Some cameras come with default passwords that are very easy to guess, and do not prompt the parent to choose a new password.

If the parent does not change the password, then it can be very easy for hackers to guess and gain access to the video stream.

CloudPets are soft animal toys that allow children to record voice messages and play the messages of family and friends.

Last year millions of these messages were found stored online unprotected, with strangers accessing them. Some shops have since stopped selling them as they are so concerned. Which? and the Information Commissioner's Office have both warned that similar issues could exist for other connected toys.

Amazon Echo is one example of a smart speaker. Amazon stores an audio recording and transcript of every command or question put to the Echo on their servers.

If someone gains access to a person's account, they can read what people have asked or said to the Echo.

According to Barclays, three key pieces of information are required to steal someone’s identity: their name, date of birth, and address – all of which can be found on many children's profiles. Children might also reveal personal information when taking part in social media campaigns, e.g. details of mental health conditions.

Many parents share their photos with strangers: a fifth have public Facebook profiles, and over half of parents are Facebook friends with people they do not really know.

Research by Barclays suggests that by 2030, information shared by parents online will lead to two-thirds of the identity theft committed against young people.

Browsing data is very valuable. Online platforms such as Amazon, Google and Facebook can use it to work out which products would appeal to an individual and then sell advertising space to companies that offer those products. This affects what people see when they go online.

Research by Yale Privacy Lab and Exodus Privacy into more than 400 Android apps found that three quarters contained trackers, which collect information such as the user's behaviour on the app or their physical location – often without the user being aware. For example, Talking Angela (an app where children play
with an animated cat) contains 16 trackers.

There is a trend towards increased sharing of data in health – e.g. between NHS organisations (such as GP surgeries) and companies that work with them.

This might help improve the experiences of patients, including children – but it also means that patient data is passed between more organisations.

A new digital version of the Red Book is being developed and trialled. The aim is to ensure that health professionals have all the information they need to make the right decisions for children.

For the first time, health professionals will be able to see the Red Book without asking parents to show it to them.

Boots Advantage Card is an example of a loyalty scheme. Card holders who are expecting a baby can join the Parenting Club. Parents give the due date for their child and are then sent vouchers and gifts tailored towards their child's age, until the child is three and their membership ends. However Boots continues to use the information about the child to send offers to the parent.

The Oxford Internet Institute note that on its website, CAPITA lists 96 partners. The company reports that their partners must have the same data security procedures and values as them, but there is little information available about what data any of its partners are able to see when they achieve partner status.

Schools use biometric data to register pupils, record books being borrowed from the library and in canteens with cashless catering.

Some experts have expressed concerns that biometric data collected in schools could in theory be combined with biometric data from other sources to create a sophisticated data record.

ClassDojo's privacy policy is more than 12,000 words long. Data is shared with 31 other organisations, each of which have their own privacy policies too.

Research by the Norwegian Consumer Council into four location tracking watches found that none of them allowed users to delete their accounts. This means that the child's data (which would normally include name, location history and more) is kept stored even after the watch is no longer used. Some don't even let users delete data from the watch itself, meaning that it can be seen by others if it is resold.

Transport for London keep the data about an individual journey made using a Zip card in a child's records for eight weeks. After that point the journey data is removed from the child's account so the journey can't be linked to the person who made it.

This process is called “pseudonymisation” – sometimes it is irreversible and the data can never be linked back to the person it is about, but sometimes it can be reversed.