Introduction

The digital age has significantly altered the way in which children exercise and realize their rights. Children can engage, communicate, share, play, and learn in previously unimaginable ways as a result of the increase in access to the internet and other digital technologies.¹ Digital technology and connectivity are fundamentally becoming part of the day-to-day lives of children informing their interactions and education. This has generated both unprecedented opportunities and challenges. We explore some of the opportunities and challenges in the preservation of child safety in the digital age through the data protection lens and ways in which privacy policies and data protection laws can ensure child safety online and offline.

Privacy and data protection from a Children’s Rights Perspective

UNICEF through its Guidelines for Industry on Online Child Protection Report 2020² notes that the digital age has amplified the existing risks and challenges to children’s privacy rights and in some cases, introduced new ones. Child abuse, exploitation, and trafficking continue to exist offline and have become amplified through mainstream digital platforms and social media. Consequently, children are further exposed to cyberbullying, hate speech, harassment and exposure to unsuitable materials such as pornography and gambling sites.³

Research has noted that one in every three internet users in the world is below the age of 18.⁴ Sharing of information online has become more available to children by virtue of digitization and connectivity further amplified by access to digital platforms for educational purposes or for social interactions. Children often share information through videos and photographs, in some instances where parents open social media accounts for their children. Although there is a general understanding of children’s right to privacy especially online there is less understanding on how their right to privacy may be compromised by state, private sector and commercial actors.⁵

Children’s personal data is now constantly growing making it significantly important now more than ever to ensure that their right is preserved. Children’s right to privacy is enshrined under Article 16 of the UN Convention of the Rights of a Child highlighting the protection from arbitrary or unlawful interference with his or her right to privacy, family, home, or correspondence, or to unlawful attacks on his or her honour and reputation.’ In many respects this provision preempted the risks to child safety that would arise as a result of digitization and connectivity.

As data protection laws are being adopted and implemented along with other subsidiary laws on cybercrime, it is imperative that policy and governance also focus on the privacy and safety of children online. This will require a multi-stakeholder effort and the cooperation of different industry players and the different communities so as to ensure that all relevant players i.e government, civil society, and the private sector all work together to establish enforceable safety principles for practice establishing the accountabilities and responsibilities through policy and good governance.

Existing laws and policies: International, Regional and National

The African Union (AU) Agenda for Children 2040,⁶ which aims to foster a child rights-friendly Africa, mandates that the Member States provide universal access to affordable information and communication technology devices, content, and connectivity, as well as incorporate these elements into educational curricula. As the number of children who are connected to the Internet rises, there is an urgent need to ensure that all children can access and benefit from the digital world in a secure manner. In its most recent General Comment 25, the United Nations (UN) Committee on the Rights of the Child (CRC Committee) stated that “children’s rights shall be respected, protected, and fulfilled in the digital environment.” The South African Constitutional Court held in Centre for Child Law and Others v. Media 24 Limited and Others [2020]⁷ that “the right to privacy is even more urgent when dealing with children” because it is fundamental to a child’s still forming self-identity” emphasizing that the protection of the privacy of young people promotes respect for dignity, personal integrity, and autonomy. Article 16 of the United Nations Convention on the Rights of the Child (UNCRC) 1989⁸ states, “no child shall be subject to arbitrary or unlawful interference with his or her right to privacy, family, home, or correspondence, or to unlawful attacks on his or her honour and reputation.” When the UNCRC was adopted in 1989, the internet and digital services were not as prevalent as they are today; therefore, the right to privacy applied more to physical space and well-being than to digital space and digital rights.The General Data Protection Regulation (GDPR), a good international reference for privacy and data protection, stipulates that children need additional protection because they may be less aware of the risks, consequences, safeguards, and rights associated with the processing of their personal data.⁹

On a regional scale, the African Charter on the Rights and Welfare of the Child (ACRWC) addresses the protection of personal privacy in Article 10, which states that “no child shall be subject to arbitrary or unlawful interference with his privacy, family home, or correspondence, or to attacks on his honour or reputation.” However, parents or legal guardians shall have the right to exercise reasonable supervision over the behaviour of their children and may also consent to the processing of their children’s data; children’s data processing cannot occur without parental consent. The African Union Convention on Cyber Security and Personal Data Protection does not address the processing of children’s personal information. The ECOWAS Supplementary Act on Personal Data Protection seeks to ensure that all member states establish a legal framework of protection for the privacy of data related to the collection, processing, transmission, storage, and use of personal data. However, it does not provide specific guidance to states on processing children’s data.

Approximately 32 African states have enacted data protection laws, but not all explicitly protect children. For instance, the Data Protection Act, 2012 of Ghana and the Protection of Personal Information Act, 2013 of South Africa prohibit processing children’s personal information without parental or guardian consent. Another example is the Data Protection Act, 2019 of Kenya, which states that personal information about children cannot be processed without the consent of the child’s parent or legal guardian and in a manner that protects and promotes the child’s rights and best interests. When implementing laws that protect children’s rights, the child’s best interests take precedence.

Way forward

Given that children’s rights involve multiple stakeholders, including the state, non-state actors, regulators, educators, civil society, parents, and children, it would be crucial for these discussions to include all of the relevant stakeholders. The stakeholders would each contribute their own perspectives, which, when combined, would contribute to the effective promotion of the right to privacy of children. As such, the following recommendations are made:

• Adoption and implementation of child-sensitive legal frameworks that adequately protect the privacy rights of children.

• Adoption of child-focused policies that adhere to the African Charter on the Rights and Welfare of the Child and other international law recommendations on the right to privacy.

• Develop guidelines on children’s rights in the digital age, including the right to privacy in Africa, taking into account the roles and responsibilities of the state, parents, and private sector actors.

• Advocacy for communities educating children, parents, and teachers about children’s safety and their responsible use of ICTs.

 

The image is from www.istockphoto.com