I often think about how the pandemic would have looked if COVID-19 had struck when I was a child in the 1980s. I would likely have read books, watched television, made up games and played outside. Maybe I would have played Super Mario Brothers. I would not have spent more than five hours a day learning from a screen. My every move would not have been tracked by educational apps, health screening apps, online games, digital ads, smart home devices and social media platforms.

Canada’s new private-sector privacy law – Bill C-11, the Consumer Privacy Protection Act (CPPA) – was introduced late last year. While the bill is an opportunity to strengthen protections imposed by digital technology, the draft bill does not directly address a group impacted by the digital age at an unprecedented rate – children.

This lack of attention given to children’s privacy in the draft legislation is a missed opportunity given that the amount of online activity for them is at an all-time high, leading to intense digital tracking of our kids. Many parents have no choice but to allow children to use screens for longer, unsupervised periods, which may inadvertently lead to the over-collection of sensitive information.

While the pandemic has magnified how technology can empower and connect us, it has also highlighted two problems. First, the increased risks stemming from the constant collection of children’s data through our heightened reliance on technology in seemingly every aspect of our lives. Second, the inequity arising from lack of access to technology by lower-income families who cannot afford laptops and internet access let alone the luxury of worrying about the safety of their children’s data.

Irrespective of socio-economic status, the blurred lines between kids’ home and school lives raise questions about children’s privacy. How can children’s data be regulated so that special importance is placed on their right to control their data and decide how it will be shared? What role does big tech play in ensuring that children have the ability to maintain a zone of privacy without having to give up personal information?

At this crossroads in our digital society, Canada has a meaningful opportunity to address children’s privacy rights, starting with this timely legislation. But changes are needed to make the legislation effective in protecting our children’s data.

First, the CPPA should address consent requirements for children, similar to other modern privacy legislation. While the California Consumer Privacy Act, the European Union’s General Data Protection Regulation and Quebec’s Bill 64 all establish a minimum age for consent ranging from 13 to 16, Canada’s draft bill is missing any similar requirement.

Canada’s legislation should follow these examples by including child-centred consent provisions. This means going beyond a generic “terms of use” filled with loopholes that parents do not actually read and instead requiring meaningful consent that a child can understand.

Second, the CPPA should establish strict requirements for how businesses use children’s data. Given that children today are digital natives whose data will inevitably be collected by big tech companies, a shift of focus to the use of this data is critical. Use of children’s data should be limited to those actions necessary to provide an age-appropriate service. Without proper guidance, businesses may continue to create programs that do not properly consider the privacy rights of children.

Third, the new law should include a more defined right to be forgotten for children. Making mistakes is an important part of growing up and as kids spend more time online, there needs to be a mechanism to help protect them. I’m grateful that I grew up before Instagram and TikTok could document my teenage activities. Private companies need regulatory guidance to practise proper discretion when deciding what data should be removed following a request and in determining the balance between protecting freedom of expression and the right to privacy.

Kids are among the unsung heroes of this pandemic. Despite losing the ability to learn in the classroom, share meals with grandparents and pursue extra-curricular interests, children have proven to be resilient. Children have lost enough this past year. They should not lose this opportunity to have their privacy rights defined and protected.

Do you have something to say about the article you just read? Be part of the Policy Options discussion, and send in your own submission, or a letter to the editor. 
Michelle Gordon
Michelle Gordon is a privacy lawyer and consultant in Toronto, and the founder of GEM Privacy Consulting. She brings her passion for children’s privacy to her work in the education technology sector.

You are welcome to republish this Policy Options article online or in print periodicals, under a Creative Commons/No Derivatives licence.

Creative Commons License

More like this