Data and digital rights: what you should know about children’s ‘apps


Minors interact with technology at an increasingly early age, which raises concerns about protecting their privacy, security and confidentiality in the digital environment.

Despite the fact that in recent years laws have been passed, incorporating specific articles into existing legislation, and creating rules to regulate cookies and illegal advertising, many adults do not know what rules there are or what they should take into account when the most youngsters use mobiles and tablets.

The regulations on the protection of minors in the digital sphere are varied and different according to each country. The United States was a pioneer and since 2000 has had the Children’s Online Privacy Protection Act (known as the Coppa Law) which regulates the way in which apps , games and websites are authorized to collect and process personal information from minors. 13 years old. This rule is supplemented by the Children’s Internet Protection Act (CIPA) on inappropriate content on the Internet.

In Europe, Regulation (EU) 2016/679 regulates the processing of personal data and the free circulation of these data and specifies which ones affect minors and, therefore, require special protection.

This consideration implies, as highlighted by the Commission for Minors of the Spanish Professional Association for Privacy (APEP) , that developers must inform children and their parents about the processing of their personal data in a “clear, simple and easy” language. to understand for his age ”.

In Spain, Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights establishes that, with regard to the processing of personal data, only those over 14 years of age can give their consent directly (Article 7).

What about apps ?

The apps are regulated according to the aforementioned regulations. However, different investigations have shown that data protection legislation is not always complied with in applications aimed at minors .

It is necessary to be aware that some applications can collect and share personal information, allow integrated purchases, facilitate access to social networks, include inappropriate advertising, monitor the location of the minor, use the camera or microphone to record their reactions when they are interacting with the device and share all this with third parties.

To ensure that minors are in a safe environment, adults must not only know the current legislation, but also take into account a series of aspects regarding security , privacy and confidentiality that are summarized below:

  1. Security . Incorporation of parental control with instructions on whether it is done from the device or the app , with an age-appropriate blocking system to avoid being easily mocked.
  2. Privacy and confidentiality . The information must be on the developer’s website, the store and the application itself, always in a visible place.
  3. Applicable legislation . Know what law affects the app and its geographical scope; validity of the privacy policy and information system to users in case of changes.
  4. Information collected. Express declaration not to collect data from minors or, if collected, a clear and unequivocal indication of parental authorization, to know what data it is if it is collected automatically and if it is transferred to third parties.
  5. Use of information . Who collects it, if it is shared with other companies and the purpose.
  6. Data storage. Time of conservation of personal data.
  7. In- app purchases . The applications must expressly indicate in the description of the store if they include integrated purchases ( In-App Purchase ).
  8. Advertising. It is necessary to check if the app incorporates advertising and, if so, if it is only for its products or also for third parties.
  9. Social media. It is convenient to check if the application allows access to social networks or if this access is limited to adults through a control system

As stated by Demian Falestchi , CEO of Kids Corp , it is essential to create a safe and relevant digital ecosystem for children that guarantees innovative and entertaining experiences through tools that empower brands and content creators.

For this, it is not only necessary to have a legal framework, but also to try that the applications, available in stores in different geographical areas, are as homogeneous as possible with regard to the collection and use of data, and especially at the age considered as minimum for parental consent.

It is essential that parents control the applications that children download and get involved in their use, that they use effective parental control tools and especially that they read and check the privacy policy before downloading them, since minors do not even have the training, not mature enough to do it.

In addition, it is important to emphasize the need to force developers to write policies in a clear and understandable way with simple texts translated into the language of the app user .

But also that mechanisms are designed to make it possible to confirm, unequivocally, that an adult is the one who is authorizing the collection of data, if it is done, as well as to verify what is being done with the data that is shared with third parties.

App stores can put pressure on this by verifying that a developer’s privacy policy actually meets the requirements before authorizing their products to be added to the catalog.

Author Bios: Araceli Garcia Rodriguez is a Teacher, Librarianship and Documentation and Rachel Gomez-Diaz is Professor of Library Science and Documentation both at the University of Salamanca