G7 data protection authorities call for "child protection by design"
Young people in particular must be protected from the misuse of their personal data and "dark patterns", the G7 countries' inspectors agree.
(Image: TommyStockProject/Shutterstock.com)
The round table of the G7 data protection authorities is calling for child protection to be built directly into information and communication technology. To this end, it is calling for measures that ensure "age-appropriate child safety by design". This emerges from a declaration for more innovation and the protection of minors by safeguarding privacy, which was adopted by the supervisory bodies of the seven major industrialized countries, including Germany, at their meeting last week in Ottawa, Canada.
In the area of data protection, according to the resolution, the propagated approach can mean, for example, "deactivating or restricting" the tracking of users who are demonstrably children and young people for targeted advertising. In the EU, this is prescribed by the Digital Services Act (DSA). It is also essential to communicate data protection practices to children and their parents in a clear, understandable and age-appropriate manner. Manufacturers and operators must ensure that products and services do not contain misleading or manipulative design patterns ("dark patterns") that "mislead children into making wrong decisions regarding data protection or into harmful behavior".
Online age checks are fraught with risk
There is also an appeal to adapt data protection impact assessments "to consider the specific perspectives and experiences of children". For certain processing of personal information, it is advisable to obtain parental consent. The inspectors also note that many countries are currently planning to introduce age verification systems (AVS). They refer to guidelines from the European Data Protection Board (EDPB), for example, according to which age verification procedures on the internet pose particular risks. The Round Table emphasizes that implementations must be "in line with the principles of data protection".
Videos by heise
With their statement, the G7 data protection authorities also want to help developers with practical tips on how to use child and youth protection appropriately. Effectiveness and risk reduction must be regularly reassessed. Deputy Federal Data Protection Commissioner Andreas Hartl emphasizes: "Data protection and child protection must be considered together from the outset." This applies "from the development to the use of new technologies".
(mack)
