Towards a child online privacy protection (framework) in Nigeria

In November 2018, Facebook recently came under scrutiny for failing to regulate its platform after it was used to auction a child bride in South-Sudan. In the same month, It was reported that a Norwegian man was charged for targeting more than 300 children “– most of whom were between 13 and 16 at the time of the abuse, with some as young as nine – on internet chat services and via the Snapchat messaging app.”

The above scenarios are part of the increasing dangers children face on the Internet. The widespread use of the Internet, the advancement in technology and the proliferation of Internet-enabled devices have created borderless and unlimited access to information. With the progress, come new opportunities for the exploitation, risk, and abuse of children. There is an urgent need to balance the immense benefits of technology, commercial interest and ensuring online safety of children with appropriate safeguards and strong legal and institutional framework. Further, there is a growing concern about the safety and privacy of children online. This was amongst the problems identified in a recent survey conducted by the World Wide Web Foundation in Nigeria.

Understanding the threat landscape

As internet penetration increases, more children are connected to the grid. Children now have a better understanding of technology than the average adult. According to a report published by England’s Children Commissioner, “children aged 11-16 post on social media on average 26 times a day, which means by the age of 18 they are likely to have posted 70,000 times. By the age of 13, a child’s parents will have posted on average 1,300 photos and videos of them to social media.” According to the Children’s Commissioner for England, children digital footprint now starts in the womb from the moment the parents post the ultrasound picture on the internet. According to the report, such information generated could have serious consequences when they grow up and “could influence which universities people are accepted to, whether they received a mortgage or even their job applications.”

New phones, smart toys, computer, wearables and privileges for using a device birth new responsibilities. The increased use of social media and online services mean children now share a tremendous volume of personal information online. Children have embraced the Internet as a means to learn, share and participate in civic life. Often, children are not aware of the imminent risk their digital footprint could possibly bring. According to ITU’s Guideline for Parent, Guardian and Educators of Child Online Protection, children online are increasingly faced with bullying and harassment, undesirable contact with adults posing as children, disclosure of personal information leading to risk of physical harm, targeting through spam; and adverts promoting age-related contents, self harm and destructible behaviour; defamation and damage to reputation, risk of hacking, sexting, grooming and solicitation, fraud, identity theft or exposure to inappropriate content. Digital kidnapping where pictures of children are used for role-playing is also a growing phenomenon. In the age of over-sharing, children could be victims of online privacy violation.

According to the United States Child Online Privacy Protection Act, a child’s personal information “includes a kid’s name, address, phone number or email address; their physical whereabouts; photos, videos and audio recordings of the child, and persistent identifiers, like IP addresses, that can be used to track a child’s activities over time and across different websites and online services.” According to a 2015 Kaspersky report, 28% of parents surveyed feel “they have no control over what their children see or do online, nearly two thirds (62%) of them don’t bother to talk to their kids about Internet threats.”

Nigeria’s legal framework

Interestingly, we are witnessing an increase in the use of invasive toys, video games, mobile devices and personal assistant gadgets targeted towards children. These, when connected to the internet collect their personal data and have a resultant effect on their privacy and online safety. In Nigeria, Section 37 of the 1999 Constitution and Section 8 of the Child Rights Act provide for children’s right to privacy. Further, Section 23 of the Cybercrimes Act 2015 punishes child pornography. The Cybercrimes (Prohibition and Prevention) Act also criminalises cyberbullying and cyberstalking that could affect children. While the Act punishes consumption of such content and provides for other offences, there is no other specific legal guideline or direction to protect the online safety and privacy of the Nigerian child.

Further, Article 10 of the African Charter on the Rights and Welfare of the Child provides the right to privacy for children. The Charter has been ratified by Nigeria. Clearly, the generic provision of the Charter is inadequate; African Committee of Experts on the Rights and Welfare of the Child (the body charged with monitoring the implementation of the Charter) needs to exercise its powers under Article 42 of the Charter “to formulate and lay down principles and rules aimed at protecting the rights and welfare of children in Africa.” A guidance from the committee can steer the policy framework for the protection of the African child online.

Making a case for child online protection law in Nigeria

Nigeria needs an online privacy protection law for children. The law will seek to protect the personal information of children on websites, online services and applications. The law will be binding on online service providers collecting the personal data of children. The biggest concern is consent management. Service providers will need the consent of the parents or guardians if the data collection affects a child below the established age. A child according to Nigeria’s Child Rights Act is anyone below the age of 18. The law will provide guidance on the age of consent, the definition and provision of rights, retention period of such data and obligations of service providers. The law should provide for transparency and accountability mechanism on the use of personal data. Internet Service Providers and Electronic Service Providers with products targeting children must be mandated to display children friendly privacy notice – preferably in a layered approach. There should be an independent body to administer enforcement and compliance with the provision of the law and address complaint from those seeking redress.

Role of platform providers

Internet Service Providers and Electronic Service Providers need to ensure their platforms are secure and do not put children at risk. Service providers should implement privacy and security by design and default. They will have to do more, to create and ensure age-appropriate contents by managing content and dealing effectively with abuse, misuse of their platform and illegal contact with children. Data collection should not be excessive but limited to what is required for the services provided to the child. Consent management has to be transparent and verifiable. Companies providing services that affect children need to exercise a duty of care and be more transparent about how they capture data relating to children and their use. Further, regulators have to understand that children, regardless of age-grouping have different needs and understanding of privacy. According to LSE, “children have different capacities to understand privacy and different needs which cannot be explained entirely by age.”

In Kenya, three mobile operators and regulators recently signed a charter in partnership with the government to foster a culture of safe and responsible use of the internet for children. The signing of the Child Online Protection (COP) Charter is part of the global We Care campaign aimed at sensitising and ensuring the safety of children online. More Internet Service Providers and Electronic Service Providers might consider adopting a similar charter to foster a safer online sphere.

Recommendation

The legal framework alone cannot guarantee complete protection for the Nigerian child. Excessive regulation will stifle children’s participation and access to the immense benefits of the internet. In addition, there is a need for increased digital literacy for both children and their parents or guardians. This will ensure children implement best privacy preferences, understand the implication of oversharing, and have good online behaviour. Parents or guardians can also utilise safety tools on their wards’ devices. The tool protects children from inappropriate online contents, prevents disclosure of personal information and assists parents and guardians manage time spent on the devices.

The ITU’s Guidelines for Parents, Children, Guardians and Educators of Child Online Protection is a very good reference point to lawmakers and policy makers for designing an Acceptable Use Policy and an online protection framework for children. The peculiarity of our societal context should be taken into consideration equally.

Conclusion

According to David Emm, “many young people today, using mobile phones and computers to go online, often out of sight of their parents or while out and about, has become an integral part of daily life… a significant number of parents feel powerless about managing what happens on these devices. However, there are many simple yet positive things parents can do to protect the young people in their care. The important thing is to combine practical measures, such as installing parental control software and keeping computers in family areas, with talking to our children about potential threats and how to deal with them.”

Ridwan Oloyede – ridwan.oloyede@famsvillesolicitors.com

Photo Credit: Freepik