Why think about the Privacy Policy of products or services focused on children?
As of generation Z, children are born immersed in technology. They are digital natives. This means that this audience already has consumption and education demands for the digital environment from an early age. Companies that operate focused on products and services for the digital market need to worry about the restrictions and rules for the treatment of personal data of children who access or consume their product or service. Even the Brazilian General Data Protection Act (or Lei Geral de Proteção de Dados, or simply LGPD in Portuguese) has dedicated a specific section to the processing of personal data of children and adolescents.
Children and adolescents are in a developing state, and are often less aware of the risks and consequences of processing their personal data on entertainment, gaming, or even online education platforms. Because of this, LGPD itself states that the processing of personal data of children should be done according to the best interests of the minor. In addition, the minor’s parents or guardians must be aware of and consent to the processing of the child’s personal data.
One way to implement these obligations brought by the law, and reinforce the company’s commitment to the personal data of its customers, its users, and those responsible for the children, is to build or review the company’s Privacy Policy, considering its target audience and user experience.
Customer-focused privacy policy
The Privacy Policy is a document that informs users about the of personal data made by that company, product or service, indicating what personal data is being collected and how it is used.
To consider compliance with the legislation, and best practices for communication and transparency about the treatment of personal data, the element is to understand who will be the first individual of contact with the service or product offered.
A video streaming platform, for example, may have all the content aimed at the children’s audience, but to purchase the service it is mandatory that the person responsible for the child performs the access to the platform making the purchase. In this case, the first contact with the service is made by the guardian, of legal age, who may authorize the processing of the minor’s personal data even before the company has any contact with the minor.
The Privacy Policy can be entirely focused on communicating with the guardian, indicating the purpose of the processing of the child’s personal data, and the life cycle of the personal data for each product or service.
Another situation would be an online game site, without any access barrier, that is usually located and accessed by the child. In this case, the first contact with the product or service will be made by the minor, who has no autonomy to authorize or consent to the processing of his or her data.
Thus, although the Privacy Policy also needs to make clear to the legal guardian about the treatment of the child’s personal data, it is even more important that, from the first contact with the company, the child is notified of the need for support from his or her guardian.
This alert, more effective than a bold pop-up, can come focused on the child, with playful communication and accessible, making them request the help of their parents or guardians, using various resources, such as an explanatory video, for example.
Using information design to your advantage
Art. 14 §6, of the LGPD, states that information about the processing of data of children and adolescents should be transmitted in a simple, clear and accessible way, considering the user’s development. Thus, information design resources can assist in the communication and transparency of the information detailed in the Privacy Policy.
Visual law techniques can be applied, for example, using visual resources to facilitate the understanding of the message, adapting the communication to its recipient.
Some countries are already seeking to regulate more effectively the protection of children’s and teenagers’ data. The UK’s Information Commissioner’s Office (ICO), for example, has made available a code of practice for online services that considers age appropriate design. This document is called “a code of practice for online services”. The guide outlines some design considerations for different age groups, and how to take this into account when communicating
Concern for user privacy in companies targeting children is essential to gain the trust of the child’s parents or legal guardians. But efforts and investments in data governance and information security need to be translated effectively to the customer or user of the product or service. Thus, the investment in the construction or revision of the Security Policy should consider, besides the legal aspects, the strategy and effectiveness of the communication of the information that will be presented, focusing on the customer.
References
http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm
How can I help you?