PLEASE NOTE: Our website uses a technology called cookies to improve your experience. One of the cookies we use is essential for parts of the site to operate and may have already been set. You may delete and block all cookies from this site, but parts of the site will not work. For more information see our privacy policy.

To accept cookies from this site (and hide this notice) please check this box and click the continue button.

HomeThe IssuesOur ServicesOur TeamPublicationsTestimonialsNewsletterContact us

On the case - September 2006

September 2006

Is marketing to children permitted under data protection legislation?


As children have become more financially active at an early age, marketers have begun to interact with them directly, rather than through their parents or guardians. Although not specifically included in the Directive’s definitions of sensitive data, information relating to children clearly needs careful handling.


Deciding what is acceptable in terms of processing children’s data for marketing purposes depends on their age and ability to understand the consequence of their actions. What is regarded as appropriate for a child under 12 is very different from that which would be acceptable for a 16 year old. When scripting data collection statements, the wording used must be readily understandable and children should not be asked to surrender information about adults for marketing purposes.


In the UK the Information Commissioner’s Office has created specific guidance for collection via websites directed at children. The rules can be applied for the collection of information in hard copy as well. The guidance says that children under 12 years of age should not be asked to surrender data without the explicit and verifiable consent of the child’s parent/guardian. A notice informing children of the requirement for parental or guardian’s consent must be shown at the point where a child's personal information is requested. In order to verify this consent has genuinely been given by the adult, a follow up postal communication should be sent addressed to “The parent or guardian of xxxxx [name of child]” stating that their permission has been captured and offering a further opt-out opportunity. The over 12s do not need parental consent but the language used to collect their data should be suitably clear.


In general, access to special offers or websites should not be contingent on the collection of personal information from children and companies should not attempt to entice children to divulge personal information with the prospect of a special prize or other offer. The general susceptibility of children should never be exploited in an attempt to gain information about them or their family circumstances.


It is worth remembering that orders for goods or services must not be accepted from children under 16 without first obtaining a parent/teacher’s verifiable and explicit consent. Trading in children’s data for list rental purposes without explicit consent from an adult breaches best practice guidelines and it goes without saying that data concerning children should be subject to particularly stringent security measures.

Other recent items: