Abstract
EU data protection law requires that digital service providers and system developers put in place technical measures that are adequate to protect children’s informational privacy. The stringent legal obligations of implementing principles of data protection by design into digital systems intensified the engineers’ need to create processes and technological solutions to enhance children’s privacy in digital services. However, in several cases, generic controls have proven to have limited effects on the protection of children’s privacy, raising questions about the need to further develop children- specific technical controls. This paper contributes to address the need for privacy controls by providing (a) a summary of real-world applications of information technologies domains that expose children to privacy risks, and (b) a list that represents the state-of-the-art of the technical controls designed specifically to protect children’s privacy. We identify 24 technical controls that we manually classify with NIST Security and Privacy control categories and Hoepman’s Privacy design strategies. We find that most controls relate to identification and authentication, many of which in the form of techniques for age verification. In general, the vast majority of controls belong to minimization strategies. Our findings show that the field of technical controls specifically designed for children is yet to be developed.
Original language | English |
---|---|
Article number | 103624 |
Pages (from-to) | 103624 |
Number of pages | 1 |
Journal | Computer Standards & Interfaces |
Volume | 82 |
DOIs | |
Publication status | Published - Aug 2022 |
Keywords
- Privacy
- Children
- Technical controls
- Privacy enhancing technologies
- GDPR
Project and Funding Information
- Project ID
- info:eu-repo/grantAgreement/EC/H2020/787034/EU/Methods and tools for GDPR compliance through Privacy and Data Protection Engineering/PDP4E
- Funding Info
- This work has been conducted in the scope of the project PDP4E (Methods and tools for GDPR compliance through Privacy and Data Protection Engineering). This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787034.