Five tips for parents: How to build your child’s awareness and understanding of data protection

Children do not pick up data protection awareness and skills by themselves. In addition to early childhood education and care, schools and other entities that deal with and serve children, parents also have a major role in building awareness and competence in their children.

However, data protection can feel like an unfamiliar and difficult subject to the parents too. If that is the case, it can be hard to discuss data protection and guide your child in matters like protecting their personal data or exercising their data protection rights.

This article for parents is intended to lay a foundation for discussions and thereby increase the familiarity of both parents and children with data protection. More comprehensive materials for parents will be drawn up and developed together with the parents in the course of the GDPR4CHLDRN – Ensuring data protection in hobbies project. For the purposes of this article, ‘child’ refers to everyone below the age of 18.

1. Think about what data protection means and what personal data is

What thoughts do the words ‘data protection’ give to your child? Does your child know what personal data is? Think about who is collecting your child’s personal data and for which purposes they are using it. What personal data is your child sharing about themselves or others? Encourage your child to take a moment to think before sharing their own data, as well as to respect the privacy of others when sharing data. For example, photographs and videos shared on social media can spread farther than the child intended.

2. Read the information concerning the processing of your personal data

Read the privacy statements and terms and conditions of the services and applications used by your child. What data are the controllers collecting and what is the data needed for? Is the information about the processing of personal data easy to read? The purpose of informing the data subject is to provide a comprehensive and clear overall picture of the processing of personal data. Transparent information creates the basis for exercising your other data protection rights.

3. Discuss the data protection rights and exercising them

For a child to be able to exercise their data protection rights, they must be aware of the existence of those rights. Go through the data protection rights with your child. If the child then wants to exercise their data protection rights, make the request directly to the controller. The controller’s contact details can usually be found on the controller’s website. As a rule, the controller is required to respond to the request without undue delay and in any case no later than within one month of the request being made.

4. Discuss data security and review your privacy settings

You can often decrease the probability of personal data breaches and misuse of personal data by being careful. For example, talk with your child about what makes a good password. Tell your child that they should not reply to suspicious messages. For example, messages that ask for the child’s username or password are suspicious. Remind your child that they should always log out of their accounts after using them with other devices than their own. Reset devices that contained personal data when disposing of them, selling them or otherwise passing them on. Also make sure that the devices and software in use have been updated to their latest versions.

Review the privacy settings of the services and applications used by your child. What information is visible to others and what has been set private? Who can see the information? Help your child adjust their privacy settings if necessary. Talk about how careful you are about privacy.

5. Support your child’s personal data protection and privacy by your own actions

The protection of your child’s personal data requires the contribution of several parties. The data protection awareness and skills of children can be supported by their education provider, the authorities and the practices followed by companies. Under data protection legislation, the controller processing the personal data is responsible for the lawfulness of the processing.

But you as a parent can also contribute to the protection of your child’s data and privacy. Think about what kind of information you share about your child, and to which audiences. Before sharing information, think about whether it is really necessary and what effects it could have. It is good practice to always ask for your child’s permission before posting information concerning them – provided that your child is old and developed enough to understand the significance of the matter. Do not post sensitive information about your child.

Author

Oona Ojajärvi
Oona Ojajärvi is a Senior Officer at the Office of the Data Protection Ombudsman and one of the experts participating in the GDPR4CHLDRN project.