Data can deliver an incredible range of benefits to individuals and society, but we do not know everything about how children’s data might be used – not just now, but also in the future, as children become adults.
The Children’s Commissioner is concerned that information collected about a child today might jeopardise their future, potentially affecting whether they are offered a university place, job or financial products (such as insurance or credit). She is worried by the risk of a child’s data being used to commit identity theft when the child turns 18.
Our aim has been to map the key points at which children data is collected and explore the possible implications of this.
Jump to section
In the home
Connected baby cameras
Connected (internet enabled) baby cameras allow parents to view a live video stream of their child remotely though an app or personal website. They are a new technology but becoming increasingly popular.
Some cameras come with default passwords that are very easy to guess, and do not prompt the parent to choose a new password.
If the parent does not change the password, then it can be very easy for hackers to guess and gain access to the video stream.
In the home
Connected toys
Like connected baby cameras, connected (internet enabled) toys are becoming increasingly popular. For many children they were the “must have” Christmas gift at the end of last year. It has been estimated that 224 million connected toys were shipped worldwide in 2017.
CloudPets are soft animal toys that allow children to record voice messages and play the messages of family and friends.
Last year millions of these messages were found stored online unprotected, with strangers accessing them. Some shops have since stopped selling them as they are so concerned. Which? and the Information Commissioner’s Office have both warned that similar issues could exist for other connected toys.
In the home
Smart speakers
The number of people who own smart speakers is growing rapidly – it doubled from 5% of the British population in autumn 2017 to 10% in spring 2018. Children in these homes could have their voice recorded as soon as they start speaking.
Amazon Echo is one example of a smart speaker. Amazon stores an audio recording and transcript of every command or question put to the Echo on their servers.
If someone gains access to a person’s account, they can read what people have asked or said to the Echo.
Worried by what you’re seeing? There are things you can do to minimise your data footprint.
Online
Children on social media
Over half of the UK’s 11–12 year-olds with internet access have a profile on a social networking site.
According to Barclays, three key pieces of information are required to steal someone’s identity: their name, date of birth, and address – all of which can be found on many children’s profiles. Children might also reveal personal information when taking part in social media campaigns, e.g. details of mental health conditions.
Online
Parents on social media
On average, parents with children aged zero to 13 share 71 photos and 29 videos of their child every year to social media sites. More are shared on private messaging apps such as WhatsApp.
Many parents share their photos with strangers: a fifth have public Facebook profiles, and over half of parents are Facebook friends with people they do not really know.
Research by Barclays suggests that by 2030, information shared by parents online will lead to two-thirds of the identity theft committed against young people.
Online
Browsing the web
When browsing the web and shopping online, people can reveal lots of details about themselves, including their age, gender, likes, dislikes, health conditions and more. Parents might also give away information about their children, e.g. when searching for products to buy for them.
Browsing data is very valuable. Online platforms such as Amazon, Google and Facebook can use it to work out which products would appeal to an individual and then sell advertising space to companies that offer those products. This affects what people see when they go online.
Online
Smart phones and tablets
Among eight to 11 year olds, 39% have their own smartphone and 52% have a tablet. Children frequently use apps on these devices.
Research by Yale Privacy Lab and Exodus Privacy into more than 400 Android apps found that three quarters contained trackers, which collect information such as the user’s behaviour on the app or their physical location – often without the user being aware. For example, Talking Angela (an app where children play
with an animated cat) contains 16 trackers.
Find out what we know and what we don’t know about how children’s data might be used in the future.
OUT AND ABOUT
Medical records
The average member of the public in England visits the GP five times per year. Children and older people have the highest consultation rates. Each time someone visits the GP their medical records are updated.
There is a trend towards increased sharing of data in health – e.g. between NHS organisations (such as GP surgeries) and companies that work with them.
This might help improve the experiences of patients, including children – but it also means that patient data is passed between more organisations.
OUT AND ABOUT
The Red Book
All new parents are given a paper booklet called the Red Book (or Personal Child Health Record). In this they record any illnesses, accidents or medication their child receives. GPs and Health Visitors also use it to record the child’s height and weight, vaccinations and other important health information.
A new digital version of the Red Book is being developed and trialled. The aim is to ensure that health professionals have all the information they need to make the right decisions for children.
For the first time, health professionals will be able to see the Red Book without asking parents to show it to them.
OUT AND ABOUT
Retail loyalty schemes
For years, supermarkets and high street shops have collected data about their customers through loyalty schemes. People signing up to these schemes may give out information about themselves or their family (including their children).
Boots Advantage Card is an example of a loyalty scheme. Card holders who are expecting a baby can join the Parenting Club. Parents give the due date for their child and are then sent vouchers and gifts tailored towards their child’s age, until the child is three and their membership ends. However Boots continues to use the information about the child to send offers to the parent.
OUT AND ABOUT
School databases
School databases contain lots of personal information in named records, including progress reports, exam results, details of any special educational needs and any absences or exclusions. 80% of schools in the UK use a system provided by one organisation, CAPITA SIMS, to log this data. Some information is also shared with the Department for Education and included in the National Pupil Database.
The Oxford Internet Institute note that on its website, CAPITA lists 96 partners. The company reports that their partners must have the same data security procedures and values as them, but there is little information available about what data any of its partners are able to see when they achieve partner status.
OUT AND ABOUT
Biometric data in schools
Biometric data is data related to features of a person’s body, e.g. fingerprints. In 2012-13, four in ten secondary schools were collecting biometric data – it’s likely that even more collect it now.
Schools use biometric data to register pupils, record books being borrowed from the library and in canteens with cashless catering.
Some experts have expressed concerns that biometric data collected in schools could in theory be combined with biometric data from other sources to create a sophisticated data record.
OUT AND ABOUT
Study and behaviour apps
There are lots of apps which teachers can use to help their students learn and manage their behaviour. For example, ClassDojo allows teachers to award positive or negative Dojo points in response to good or bad behaviour. It has been used by more than 70% of schools in the UK.
ClassDojo’s privacy policy is more than 12,000 words long. Data is shared with 31 other organisations, each of which have their own privacy policies too.
OUT AND ABOUT
Location tracking watches
Location tracking watches are aimed at children who aren’t old enough to have their own phone. They allow parents to track their children’s location and are sold as safety devices. Like connected toys, they are becoming increasingly popular.
Research by the Norwegian Consumer Council into four location tracking watches found that none of them allowed users to delete their accounts. This means that the child’s data (which would normally include name, location history and more) is kept stored even after the watch is no longer used. Some don’t even let users delete data from the watch itself, meaning that it can be seen by others if it is resold.
OUT AND ABOUT
Travel passes
Travel passes, such as Zip Oyster cards in London, are used by children to access free or discounted travel. A range of personal information is collected when signing up to or using these schemes, including personal details such as name, address and date of birth, as well as journey details.
Transport for London keep the data about an individual journey made using a Zip card in a child’s records for eight weeks. After that point the journey data is removed from the child’s account so the journey can’t be linked to the person who made it.
This process is called “pseudonymisation” – sometimes it is irreversible and the data can never be linked back to the person it is about, but sometimes it can be reversed.
Minimise your data footprint
Children growing up today have significant data footprints. Information is collected about children when they are online, in the home and out and about.
With new methods of linking and analysing data, children might find that their data footprints shape their lives for many years to come.
Read our report to find out about the ways in which data gathered in childhood might be used in the future, and our top tips for what to do if you want to minimise your data footprint.