Government Announces Changes to Children’s Digital Rights

25 August 2017

Children’s lives are being documented online on an unprecedented scale. On average by a child’s fifth birthday, their parents will have posted 1,500 photos of them online. According to Ofcom, half of twelve year olds have a social media account and children are using social media prolifically; 30% of 12-15 year-olds with social media accounts check their favourite social media website over ten times a day.

As a society we have struggled to keep up with the pace of change and giving children the rights they need to protect themselves online. This was the impetus behind the creation of 5Rights.

The Government has published a Statement of Intent regarding data protection law. As expected, this has confirmed that the new European regulation on data protection law, the GDPR, will be adopted despite Brexit. The Statement of Intent has also confirmed two policies which are significant for children’s digital rights.

Enhanced right to be forgotten  

Schillings’ 2015 report for 5rights highlighted shortcomings in the legal framework for children’s digital rights. We argued that children should have the right to ask social media companies to remove their data.

A general right to be forgotten already exists. Both adults and children can ask companies to erase information about them, for example where the information is no longer relevant. Companies do not always have to comply with right to be forgotten requests, for example where the company has to keep the information to comply with a legal obligation. The scope of this general right to be forgotten will be similar under the GDPR.  

The Government has proposed an enhanced right to be forgotten for children, presumably on top of this existing right. The enhanced right to be forgotten will enable children to require social media companies to delete all information held about them up to the age of 18, subject to very narrow exemptions.

This acknowledges the importance of being able to make mistakes when you are a child, without having these come back to haunt you. For the first generation to use social media in their teens, it is embarrassing enough to discover a long-forgotten Bebo account, or oversharing Facebook statuses posted when unaware that Facebook would curate these into a Timeline. Imagine the online baggage of children today, who’ve had internet access throughout their teens. The personal embarrassment of finding your old half-baked opinions and terrible haircuts is bad enough. Young people should not have to worry about an employer or university judging them based on outdated posts.

The age of consent for using social media websites will be 13

Under the GDPR, the default age at which a child can join a social media website is 16, but the Government can lower this to 13. The Government intends to lower the age to 13, (in line with Facebook’s terms and conditions).

This is problematic. Many social media websites are not safe for children.  Children are particularly vulnerable  to social media addiction.

The statement of intent notes that the Government aims to “give children the tools they need to maximise these opportunities, including through education and awareness, to build their digital literacy skills, and stay safe online.” They “expect businesses, including social media companies, to step up to their responsibilities in creating safer spaces for children and young people to enjoy their time online.”

This is encouraging, but we would like to see these assurances backed up by concrete policies, rather than relying on social media companies to self-regulate.

Outstanding questions

There are still a number of areas where we need clarity. This will be beneficial to children relying on digital rights, and social media companies enforcing them.

  1. Will the enhanced right to be forgotten arise when a child turns 18 or throughout their childhood, and then into adulthood?

  2. Will the right only apply to public posts, or also to private messages? The focus has been on Facebook posts but what about WhatsApp messages?

  3. What about content about children posted by other people? The perils of ‘over-sharenting’, i.e. posting excessive photos of your child, are well known. Will children be able to get unwanted photos removed from other pages?  

  4. Will the enhanced right to be forgotten apply to data harvested through cookies, such as browsing history?

  5. What will social media websites have to do make their websites safe for children, in exchange for the Government allowing children to sign up aged 13?

  6. How will social media websites ensure that under-13s are not using their products? Given that half of 12 year olds have a social media profile, more needs to be done.

On balance, we welcome the Government’s confirmation that children will be given an enhanced right to be forgotten, but look forward to clarification on these issues.

Receive our monthly newsletter

About the Author

Jane Ashford-Thom


Jane advises prominent individuals and the companies they represent on reputation and privacy issues.

+44 (0)20 7034 9000
Our 24 hour number
+44 (0)20 7034 9000
Legal information

© 2021 Schillings International LLP. SCHILLINGS is a trading name of Schillings International LLP and Schillings International (USA) LLP.

Schillings International LLP is a limited liability partnership registered in England and Wales with registration number OC398731. A list of members of Schillings International LLP is available for inspection at our registered office 12 Arthur Street, London, EC4R 9AB. Schillings International LLP is an Alternative Business Structure regulated and authorised by the Solicitors Regulation Authority.

Schillings International (USA) LLP is a registered limited liability partnership organised and existing under the laws of the State of Delaware, United States of America, whose principal place of business is at One World Trade Center, Suite 8500, New York, NY 10007. Our New York based attorneys are registered as a foreign legal consultant in the State of New York.