Close
This article was written by Joseph Brookes and published here
Children in Australia are being pervasively tracked when they go online without proper regard for their privacy or the risks of collecting their data, according to technology and privacy experts.
Driven by a multibillion-dollar children’s advertising market, private companies are harvesting personal information to build psychographic profiles and data sets — usually for use in targeted messaging — in an opaque online advertising industry.
In some jurisdictions, data protection laws and regulators have attempted to rein in the practice with new standards and large fines for breaches. But Australia, which critics say lacks robust privacy protections generally, is falling further behind because of an absence of enforceable protections for children’s privacy or effective avenues for recourse when breaches occur.
“Our research estimates that by the time a child reaches the age of 12, more than 72 million pieces of personal data have been collected about them by advertising technology designed for adults,” says Dylan Collins, CEO of Super Awesome, a “kidtech” advertising company.
“This data is being captured on children who have no understanding about what they’re giving up or even that the practice is happening.”
Collins tells Which-50 the data is typically being collected for advertising and product recommendations — an exchange most adults do not fully understand.
But it is also increasingly being used for automated decisions, according to Collins.
“That can have a life-changing impact. For example, [it could] affect a credit score, school admission or job eligibility.”
Governments and regulators around the world appear to agree the risks easily outweigh most of the benefits children receive when they exchange their information for the use of online services like social media.
Early this year the UK privacy watchdog unveiled a strict new code of practices for online service providers like Google and Facebook, requiring them to provide a “built-in baseline of data protection” for younger users, including turning off tracking and targeted ads by default and only allowing data collection essential to the services children are actively and knowingly engaged in.
The code builds on Europe’s existing data regulations (known as GDPR) and its specific provisions for kids, commonly known as GDPR-K, which already limits data collection on young people and otherwise requires informed, unambiguous consent from parents.
The platform giants and digital advertising groups fought to water down the new UK code with limited success, arguing that stopping data collection could prevent them from delivering the services altogether.
But UK regulators were clear: online services must be designed and operated with the best interests of children in mind.
“In a generation from now, we will look back and find it astonishing that online services weren’t always designed with children in mind,” UK Information Commissioner Elizabeth Denham said in January.
“There is no doubt that change is needed. The code is an important and significant part of that change.”
