By Fiona Dott, Solicitor. Contact Thomson Snell and Passmore 01892 510000.
Internet use by children is ever increasing and, for many children, the internet has become embedded within their daily lives at home and at school.
A recent study indicated that 63% of children access the internet using school computers and 33% of children access the internet during school time using handheld mobile devices.
Businesses are recognising the potential profit in this market in terms of providing online goods and services to child customer and also, importantly, from advertising revenue and the value in collecting personal data from children.
As children's online activity grows, law and policy is evolving to try to guard against the inherent risks for children doing business on the internet.
Who is a child as a matter of law?
There is no consistent view as to how to identify a child in the UK.
The general rule in England, Wales and Northern Ireland is that children gain legal capacity at the age of 18. In Scotland, children reach legal capacity at 16.
When under this age, a child can enter into and enforce a contract, but cannot generally have that contract enforced against him or her. For example, a child could sign up to an online membership subscription for a game and subsequently enforce those terms against the game provider. Whereas, that game provider would not be able to enforce its terms against the child (for example, in the event that the child fails to pay).
The exceptions to this general rule are contracts for necessities (such as food, drink, lodgings, medicines) and contracts for apprenticeship, education and service. Children can enter into these contracts and they will be enforceable against the child.
As most contracts entered into by children online will not fall into these exceptions, they will usually be voidable at the child’s option. However, a court may order a child to return the goods or pay for the services which he or she has benefitted from.
Advertising and marketing
The British Code of Advertising, Sales Promotion and Direct Marketing (the CAP Code) defines a child as anyone under 16. Under the CAP code, online communications addressed to or targeted directly at children under 16 years old must not:
- exploit a child's vulnerability or lack of experience:
- encourage children to make a nuisance of themselves;
- undermine parental authority; or
- include a direct exhortation to children to buy an advertised product
Collecting data from children
Many social media websites, such as Facebook, Bebo or MySpace, have set 13 as the minimum age to register for the service. This is to comply with US law relating to collecting information from children online. Despite this minimum age requirement, Ofcom found in 2011 that 20% of UK children aged eight to 11 do now have a social networking website profile.
The Information Commissioner's Office (the ICO), has indicated that some form of parental or guardian consent will normally be necessary to collect any personal information from children under 12. For children aged 12 and over, consent should be obtained from parents, guardians or persons acting in loco parentis wherever the collection of information from a child involves:
- passing the child's contact details to a third party organisation;
- using a child's contact details for marketing purposes;
- publication of a child's image on a website;
- making a child's contact details publicly available; or
- the collection of personal data about third parties, for example where a child is asked to provide information about his or her family members or friends.
There seems to be no consensus as to how consent should be obtained. Asking a child to tick a box confirming that he or she has consent to provide data is not really satisfactory (except where minimal information is being collected, such as an e-mail address to register on a website). However, if the child's photo is to be published online, the ICO has suggested that a signed consent form or email acknowledgement from the responsible adult is appropriate.
As yet, there is no child-specific law in the UK in relation to the activity of children on the internet. The mishmash legislative and regulatory framework causes confusion in identifying and responding to child website customers.
A degree of common sense should be applied. Online businesses should consider what they would allow their own child to do online and when they would expect their consent as parents to be obtained. In the absence of a consolidated and clear legal framework, the common sense and cautious answer will likely be the best approach.