So what happened? The platform simply made public the phone numbers and emails of users between the ages of 13 and 17, via the "business account" feature and a default setting making this data public.
And of course no user understood the mechanism, hidden in a default setting.
More generally, we note that minors are confronted with incomprehensible walls of text, whereas the RGPD requires economic actors to write in a particularly clear and age-appropriate way.
The fine imposed on Instagram sends a strong signal. Could it be that the tide is turning? Dear companies, start-ups, digital platforms, if you are partly addressing children or teenagers (or minors have access to your services), we invite you to look into the matter before your data protection authority (like the CNIL in France) comes knocking at your door.
This being said, how can legal design help children and teenagers to understand personal data issues? What are the best practices to make minors want to better understand and protect their personal data?
Can't wait to find out more? Then let's go!
Legal design at the service of minors' personal data
Minors: an ultra-connected and manipulable audience
Smartphones have replaced the walkman and tamagotchis. 92% of 12-17 year olds own one: they play games, buy online, watch videos on Tik Tok and communicate on WhatsApp.
In short, they are sowing personal data on a massive scale and are generally unaware of the existing abuses. We have identified 4 of them, but the list is not exhaustive:
"Advergames": games promoting a brand or product and collecting game data to increase the desirability of the game;
Connected toys: some can record children's conversations to include targeted references in their products;
Profiling and automated decisions: their browsing can be recorded and analyzed in order to offer them solutions that correspond to their tastes, but also to lock them into the same types of content;
"Dark patterns": interfaces that deceive or manipulate users, by playing on their cognitive biases. For example, playing on FOMO, to which teenagers are particularly receptive, or on immediate gratification.
In short, miners are easy prey. But, one thing is certain, opacity is not a business model that can be sustained over time.
Personal data of minors: the law to the rescue
First of all, all the above-mentioned dubious practices contravene the rights of the International Convention on the Rights of the Child: the right to privacy, the right to be heard on decisions that concern them, the right to reliable and transparent information, the right not to be economically exploited, etc.
At the European level, the GDPR requires that data subjects be provided with understandable, accessible information in clear and simple terms about the conditions of use of their personal data and their rights, especially when it is addressed to a child.
Finally, it is also a question of values. What image does a company that takes advantage of minors' vulnerabilities to collect massive amounts of data on their tastes and identities for 100% commercial exploitation send back?
Legal design or how to make personal data understandable to minors
The experiment conducted by Amurabi and the CNIL
According to a study by the CNIL, 82% of children aged 10 to 14 say they regularly go online without their parents. Even more worrying, parents of 8-9 year olds say that their children have been going online alone since the age of 7.
That's why it's imperative that they learn to be discerning about their personal data from an early age.
But, how to make children or teenagers understand a complex regulation who don't want to undergo a law lesson?
Amurabi, together with the CNIL's digital innovation laboratory (LINC), has studied the issue in order to make privacy engaging and to allow children and teenagers to appropriate it.
And to succeed in talking to an audience so different from the adult world, nothing is more effective than co-creating solutions with them according to two essential principles of legal design: clear legal language and empathy.
According to a study by the CNIL, 82% of children aged 10 to 14 say they regularly go online without their parents. Even more worrying, parents of 8-9 year olds say that their children have been going online alone since the age of 7.
That's why it's imperative that they learn to be discerning about their personal data from an early age.
But, how to make children or teenagers understand a complex regulation who don't want to undergo a law lesson?
Amurabi, together with the CNIL's digital innovation laboratory (LINC), has studied the issue in order to make privacy engaging and to allow children and teenagers to appropriate it.
And to succeed in talking to an audience so different from the adult world, nothing is more effective than co-creating solutions with them according to two essential principles of legal design: clear legal language and empathy.