Data PrivacyNavigating Childeren’s Data Privacy in Educational and Gaming Apps

INTRODUCTION

Socialization of children is no longer limited to family functions and events. Much of the early development of children has shifted online, whether it be through online classes, social media or online groups/forums. In the present digital age social interactions/activities have largely shifted or at least have more easy substitutes in the virtual world. People have shifted to virtual applications for grocery shopping, e-commerce websites for clothing, payment gateway applications for completing transactions, online gaming and OTT platforms for entertainment and a litany of social media apps for connecting with friends and new people.

Adapting to this new era, parents have become lenient in providing electronic devices to their children even from a young age deeming them as essential for kids of this digital age. However, parents often underestimate the usage and repercussions of the devices on their children assuming it would only be limited to the educational purposes; however, due to the inquisitiveness of children they inadvertently end up falling prey to cybercrimes and being unethically used as data subjects.

EDUCATIONAL APPLICATIONS

Educational websites become integral to modern learning, with interactive lessons, engaging content, and personalized learning experiences. Acknowledging the positive impact of these platforms lays the groundwork for understanding the necessity of protecting children’s data but, at the same time, it is equally endangering the children’s privacy as these learning applications collect the children’s data.

There have been instances in 2023 where some leading educational websites were indulged in practices such as collecting the android identity of devices, storing fingerprints of children to identify the device, collecting precise location data, and Installing Software Development kits (hereinafter referred to as “SDK”) which were not necessary for the functioning of the app but rather collected information which would be used to send personalised/targeted advertising.

GAMING APPLICATIONS

A majority of mobile gaming applications use the children’s data for third-party advertising purposes. There are an array of instances where parents would allow their kids to install simple, childish seeming free-to-download games. These games use bright colours to cater specifically to children which go on to include addictive playing patterns that eventually require in-game resources which are need to be purchased in order to progress further in the games.

Many such apps used to provide the option to add the cost to the service provider charge which would result in children unknowingly making purchases which would keep adding on to the end of the month connection bill.

Many such games also track children’s data using third-party ads in the child’s app experience. Therefore, extra precaution should be taken that children must not indulge in sharing financial details or payments made in the game for reaching to the next level of the game or for any additional gadgets. Netizens are also prone to being traced for any search that they make on Google or any other platform which is why customized advertisements are at peak.

LEGAL FRAMEWORK ON ETHICAL TRACKING OF CHILDREN’S DATA

1. Children’s Online Privacy Protection Rule (hereinafter referred to as “COPPA”)

COPPA in the United States of America imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age. Although it is a US law, it is applicable to children in India as well as many famous websites and applications used by children are operated out of American websites.

 2. General Data Protection Regulation (hereinafter referred to as “GDPR”)

The General Data Protection Regulation is a European Union regulation on information privacy in the European Union and the European Economic Area. The Data fiduciaries must write clear privacy notices for children so that they can understand what will happen to their personal data, and what rights the children have. Children have the same rights as adults over their personal data. These include the rights to access their personal data, request rectification; object to processing and have their personal data erased.

 3. California Consumer Privacy Act, 2018 (hereinafter referred to as “CCPA”)

The right to Opt-In for kids mandates the businesses to only sell the personal information of a child that the businesses know to be under the age of 16 if they get affirmative authorization which is “opt-in” for the sale of the child’s personal information. For children under the age of 13, the same opt-in must be confirmed by the child’s parent or guardian. For children who are at least 13 years old but under the age of 16, the opt-in can be confirmed by the child.

 4. Digital Personal Data Protection Act, 2023 (hereinafter referred to as “DPDP Act, 2023”)

DPDP Act, 2023 which has been recently passed contains specific additional provisions to penalise Data Fiduciaries and Significant Data Fiduciaries who violate the data rights of minors:

• Section 2(f) defines “child” as an individual who has not completed the age of eighteen years
• Section 2(i) describes a child, and includes the parents or lawful guardian of such a child.
• Section 9 of the DPDP Act, 2023 describes the Processing of Personal Data of Children:
• The Data Fiduciary shall obtain the consent of the parent or guardian of a child before processing any personal data of the child. Moreover, the data fiduciary is not allowed to conduct tracking or behavioural monitoring of children or employ targeted advertising aimed at them. Penalty for breach in observance of additional obligations in relation to children under section 9 is mentioned under the Schedule which states that it may be extended to Rupees Two Hundred Crores ( 200 Crores).

GLOBAL BEST PRACTICES

1. Educate children about the importance of privacy and the dangers of cyber predators

Children and teenagers need to know that once any personal data is shared with others, they will not be able to delete or remove it completely, and the digital footprint of such information shared will prevail. With the rise in cyberattacks and threat of data leakage, parents or guardians need to educate their children about the potential dangers of unwarranted digital footprints and unregulated sharing of personal information which includes but is not limited to, financial frauds, viruses, threats, and inadvertent exposures.

2. Establishing Open Communication

It is pivotal to create an environment where children feel comfortable discussing their online experiences. Regularly talking to them about the importance of privacy and the potential risks associated with sharing personal information online, encouraging them to come speak freely with the family members if they encounter anything online that makes them uncomfortable, create a safe and transparent space for children.

3. Setting Age-Appropriate Screen Time Limits

Establishing restrictions on how much time children can spend on screens, including educational, gaming and social media apps aid in regulating access to the Internet. It is essential to consider age recommendations from experts and ensure that screen time aligns with their developmental needs.

4. Implementing Parental Controls and Privacy Settings

Explore and use built-in parental control features on devices and apps to restrict access to age-inappropriate content. Set up privacy settings on social media platforms, gaming consoles, and other apps to control who can interact with children. Parents or guardians should regularly review and update these settings as the child grows and their online activities evolve.

AMLEGALS REMARKS

Media and digital devices are an integral part of our world today. The benefits of these devices, if used moderately and appropriately can be great, however, excessive reliance on online applications and websites results in children becoming addicted to these devices and rely completely upon them for class homework and other usage.

Not only does this hinder their development and critical thinking at a very tender age, but it allows private organisations to start tracking and, much more concerningly, influence the thinking and development of children at nascent stages of their lives when they are very easily influenced.

Government and policymakers need to ensure the effective implementation of a verification plan for children in order to disallow access of certain websites, as presently children can easily access the same by just ticking a box that asks for confirmation if the person if 18+ or not.

For any query or feedback, please feel free to get in touch with dataprivacy@amlegals.com or tanmay.banthia@amlegals.com or mridusha.guha@amlegals.com