Pro-consumer website Comparitech has released a new report exploring legislation about child data collection in the world’s top 50 countries by gross domestic product (GDP).
The document assessed 23 different aspects of these policies to assess whether specific legislation was in place for children’s online data or not.
Aspects examined included requirements for privacy policies, parental consent and authority and restrictions on who had access to the data internally.
Every one of these aspects was then assigned a score, and countries were ranked based on the collective score they achieved.
Of the 50 countries on the list, the document suggested that 18 were entirely lacking legislation to address the collection and processing of children’s data online.
However, even in the nations where specific safeguards for processing children’s data were present, the legal system allowed for loopholes for government treatment of children’s data, for instance for public safety.
Additionally, none of the countries on the list had rules against the online government surveillance of children.
In terms of the nations that ranked higher in the Comparitech list, France was at the top, with 34.5 out of 44 points. The country scored two points higher than the rest of the EU as its legislation allowed children to be, in some cases, involved in the consent process alongside their parent/guardian.
Other countries in the European Union (except Switzerland) ranked 32.5, mainly due to the safeguards on children’s data provided by the General Data Protection Regulation (GDPR).
However, even within GDPR, Comparitech pointed out that government entities were given the usual exemptions when it came to data handling.
Furthermore, no specific requirements for the encryption of children’s data are specified by GDPR, as well as no precise data retention periods.
As far as the US is concerned, the country scored 29.5, presenting a lack of comprehensive children’s data protection. According to Comparitech, the 1998 COPPA legislation established some safeguards, but these seem to be currently scarcely followed by many Android developers.
The report also looks at age-verification systems, such as the UK’s Online Safety Bill, and warns against the dangers they pose for the collection of personal data, particularly of children.
Looking to the future, the report says that while
“there is no silver bullet [...] that ensures the protection of children and the privacy of all internet users, [...] education (of both children and parents) is critical, as is ensuring parents are aware of the parental safety controls they can implement on their children’s devices and internet connections.”