Children’s data isn’t child’s play.
If you have a product or service that collects information from children, you should:
- Be transparent. No, really. And figure out the best ways to be transparent for kids, which includes just in time notices, video and audio. It is a good idea to enlist the help of UX/CX experts and to look for upcoming guidance from the Information Commissioner’s Office.
- Conduct a data protection impact assessment. This is mandatory for companies under the ICO’s Age Appropriate Design Code and also under the new US privacy laws, which classify the information of a “known child” as sensitive information requiring care.
- Ask parents and kids. It is important to not just ask about how to best sell your product (do that too), but also about how to best protect their information. Make sure they understand your interface.
- Adopt data protection by design and by default. It is best to turn off geolocation, sharing of information etc. When a child goes to change the default choice to something less safe, alert them to the meaning of this via a pop-up.
- Don’t. Use. Dark. Patterns. Not just for data collection or opt out (those are already prohibited by GDPR, CPRA, CDPA, etc), but also not for nudging and inappropriately impacting behavior. The FTC and EU regulators are looking at this closely.