What is age appropriate data use?
Daniel J. Power
Editor DSSResources.com
The abuse and misuse of data can negatively impact behavior, hurt feelings, and in some cases cause serious harm. Such consequences should be avoided and in some identifiable use cases minimized. Government regulations should protect people and build trust in data use. In general, data collection and use must be suitable or appropriate for a particular or intended age group. Defining what is age appropriate for a specific age group remains a challenge that must be confronted and not ignored by managers, organizations, and governments.
The European Union General Data Protection Regulation (GDPR) acknowledges that children under age 18 “merit special protection” in any use of personal data, in product and service marketing, in behavioral targeting, and from any other attempts to manipulate behavior. GDPR attempts to provide data protection and enhance privacy. Senior citizens, as well as children, should probably receive some special protections. All people are vulnerable to manipulation, but some age groups are less able to identify the manipulation and avoid or resist the adverse consequences.
In general, data protection rules should be reviewed and strengthened for all users. For example, application service providers must default to a high-privacy setting for all users. In general, a minimum amount of personal data should be collected and retained. Data, in particular, a child's data, should not be shared with or sold to third parties. Personal data should not be collected and sold for commercial re-use. Geolocation services should be disabled by default in "most circumstances" in apps. Overall, careful thought must be given to regulating a child's data and privacy.
So-called "nudge techniques", such as promising a financial incentive or access to additional content should not be used to encourage data collection from most audiences. These incentive approaches should definitely not be used with children or senior citizens to gain additional personal data, weaken privacy settings, or to increase service use longer than a person would otherwise have intended. In the European Union (EU), the GDPR offers limited guidance about what a higher standard of protection means in practice. Perhaps it is inappropriate to use data for profiling people under 18? or for targeting ads? or for ...?
A TrendMicro blog post asserts that online gamers are ideal targets for inappropriate data use and design abuse. Reasons cited in the post for concluding gamers are ideal targets include: 1) presence of hackers and cybercriminals, 2) account hacking and phishing, 3) trading and stealing online gaming currencies, and 4) stealing user information, invading privacy, spreading malicious content and malware. The Entertainment Software Association estimates that 28% of gamers are under 18 years old (www.theesa.com/about-esa/industry-facts/).
Collecting age data creates problems even when the goal is ensuring age-appropriate data use. For example, a minor child may lie about his or her age and so may other users for various reasons. Knowing a person's claimed age is a powerful targeting variable for persuasion. Asking for positive identification exposes even more data about a person that could be abused. In some ways, prohibiting certain types of online data collection and use in much easier and safer than specifying age barriers (over 18) or age categories for use.
Data use and application design should not adversely manipulate people. One positive step is to develop, test and share age-appropriate User Interface (UI) Design patterns. Also, sharing or selling data by vendors from some age groups should be prohibited, and everyone else should be asked if they wish to share data. We should not normalize massive data collection. People should expect privacy unless they specifically waive privacy rights voluntarily.
References
"Age appropriate design: a code of practice for online services
," at URL https://ico.org.uk/media/about-the-ico/consultations/2614762/age-appropriate-design-code-for-public-consultation.pdf
Further reading outside this code
United Nations Convention on the Rights of the Child
Guide to Data Protection
Guide to PECR
ICO Regulatory Action Policy
https://www.openrightsgroup.org/about/reports/age-appropriate-design-code-consultation
Halfacree, G., "ICO opens Age Appropriate Design consultation," bit-tech, April 16, 2019 at URL https://bit-tech.net/news/tech/software/ico-opens-age-appropriate-design-consultation/1/
TrendMicro staff, "Data Privacy and Online Gaming: Why Gamers Make for Ideal Targets," TrendMicro Blog, January 29, 2015 at URL https://www.trendmicro.com/vinfo/us/security/news/online-privacy/data-privacy-and-online-gaming-why-gamers-make-for-ideal-targets
Last update: 2019-05-26 03:27
Author: Daniel Power
Print this record
Show this as PDF file
You cannot comment on this entry
