On behalf of the Dutch Consumer Organisation (Consumentenbond), the ILP Lab drafted a report regarding the data protection of children on social media platforms.
Under the GDPR, platforms must offer ‘specific protection’ to children with regard to the processing of their personal data (recital 38 GDPR). The GDPR provides little guidance on the interpretation of this term. The report focused on how the term ‘specific protection’ should be interpreted by social media platforms.
The report concludes that social media platforms should provide specific protection for children with regard to three different aspects: their privacy policies, profiling, and personalised advertising:
First, personal data of children under 16 years should not be processed for personalised advertising. Contextual or untargeted advertising should be permitted. When children are targeted with contextual or untargeted advertising, this should be clear to them.
Second, profiling children for personalised content should not be based on algorithms. Content children see should only be based on preferences they indicate themselves.
Third, as platforms process data from children differently than data from adults, they should create separate privacy policies for children. These should be short, in clear language, supported by audio-visual media and they should be in the spoken language of the child. Platforms should create a helpdesk for questions concerning their account and their personal data.
The report can be downloaded below. It was drafted by Dorine Dollekamp and Tommy Fitzsimons.