IGF 2023 WS #62 Data Protection for Next Generation: Putting Children First

Wednesday, 11th October, 2023 (08:30 UTC) - Wednesday, 11th October, 2023 (10:00 UTC)
WS 3 – Annex Hall 2

Data Governance & Trust
Data Privacy and Protection

Organizer 1: Ananya Singh, USAID Digital Youth Council
Organizer 2: Vallarie Wendy Yiega, 🔒
Organizer 3: Man Hei Connie Siu, 🔒International Telecommunication Union
Organizer 4: Keolebogile Rantsetse, 🔒
Organizer 5: Neli Odishvili, CEO of Internet Development Initiative

Speaker 1: Njemile Davis, Government, Western European and Others Group (WEOG)
Speaker 2: Edmon Chung, Technical Community, Asia-Pacific Group
Speaker 3: Sonia Livingstone, Civil Society, Western European and Others Group (WEOG)
Speaker 4: Theodora Skeadas, Civil Society, Western European and Others Group (WEOG)
Speaker 5: Emma Day, Civil Society, Western European and Others Group (WEOG)


Ananya Singh, Government, Asia-Pacific Group

Online Moderator

Man Hei Connie Siu, Civil Society, Asia-Pacific Group


Neli Odishvili, Civil Society, Eastern European Group


Round Table - 90 Min

Policy Question(s)

1. How do children in different age-groups understand, value, and negotiate their digital self and privacy online? What capabilities or vulnerabilities affect their understanding of their digital data and digital rights? 2. What is a good age-verification mechanism so that such a mechanism itself doesn’t lead to the collection of more personal data? 3. How can we involve children as active partners in the development of data governance policies and integrate their evolving capabilities, real-life experiences, and perceptions of the digital world to ensure greater intergenerational justice in laws, policies, strategies, and programmes?

What will participants gain from attending this session? Participants will first ‘un-learn’ the current trend of the universal (often, adult) treatment of all users, which fails to respect children’s ‘evolving capacity’, lumping them into over-broad categories (under-13s, under-18s). Attendees will be introduced to the ongoing debates on the ‘digital age of consent’ and on how age-verification mechanisms almost ironically lead to the collection of more personal data. Panelists will elaborate on children’s perception of their ‘data self’ and the many types of children’s privacy online. Participants will also be given a flavor of the varying national and international conventions concerning the rights of children regarding their data. As our speakers come from a range of stakeholder groups, they’ll provide the attendees with a detailed idea on how a multistakeholder, intergenerational, child-centred, child-rights based approach to data governance related policies and regulations can be created.


Now, even before children are born, their data finds its way into the world. From ultrasound images to baby cameras, from social media to search engines, from email address to IP address, from governmental use of biometric technology in birth registration and national ID systems to EdTech, massive amounts of children’s data are being collected every second as we speak. Hence, children’s data needs our special attention. The main difference between general data protection and children’s data protection is that children may be less aware of the risks, consequences, and safeguards concerned with and their rights in relation to the processing of personal data. They cannot effectively advance or advocate on their own behalf owing to their age and capacity. They are less suited than adults to provide meaningful consent for the collection and use of their data because technology companies are not known for explaining their terms and conditions of data collection in an uncomplicated, jargon-free, child-friendly language and/or in local languages. Most importantly, children need to be afforded the agency to define who they are for themselves, without having their future pathways predetermined or their learning styles unduly narrowed down by algorithms. This workshop aims to highlight the power imbalance between data-collecting institutions and children. It will take the discourse on children’s online safety beyond the usual cyberbullying and internet addiction, and call for attention to the need for more transparency and accountability in processing children’s personal data. Speakers will deliberate on existing policies on child data governance, identify gaps, assess the technical aspects of child data capture, storage, and use, cite case studies of children’s data collection and breach of privacy, enlist any applicable international children’s rights standards & conventions, and recommend how children’s trust and interests can be prioritised to create a child-centred data governance structure.

Expected Outcomes

Outcomes: 1. Shed light on the types of children’s data and privacy online 2. Critically analyse how a tiered Age-Appropriate Design Code could be conceptualised 3. Justify why child-centred data protection is the need of the hour 4. Identify the gaps in existing policies on child data and suggest corrective measures 5. Drive conversation towards real-life examples of children’s data collection and breach of privacy 6. Emphasize how international children’s rights principles, standards, and conventions can be applied to children’s personal data collection, processing, and profiling 7. Highlight best practices concerning children’s data protection, if any Outputs: 1. The session’s highlights and key takeaways will be published in a blog series on the NetMission.Asia website 2. The session discussions will inspire the creation of a learning document that may be shared with wider audiences including but not limited to international donors, media, civil society, private sector, government, and end users.

Hybrid Format: As the session begins, both onsite and remote participants will be encouraged to scan the mentimeter QR code to express their expectations from the session. Equal time will be given to online/onsite speakers. In case of slow internet connection, the online moderator will first turn off the speaker's video and if the issue still exists, the speaker may use Zoom's dial-in tool. The rapporteur will track the flow of online chat and include relevant points in the session report. Once the audience Q&A begins, online participants will be encouraged to use Zoom's Q&A feature and onsite attendees will be given microphones to ask questions. The onsite and online moderators will coordinate to ensure an alternating pattern of Q&A between onsite and remote participants/speakers. At the session’s end, the audience may provide feedback for the session by scanning the mentimeter QR code.

Key Takeaways (* deadline 2 hours after session)

Data governance policies must address the unique needs and vulnerabilities of children in the digital age. This includes promoting transparency, accountability, and the protection of children's digital rights. Children themselves must be given seats at the table and enabled to aid in designing these policies.

The debate on age-verification and age-appropriate design must contextualise the socio-cultural backgrounds that each child may come from.

Call to Action (* deadline 2 hours after session)

Governments are urged to prioritize the creation of data governance policies that specifically address the unique needs and vulnerabilities of children in the digital age. They should ensure that the policies are designed in collaboration with experts in child development, privacy advocates, and children themselves, with a focus on age-appropriate design and user-friendly language.

Tech companies must adopt and enforce age-appropriate design principles in their products and services. This means developing child-friendly terms and conditions, ensuring understandable privacy settings, and creating digital environments that respect children's evolving capacity. The private sector should proactively minimize data collection from children and ensure that the data collected is used only for legitimate purposes.

Session Report (* deadline 26 October) - click on the ? symbol for instructions

The session focused on the need for the early incorporation of children's rights into legislation, the inclusion of children in decision-making processes, and the consideration of their rights from the beginning stages of legislation. The speakers also advocated for the active participation of children in shaping policies that affect their digital lives, arguing that involving children in policy-making processes allows for better addressing their unique insights and needs. Noting that children are infact "Internet natives", the speakers emphasized that they may have a better understanding of privacy protection due to growing up in the digital age, which, in turn, challenges the assumption that children are unaware or unconcerned about their digital privacy.

Age-Appropriate Design Codes and Data Minimization

The need for regulatory and educational strategies to protect children's privacy rights was a recurring theme in the session. Age-appropriate design codes, proposed by Professor Sonia Livingstone, aim to ensure that digital products and services respect and protect children's privacy, considering their age and understanding. By focusing on age-appropriate design, these codes acknowledge the connection between privacy and other essential rights of children. The idea is to create digital environments that respect children's evolving capacities and needs, emphasizing that privacy is not a standalone right but intricately linked with their overall well-being. 

The DotKids Initiative: Promoting Child Safety Online

The .Kids top-level domain, as presented by Edmon Chung, exemplifies efforts to promote child safety online. This initiative is unique as it aligns with the principles outlined in the Convention on the Rights of the Child. It provides a platform for reporting abuse and restricted content, thereby creating a safer digital space for children. DotKids serves as a notable example of how innovative approaches, such as domain-specific regulations, can be employed to prioritize children's rights and safety in the digital realm.

USAID's Role in Promoting Digital Innovation

USAID's significant role in technological innovation and international development cannot be overlooked. With its global reach and vast network across 100 countries, USAID actively supports initiatives that enhance digital literacy, promote data literacy, improve cybersecurity, bridge the gender digital divide, and protect children from digital harm. Their digital strategy, launched in 2020, underscores their commitment to ensuring the development of secure and inclusive digital ecosystems. As part of their efforts, they work towards protecting children's data by raising awareness, aligning teaching methods with educational technology (EdTech), and implementing data governance interventions in the public education sector.

Balancing the Opportunities and Risks in Digital Tools

The speakers illuminated how digital tools can both empower and endanger children in the digital environment. While these tools facilitate essential tasks like birth registration, case management, and data analysis, they also expose children to various risks, including cyberbullying, harassment, gender-based violence, and exposure to inappropriate content. The negative consequences of these risks, such as restricted perspectives and impaired critical thinking skills, were noted.

Educational Initiatives and Data Governance Frameworks

It was emphasized that awareness, advocacy, and training for data privacy protection are essential to counter these risks. Children's digital education was highlighted as a critical aspect of promoting responsible and ethical digital citizenship. Collaborative efforts between USAID and the Mozilla Foundation to provide ethical computer science education in India and Kenya represent a significant step in this direction. Ethical education helps ensure that future generations of technologists consider the societal and ethical impacts of their work. Furthermore, the integration of children's rights into national data privacy laws was advocated as a vital measure to protect children's privacy and well-being.

Empowering Youth Advocates for Data Governance

The importance of empowering youth advocates in the field of data governance and digital rights was also recognized. By engaging and supporting young voices in shaping data governance and digital rights agendas, we can better address the evolving needs and challenges faced by children in the digital era.


The discussions acknowledged the tension between the decision-making authority of adults and children's understanding of their best interests. The remedy proposed is to amplify children's voices in the digital society and introduce discussions on digital and data rights in formal education institutions. Recognizing children as stakeholders in internet governance was highlighted, and the need for a children's Internet Governance Forum (IGF) was emphasized. Such a forum can help raise awareness, build capacity, and encourage positive changes in the digital realm, benefiting children worldwide.