digital society and discussing digital and data rights in formal education institutions is necessary to bridge this gap and ensure the protection of children’s rights.

Notably, the need for a children’s Internet Governance Forum (IGF) was highlighted, recognizing children as stakeholders in internet governance.

It was agreed that raising awareness and capacity building are essential in bringing about positive changes for children within this sphere.

In conclusion, the discussion shed light on the crucial role of data governance and digital technology in safeguarding children’s rights.

It emphasized the importance of responsible technological innovation, data privacy protection, and the inclusion of children’s voices in decision-making processes. By addressing these issues, society can create a safer and more inclusive digital world for children, where their rights are protected, and their well-being is prioritized.

Report

The discussions revolved around the significance of safeguarding children’s right to privacy in the digital realm and its interlinkage with other child rights. It was emphasised that children’s privacy is essential as it directly influences their safety, dignity, and access to information.

Sonia Livingstone, an expert in the field, played an instrumental role in the drafting group for general comment number 25, which specifies how the Convention on the Rights of the Child applies to digital matters.

Furthermore, it was noted that children themselves possess an understanding of and are actively involved in negotiating their digital identity and privacy.

To understand their perspective, a workshop was conducted by Livingstone to gauge how children perceive their privacy and the conditions under which they would be willing to share information globally. It was found that children universally recognise the importance of privacy and view it as a matter that directly affects them.

The introduction of age-appropriate design codes, tailored to cater to a child’s age, was highlighted as an effective regulatory strategy to protect children’s privacy.

These codes have been implemented in various international and national settings, ensuring privacy in accordance with the child’s developmental stage. Livingstone, alongside the Five Rights Foundation, spearheaded the Digital Futures Commission, which sought children’s views to propose a Child Rights by Design approach.

Addressing the identification of internet users who are children for the purpose of upholding their rights online was identified as another crucial aspect.

Historically, attempts to respect children’s rights on the internet have failed because the age of the user was unknown. It was emphasised that a mechanism is needed to determine the age of each user in order to effectively establish who is a child.

Regarding the implementation of age verification, it was suggested that a new approach is needed, involving third-party intermediaries for age checks.

These intermediaries should operate with transparency and accountability, ensuring accuracy and privacy. However, it was acknowledged that not all sites and content necessitate age checks, and a risk assessment should be conducted to determine the appropriateness of such checks. Only sites with age-inappropriate content for children should require age verification.

The role of big tech companies in relation to age assessment was also discussed.

It was posited that these companies likely already possess the capability to accurately determine the age of their users, highlighting the potential for collaboration in ensuring child rights protection online.

Furthermore, the importance of companies adopting child rights impact assessments was stressed.

Many companies already understand the importance of impact assessments in various contexts, and embedding youth participation in the assessment process is seen as crucial. Consideration should be given to the full range of children’s rights.

There were differing perspectives on child rights impact assessments, with some suggesting that they should be made mandatory for companies.

It was argued that such assessments can bring about significant improvements in child rights protection when integrated into company processes.

The active involvement of children and young people in the development of data protection policies was also highlighted as a key recommendation.

Their articulate and valid perspectives should be taken into account to ensure effective policy formulation.

Finally, the importance of adults advocating for the active participation of young people in meetings, events, and decision-making processes was emphasised. Adults should actively address the lack of youth representation and ensure that young people have a voice and influence in relevant discussions.

In conclusion, the discussions centred on the necessity of protecting children’s privacy in the digital environment and its alignment with other child rights.

Various strategies, including age-appropriate design codes and third-party intermediaries for age verification, were proposed. The involvement of children, youth, and adults in policy development and decision-making processes was considered pivotal for effective protection of children’s rights online.

Report

The discussion revolves around several key issues related to children’s data protection and legislation. One focal point is the importance of understanding international children’s rights principles, standards, and conventions. The UN Convention on the Rights of the Child features prominently as a widely ratified international human rights treaty that enshrines the fundamental rights of all children under the age of 18, serving as a foundational document in safeguarding children’s rights.

Another significant aspect highlighted is the need for appropriate data collection, processing, storage, security, access, and erasure.

It is emphasized that organizations should only collect data for legitimate purposes and with the consent of parents and guardians. Moreover, these organizations should use children’s data in a way that is consistent with their best interest. Implementing adequate security measures to protect children’s data is also underscored as crucial.

Consent, transparency, data minimization, data security, and profiling are identified as major issues surrounding personal data collection, processing, and profiling.

It is mentioned that children may not fully understand what it means to consent to the collection and use of their personal data. Additionally, organizations may not be transparent about how they collect, use, and share children’s personal data, making it difficult for parents to make informed decisions.

The over-collection of personal data by organizations is also highlighted as a concern.

The need for strengthening legal protection, improving transparency and accountability, as well as designing privacy-enhancing technologies, is emphasized as ways to address the issues related to children’s data.

Governments can play a role in strengthening legal protections for children, such as requiring parental consent and prohibiting organizations from profiling children through targeted advertising. It is also mentioned that educating parents and children about the risks and benefits of sharing personal data online is crucial.

Technologists are encouraged to design products and services that collect and use less personal data from children.

There is a global focus on legislation discussions that will impact child safety. Measures such as the Digital Services Act and Digital Markets Act in the European Union, as well as the UK online safety bill, are mentioned as examples of legislation that will have an impact on child safety.

In the context of the United States, there is a gap in legislation related to assistive education technology (ed tech) in schools.

Existing bills mostly focus on access, age verification, policies, and education, rather than addressing the usage of assistive technology.

There is also concern about the challenges faced in passing comprehensive legislation related to children’s data, particularly due to competing interests and a divided political landscape.

It is acknowledged that despite the proliferation of data and data-related issues concerning children, passing effective legislation proves difficult.

The dataset analysis also reveals the need to educate legislators about the rights and principles of children. Often, legislators may not be adequately informed about the rights of children and the specific meaning of rights like privacy and freedom of expression in the context of children.

The importance of including children in decision-making processes is emphasized as it makes legislation child-centric and serves the intended purpose well.

Inclusion of children in the legislative process ensures that their voices and perspectives are heard and considered.

The analysis also highlights the necessity of considering the needs of children from diverse backgrounds. It is crucial to acknowledge and address the unique challenges and requirements of children from different social, cultural, and economic circumstances.

Furthermore, the inclusion of children as active participants in conversations about their well-being is stressed.

This can be done through their participation in surveys, focus groups, workshops, and empowering them to advocate for themselves in the legislative process.

There is a suggestion for children to be represented on company advisory boards, emphasizing the importance of their inclusion and representation in corporate governance.

In conclusion, the discussion delves into various aspects of children’s data protection and legislation, shedding light on key issues and suggestions for addressing them.

It emphasizes the significance of understanding international children’s rights principles, implementing appropriate data collection and processing practices, ensuring transparency, accountability, and consent, and designing privacy-enhancing technologies. Additionally, it highlights the importance of including children in decision-making processes, considering their diverse needs, and strengthening legal protection.

However, there is recognition of the challenges posed by political division and the difficulties in passing comprehensive legislation.