Social Media Terms and Conditions and Informed Consent From Children: Ethical Analysis (original) (raw)

The General Data Protection Regulation: A Partial Success for Children on Social Network Sites?

Almost 20 years ago, the first social networking site (“SNS”) was launched in the U.S. Whilst developers originally intended for SNSs to be used by adults—which they are—they have also become an integral communication platform in the lives of many children in EU Member States. Sharing personal information on SNSs is now a routine activity for many children and, whilst they are computer literate in a way that their parents are often not, a number of concerns have emerged. One of these concerns is that children are vulnerable since they lack the capacity to consent to the terms of SNS membership agreements regarding the processing of their personal data. A further concern is that children’s naïve confidence sometimes leads them to take risks—by sharing information about themselves—that adults would not take. This is particularly concerning as children may be ignorant about the fact that their profile and behavioural data is sold to data brokers who use that information to produce targeted adverts—and that these adverts may display age inappropriate content or even may not by recognised by the children as adverts.1 Directive 95/46/EC2 regulates the processing of the personal data of EU citizens, including personal data posted on SNSs. Problematically, it was drafted in a pre-SNS era and neither makes reference to children nor considers them vulnerable data subjects whose personal data should be subject to more stringent processing rules. The absence of specific legal protection for children’s data on SNSs sparked concerns that children were ignorantly disclosing personal data and being exposed to profiling and advertising without adequate privacy and data protection safeguards in place. In response to these concerns, provisions aimed at safeguarding children’s privacy and data protection rights have been included in Regulation (EU) 2016/679 (hereafter “GDPR”),3 which will come into force on 25 May 2018. This chapter provides a critical evaluation of the forthcoming measures to address a knowledge gap that exists because of the novelty of these provisions and the fact that scholarship in this area is currently underdeveloped.4 It begins by providing an overview of SNSs and the problems posed by underage children’s access to them. In this regard, it will illustrate that the biological and psychosocial developmental changes that children experience as they progress through their teenage years and develop their capacity for freedom of expression makes them vulnerable to impulsive personal information disclosures and privacy invasions. After this, an exploration of the current legal protections for children’s privacy on SNSs from the perspective of privacy as information control will highlight deficiencies in Directive 95/46/EC. This leads to an analysis of the measures in the GDPR to determine whether they will, when introduced, realise the twin goals of legitimising the processing of children’s personal data and, at the same time, protecting their fundamental privacy and data protection rights. The compatibility of measures in the GDPR with provisions in the United Nations Convention on the Rights of the Child (1989) (“the UNCRC”) and the Charter of Fundamental Rights of the European Union (2000) (“the EU Charter”) is considered as these provide a normative framework for evaluating children’s legal rights. To comply with both legal frameworks, data protection measures in the GDPR governing children’s activities on SNSs should recognise their evolving capacity for freedom of expression and privacy. This would allow them to express themselves with appropriate safeguards in place, ensuring that their best interests are protected and that they are not subject to economic exploitation through activities such as profiling and advertising without consent. Specifically, the analysis presents a critical evaluation of the introduction of an age threshold, below which children are deemed to lack capacity to consent to the processing of their personal data; the conceptual coherence of relying on parental consent for children under the threshold age; the practical implications of Member States being permitted to set the threshold age within a range of ages; and the practical challenges posed by relying on verified parental consent. The chapter concludes that measures in the GDPR are compatible with provisions in the UNCRC and the EU Charter but that a number of practical challenges remain unsolved. For instance, allowing Member States to set the threshold age means that the goal of simplifying and harmonising the regulatory environment for SNSs operating on a transnational basis will not be fully realised. Equally, reliance on parental consent and the consent of children over the threshold age is conceptually coherent, but it is dependent on the introduction of low-cost age-verification mechanisms being integrated into SNSs. It is also dependent on child data subjects (or their parents) being digitally literate enough to give unambiguous, specific consent to the processing of their personal data. Relatedly, whilst the GDPR includes measures to promote and increase the digital literacy of both parents and children, it remains to be seen how effective these will be in practice. For these reasons, the GDPR is an improvement on Directive 95/46/EC, but only a partial success.

Ethical Issues in Social Media Research for Public Health

American journal of public health, 2018

Social media (SM) offer huge potential for public health research, serving as a vehicle for surveillance, delivery of health interventions, recruitment to trials, collection of data, and dissemination. However, the networked nature of the data means they are riddled with ethical challenges, and no clear consensus has emerged as to the ethical handling of such data. This article outlines the key ethical concerns for public health researchers using SM and discusses how these concerns might best be addressed. Key issues discussed include privacy; anonymity and confidentiality; authenticity; the rapidly changing SM environment; informed consent; recruitment, voluntary participation, and sampling; minimizing harm; and data security and management. Despite the obvious need, producing a set of prescriptive guidelines for researchers using SM is difficult because the field is evolving quickly. What is clear, however, is that the ethical issues connected to SM-related public health research ...

Non-informed Consent Cultures: Privacy Policies and App Contracts on Facebook

Journal of Media Business Studies 11 (1), 2014

Social networking sites collect extensive personal and sensitive user data across a wide range of services and users accept this through a click on the accept-button in their end-user license agreements (EULAs). By comparing existing regulation and discussion on future adjustments with studies of consent practices on Facebook, the article argues that with the growing importance and use of these services the consent culture of the internet has turned into a blind non-informed consent culture, heavily relying on social incentives and group dynamics in decision-making that are not adequately reflected in current and upcoming privacy regulation.