Sweeping Changes To Data Protection For Schools

Britain unveiled sweeping new online protections for children last Tuesday.  The rules will require social networks, gaming apps, connected toys , schools, universities and other online services that are likely to be used by people under 18 to overhaul how they handle those users’ personal information.

The new rules are the most comprehensive protections to arise from heightened global concern that popular online services exploit children’s information, suggest inappropriate content to them and fail to protect them from sexual predators. The new rules will soon be submitted to Parliament, which called for online standards for children as part of a 2018 data protection law and is unlikely to change them.

The code should go into effect eight to 10 weeks after it is sent to the lawmakers.

“This is a significant shift in the landscape,” said Adnan Zaheer  “The rules now state Schools & companies to think about, to focus on and to be accountable for the way they are serving children.”

With recent fines hitting the headlines such as:-

Over Half Of All UK Schools Are ‘Not Fully Compliant With GDPR’

700 data breaches at schools & academies reported in just the last year

The new rules, called the Age-Appropriate Design Code, are intended to give minors in Britain special rights and protections online — much like in the real world where children generally have the right to attend school and are prohibited from going to bars. The code lays out 15 different principles that sites, apps and other online services likely to have users under 18 in Britain must follow.

Among other things, it prohibits such services from influencing minors to share unnecessary personal information or select weaker privacy protection

It also requires sites and apps to collect as little personal information from minors as possible. And it prohibits online services from using children’s personal data in ways that could be detrimental to them, such as by automatically recommending sexual or violent content based on their searches. That is of particular concern in Britain, where a teenager, Molly Russell, committed suicide, which her family said was influenced by her seeing images of self-harm on Instagram. Instagram subsequently banned images of graphic self-harm.

The new British children’s rules may require online services to make cultural changes as well as practical ones. The code requires online services to put the best interests of children first, above their bottom lines.

Companies with major violations of the code could face fines of 4 percent of their annual worldwide revenue.

The rules underscore a growing movement by regulators on both sides of the Atlantic to rein in tech industry data-mining practices. In September, Google agreed to pay a $170 million fine and make changes to settle charges that its YouTube service violated the children’s online privacy law in the United States.

“We’re going to see the spread of significant data protection laws for children in Europe, Australia, New Zealand and Africa,” said Baroness Beeban Kidron, a children’s digital rights advocate who is a member of the House of Lords. “I would like to suggest that the vast majority of American parents would want this for their children as well, if only they knew this was something they could have.”

If you are a School, Academy or University

Let us help you to get compliant with GDPR today…