Avani Singh
 BComm LLB (Pretoria)
 Attorney of the High Court of South Africa; Director, ALT Advisory and Power Singh Inc
 https://orcid.org/0000-0001-9949-3527
This email address is being protected from spambots. You need JavaScript enabled to view it.
  This article is written in a personal capacity.

 Tina Power
 BA LLB LLM (Witwatersrand)
 Attorney of the High Court of South Africa; Senior Analyst and Researcher, ALT Advisory and Senior Associate at Power Singh Inc
 https://orcid.org/0000-0002-6204-1997
This email address is being protected from spambots. You need JavaScript enabled to view it.
  This article is written in a personal capacity.


 Edition: AHRLJ Volume 21 No 1 2021
  Pages: 99 - 125
 Citation: A Singh & T Power ‘Understanding the privacy rights of the African child in the digital era’ (2021) 21 African Human Rights Law Journal 99-125
http://dx.doi.org/10.17159/1996-2096/2021/v21n1a6
Download article in PDF


Summary

Africa is increasingly welcoming and participating in the technological revolution that is occurring the world over. A significant rise in access to the internet and other digital technologies means that children can engage, communicate, share, learn and develop in previously unimaginable ways. Technology, to a large extent, has fundamentally changed the way in which children exercise and realise their rights. This article argues that in order for children to be safe and empowered both on and off-line – and have their privacy respected, protected and promoted – a variety of stakeholders need to come to the table. Drawing on recent international developments around children’s rights in a digital environment, this article reflects on the various roles of key stakeholders in advancing the privacy rights of children. The article submits that the advancement of children’s privacy rights in Africa is indeed achievable and attainable, provided there are collaborative

commitments from public and private decision makers and parents, caregivers and guardians and, importantly, that children are part of the solution. As we look to the future of the right to privacy in Africa, the article concludes with a selection of recommendations on the right to privacy going forward.

Key words: children’s right to privacy; technological advancements; digital spaces; multi-sectoral approach; children’s participation

1 Introduction

The digital era has fundamentally changed the way in which children exercise and realise their rights. A significant rise in access to the internet and other digital technologies means that children are able to engage, communicate, share, learn, and develop in previously unimaginable ways. This has led to unprecedented opportunities, as well as unprecedented challenges.1 Across Africa, access to the internet is rapidly increasing, with millions of individuals joining online spaces.2 While inequality in internet access and connectivity remains rife, it is estimated that approximately 40 per cent of children in Africa can access the internet in some form.3 Indeed, as set out by the African Union (AU) Agenda for Children 2040, Fostering an Africa fit for children, states are called upon to provide universal access to affordable information and communication technology devices, content and connectivity, and to integrate these into teaching and curricula.4 As more children become more connected, an urgent need arises to ensure that all children are able to safely access and enjoy the many benefits and opportunities of the online world. The United Nations (UN) Committee on the Rights of the Child (CRC Committee) has affirmed this position in its most recent General Comment 25, noting that ‘[c]hildren’s rights shall be respected, protected and fulfilled in the digital environment’.5

Children’s privacy rights are no different, and apply equally on and off-line.6 Online, a child’s privacy can be compromised by the processing of personal data, online surveillance, the building and maintaining of records of children’s entire digital existence, the use of biometrics and pre-existing risks such as online stalking and harassment, and exposure to unwanted inappropriate content.7 The UN Human Rights Council (UNHRC) has noted that the violations and abuses of the right to privacy in the digital age may affect all individuals, but that such violations may have a particular effect on children.8 It bears highlighting at the outset that the right to privacy of children is firmly safeguarded in article 10 of the African Charter on the Rights and Welfare of the Child (African Children’s Charter),9 as well as article 16 of the Convention on the Rights of the Child (CRC).10

The right to privacy is a fundamental right that is both important as a right itself, and as an enabler of an array of other fundamental rights, ranging from access to information, freedom of expression, freedom of association, and freedom of thought, conscience and religion, to public participation, dignity, equality and non-discrimination. The full realisation of the privacy rights of children, both on and off-line, cannot be gainsaid. Importantly, it facilitates the child’s ability to fully self-actualise and self-identify in a manner of their own choosing, without undue intrusion or influences that may wish to steer their path in a particular social or cultural direction. The South African Constitutional Court has held that ‘the right to privacy is even more pressing when dealing with children’ as it is central to a child’s self-identity which is still forming, emphasising that the protection of the privacy of young persons fosters respect for dignity, personal integrity and autonomy.11

Given the importance of children’s privacy rights, as well as the mounting challenges of children’s privacy in our digitally-transforming society, this article argues that a collaborative, multi-stakeholder approach is necessary to enable the safety of children online and ensure that their right to privacy is respected, protected and promoted. Accordingly, as we navigate the various roles and responsibilities within the ecosystem of children’s online engagement and participation, the need for nuanced understandings of the right to privacy is more necessary than ever.12 This article begins by exploring the regional and global evolution of children’s privacy rights. Following this discussion, this article turns to examine the roles of the state, non-state actors, and parents, guardians and care givers in advancing children’s privacy rights online. Furthermore, this article considers the role of children, taking into consideration their evolving capacities, participation and engagement to safeguard their rights online while enjoying the innumerable opportunities facilitated through access to the internet.

2 Evolution of children’s privacy rights

2.1 Development of the right to privacy for children

In general terms, the right to privacy under international law finds its origin in the Universal Declaration of Human Rights (Universal Declaration)13 and the International Covenant on Civil and Political Rights (ICCPR).14 While the African Charter on Human and Peoples’ Rights15 (African Charter) does not expressly contain a right to privacy,16 the revised Declaration of Principles on Freedom of Expression and Access to Information in Africa (African Commission Declaration of Principles), adopted by the African Commission on Human and Peoples’ Rights (African Commission) in 2019, recognises the importance of the right to privacy, both as a self-standing right and an enabler of the rights to freedom of expression and access to information.17 The right to privacy is complex and wide-ranging, comprising protections against the arbitrary or unlawful interference with the right to privacy, family, home or correspondence, the confidentiality of communications, the protection of personal information, and protections against communication surveillance.18 Both the African Commission and the UN Human Rights Committee have recognised that the same rights that people enjoy off-line apply equally on-line, including the right to privacy.19

The development of the right to privacy in the context of children’s rights, as evinced through CRC and the African Children’s Charter, to a large extent drew on ICCPR. In this regard, article 16 of CRC provides:

  1. No child shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence, nor to unlawful attacks on his or her honour and reputation.
  2. The child has the right to the protection of the law against such interference or attacks.

The African Children’s Charter has nuanced the right to privacy in a manner that does not find similar reference in CRC. Article 10 of the African Children’s Charter protects the right to privacy as follows:

No child shall be subject to arbitrary or unlawful interference with his privacy, family home or correspondence, or to the attacks upon his honour or reputation, provided that parents or legal guardians shall have the right to exercise reasonable supervision over the conduct of their children. The child has the right to the protection of the law against such interference or attacks.

Notably, there are two key distinctions between the right to privacy as contained in CRC and the African Children’s Charter. The first relates to the exclusion in the African Children’s Charter of the word ‘unlawful’ in respect of attacks. Gose argues that this likely was an editing error, noting that protection against lawful attacks is a highly-improbable interpretation.20 Both article 16 of CRC and article 17 of ICCPR protect against ‘unlawful’ attacks and, for present purposes, this textual distinction is of limited relevance. The second and more noteworthy difference between the two instruments relates to the inclusion of parental and guardian power in the African Children’s Charter, namely, the inclusion that ‘parents or legal guardians shall have the right to exercise reasonable supervision over the conduct of their children’. In order to understand this inclusion, a brief reflection on the drafting processes of the respective instruments is necessary.

CRC, often recognised as the seminal instrument on the rights of the child, is not without flaws. Critics of the drafting process highlight the lack of diversity and inclusion, and the ‘particularly Western’ perspective of CRC.21 This was in part due to the tensions between the global East and West at the time, an initial lack of civil society representation, and an underrepresentation of African states.22 During the ten-year drafting process of CRC only four states from North Africa participated, with no representations from sub-Saharan Africa.23 Despite most African states ratifying CRC, it has been observed that many African states felt that CRC insufficiently reflected African concerns and cultural contexts.24 This resulted in certain factors that were unique to the African context being excluded from the drafting process, including considerations of socio-economic circumstances, culture, tradition and development.25

For example, Ekundayo’s insights suggest that the perception of children as rightsholders is difficult to realise in African societies as ‘the attitude of domination over children by adult[s] has continued to determine the destiny of children especially children in Africa’.26 The role of parents in guiding and directing children in the exercise of their right to freedom of thought, conscience and religion in article 9 reinforces the role of parents and care givers. Article 31 arguably is a further manifestation of the relationship between children and adults, in that it requires children to respect their parents, superiors and elders at all times, and preserve and strengthen African cultural values.27

There are differing views on whether the duty to respect parents and guardians could easily be relied upon to limit children’s rights to freedom of expression, privacy, and participation in decision making, or whether it is analogous with positive African traditions.28 Cognisant of these diverging views, the African Committee of Experts on the Rights and Welfare of the Child (African Children’s Committee) published a General Comment on article 31 of the Children’s Committee, explaining that there is a need to strike a balance between the authority exerted by adults over children and the corresponding responsibility of children to be respectful and mindful of such authority.29 Notably, the General Comment goes further to state that the ‘[r]ights of the child including freedom of expression, participation, and development, among others, shall not be compromised or violated by reference to “respect for adults”’.30 Therefore, while it is likely that the perception as captured by Ekundayo could explain why article 10 is more prescriptive on the supervisory role of parents and caregivers, it is necessary to bear in mind that children’s rights should not be compromised or violated because of this.

Against the backdrop of these drafting nuances, it is also important to consider the significance of the inclusion of article 10 in the African Children’s Charter, given that this is not provided for in the African Charter. It is by now well-established that the African Charter sets the standard for recognised and enforceable human rights in the region, establishing the rights, duties and freedoms to which every individual is entitled.31 It therefore is perhaps unusual that African Children’s Charter departed from the prescripts of the overarching framework of the African Charter on this particular point, but what is even more curious is that this distinction has not attracted much academic debate, nor has it led to commentary from the relative regional bodies. While the official position on this is unclear, it is possible that the drafters of the African Children’s Charter, whilst electing to develop a uniquely African framework on the rights of the child, sought to specifically distinguish the African framework from CRC in relation to privacy. The discussion above on the African perspectives of children as rights holders lends support to this argument, highlighting that despite the African Charter not explicitly including privacy rights, the traditional and cultural underpinnings of familial roles require specific understandings of privacy.

2.2 Contemporary notions of children’s privacy rights

Understanding the above contextual nuance is necessary as we work to bring children’s privacy to life in the digital era. As noted in General Comment 16, ‘[a]s all persons live in society, the protection of privacy is necessarily relative’.32 The right to privacy has been described as existing across a continuum, whereby the expectation of privacy is considered reasonable in the inner sanctum of a person or the truly personal realm, but the reasonableness of the expectation gradually erodes in the context of communal relations and activities.33 In this regard, the more a person inter-relates with the world, the more the right to privacy becomes attenuated.34 This raises important and complex questions regarding where the right to privacy online for children falls on the continuum. As noted by the United Nations Children’s Fund (UNICEF), both children and adults face greater risks of intrusion into their rights to privacy when online: States may follow children’s digital footsteps; private sector actors may collect and monetise children’s data, and parents or guardians may publish children’s information and images.35 UNICEF further explains the complexities of the particular contexts in which the privacy rights of the child arise, stating:36

Children’s right to privacy is multifaceted, and the physical, communications, informational and decisional aspects of children’s privacy are all relevant in the digital world. Children’s physical privacy is affected by technologies that track, monitor and broadcast children’s live images, behaviour or locations. Children’s communications privacy is threatened where their posts, chats, messages or calls are intercepted by governments or other actors, and children’s informational privacy can be put at risk when children’s personal data are collected, stored or processed. Children’s decisional privacy may be affected by measures that restrict access to beneficial information, inhibiting children’s ability to make independent decisions in line with their developing capacities.

Moreover, General Comment 25 on CRC explains the right to privacy in relation to the digital environment as follows:37

Privacy is vital for children’s agency, dignity and safety, and for the exercise of their rights. Threats to children’s privacy may arise from their own activities in the digital environment, as well as from the activities of others, for example by parents’ sharing online the photos or other information of their children, or by caregivers, other family members, peers, educators or strangers. Threats to children’s privacy may also arise from data collection and processing by public institutions, businesses and other organizations; as well as from criminal activities such as hacking and identity theft.

The above passages capture the specific privacy-related concerns that may be prevalent while children are online. These passages equally demonstrate the need to find an appropriate balance between protecting children’s privacy rights and guarding against undue limitations on their ability to express themselves and access information. As more children in Africa begin, or continue, their online journeys, it is necessary to ensure that emerging threats and challenges do not unjustifiably restrict the exercise of their rights.

3 Working collectively to protect children’s privacy rights

The African Children’s Charter makes it clear that the promotion and protection of the rights and welfare of the child also imply the performance of duties on the part of everyone.38 Meaningfully realising the right to privacy requires both a negative duty – not to infringe the right to privacy – and a positive duty – to take proactive measures to give effect to the right to privacy. It is only through a confluence of both these negative and positive measures that the right to privacy can be realised in theory and practice. In this part we explore the role of the state, parents and guardians, non-state actors, and children themselves in respect of the privacy rights of the child. As we explore these roles, we further unpack the various dimensions of children’s privacy rights online.

Before turning to these roles and how they relate to children’s privacy, it is important to note that the realisation of these roles and duties must be informed by the four general principles underpinning children’s rights, including the best interests of the child, the right to life, survival and development, the right to non-discrimination and the right to be heard.39 General Comment 25 similarly encourages these four principles to be used as a lens through which children’s rights in relation to the digital environment can be understood.40 In sum, General Comment 25 records that (i) the best interests of the child is a dynamic concept that has special importance in relation to the digital environment; (ii) it is necessary to take into account emerging risks children face in diverse contexts as well as the effects of digital technologies on children’s development; (iii) children should have equal and effective access to the digital environment in ways that are meaningful for them, and should not face discrimination online; and (iv) the use of digital technologies should enhance children’s rights to be heard in matters that affect them and help to realise their participation at local, national and international levels.41

3.1 Role of the state

Article 1(1) of the African Children’s Charter requires states to recognise the rights, freedoms and duties contained in the Charter, and undertake the necessary steps, in accordance with their constitutional processes and the provisions of the Children’s Charter, to adopt such legislative or other measures as may be necessary to give effect to the African Children’s Charter. As noted by the African Children’s Committee in General Comment 5:42

States Parties must see their duty as fulfilling applicable legal obligations to each and every child. Implementation of the human rights of children must not be seen as a charitable process, bestowing favours on children. The clear meaning of ‘shall recognise’ as contained in Article 1(1) is peremptory.

The duty on states to recognise the rights, freedoms and duties contained in the African Children’s Charter implies a level of formal recognition of the rights, be it in law or through a constitutional provision.43 This must be recognised without distinction of any kind.44 Furthermore, as explained by the African Children’s Committee, providing for judicially enforceable children’s rights carries with it the imperative to ensure that children have access to the judicial system, if needs be without parental assistance, to enable them to enforce their rights.45

In General Comment 16 the UNHRC gives content to the duties of states in respect of the right to privacy. Notably, public authorities should only be able to call for such information relating to one’s private life where such knowledge is essential in the interests of society.46 It is clear that states themselves are under a duty not to engage in interferences inconsistent with the right to privacy, and to provide the legislative framework to prohibit such acts by natural or legal persons.47

With regard to the duty to respect the right to privacy of the child, states must not take any measures that unjustifiably intrude on the right. As explained by UNICEF, children’s privacy is more likely to be respected in a digital environment where children can privately and securely access information online; where children’s communications and personal data are sufficiently protected from unauthorised access or intrusion; where children’s privacy is considered in the design of websites, platforms, products, services and applications designed for, targeted at or used by children, and children enjoy protection from online profiling.48 The duty rests firmly on states to create an appropriate enabling environment where children are able to exercise and realise their privacy rights, both on and off-line.

Several key considerations bear highlighting. The first relates to the surveillance of children, particularly their communications.49 In this regard, any state that undertakes mass or bulk surveillance activities will invariably infringe the privacy rights of children caught in the surveillance net, as such mass surveillance is inherently indiscriminate and disproportionate.50 Children are also placed at risk in circumstances of targeted surveillance, whereby a child may be subjected to surveillance themselves or may have their communications intercepted when communicating with a parent or other adult who has been placed under surveillance. General Comment 25 states that

[a]ny surveillance of children together with any associated automated processing of personal data, shall respect the child’s right to privacy and shall not be conducted routinely, indiscriminately, or without the child’s knowledge, or in the case of very young children their parent or caregiver, and where possible the right to object to such surveillance.51

In our view, the duty to respect the privacy rights of children requires states to include express child-sensitive provisions and safeguards in any law that impedes the privacy rights of children.52 For instance, in the context of surveillance, this might require states to include a provision in the law that expressly requires disclosure to an independent judicial authority if a child is to be placed under surveillance or there is a reasonable likelihood that the communications of a child will be subjected to surveillance. This should also include taking appropriate measures to protect children from intrusions into their privacy from other actors, such as private sector actors, who may seek to impermissibly benefit from the vulnerabilities of children.

The second consideration relates to the need to create an enabling environment for the exercise of the right to privacy, particularly through the enactment of data protection frameworks that include child-sensitive provisions for the processing of personal information of children. As noted in the General Data Protection Regulation (GDPR) of the European Union (EU), children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences, safeguards and rights in relation to the processing of personal information.53 Across Africa there are just over 30 states that have adopted data protection laws, although not all provide explicit protections for children.54 Notably, the African Union Convention on Cyber Security and Personal Data Protection is silent on the processing of personal information of children.55 Regionally, the Economic Community of West African States (ECOWAS) appears to be the only sub-regional body with a binding regional data protection regime,56 whereby the ECOWAS Supplementary Act on Personal Data Protection aims to ensure that all member states establish a legal framework of protection for privacy of data relating to the collection, processing, transmission, storage and use of personal data without prejudice to the general interest of the state.57 However, this Act also contains no detailed guidance for states on the processing of personal information relating to children.

Some domestic frameworks provide more express protection for children, such as the Data Protection Act, 2012 of Ghana and the Protection of Personal Information Act, 2013 of South Africa, both of which prohibit the processing of personal information of children unless one of the exceptions, such as the consent of the parent or guardian, can be established.58 The Data Protection Act, 2019 of Kenya provides that children’s personal data cannot be processed unless consent is given by the child’s parent or guardian, and the processing is in such a manner that protects and advances the rights and best interests of the child.59 It further requires a data controller or data processor to incorporate appropriate mechanisms for age verification and consent in order to process the personal data of a child.60 Most recently, the Cyber Security and Data Protection Bill, 2019 of Zimbabwe provides that the personal information of a child may not be processed unless a competent person consents to the processing of such data. It provides further that where the data subject is a child, their rights pursuant to this law may be exercised by their parents or care givers.61

As explained by the Council of Europe:62

Where states take measures to decide upon an age at which children are considered to be capable of consenting to the processing of personal data, their rights, views, best interests and evolving capacities must be taken into consideration. This should be monitored and evaluated while taking into account children’s actual understanding of data collection practices and technological developments. When children are below that age and parental consent is required, states should require that reasonable efforts are made to verify that consent is given by the parent or legal representative of the child.

It bears reference that in 2020 the United Kingdom Information Commissioner’s Office announced the coming into force of the Children’s Code (also known as the Age-Appropriate Design Code).63 The Children’s Code is a data protection code of practice for online services, such as applications, online games, websites and social media platforms that are likely to be accessed by children. Specifically, it addresses how to design data protection safeguards into online services to ensure that they are appropriate for use by – and meet the development needs of – children.64 A similar code or framework does not appear to exist in Africa, although Zimbabwe,65 Zambia,66 Ghana67 and South Africa68 appear to be moving in the right direction with their efforts to develop strategies or amend laws to incorporate children’s online safety.

The third consideration relates to the facilitation by states of appropriate privacyprotecting technologies used by children. This includes, for instance, the use of encryption to enable children to communicate in a secure manner, and safeguards the integrity and confidentiality of their communications. States should encourage the development, use and adoption of such technologies, as they not only complement the right to privacy but also facilitate the rights to freedom of expression, participation, assembly and association, among others. In this regard, children should be able to use technology freely and confidently without disproportionate monitoring by governments or other parties, unnecessarily strict moderation or policing of user-generated content, or unwarranted limitations on anonymity.69

Lastly, we are of the view that states have a positive duty to ensure that children have access to digital literacy skills. In order for children to be safe online and enjoy meaningful engagement in the digital world, they need a set of necessary skills to assist them to make informed decisions about how they exercise their rights online. These skills encompass a range of competencies including navigating and exploring new spaces; being cognisant of risks and harms; finding, evaluating and managing information online; interacting, sharing and collaborating online; developing and creating content; safely using protection features; navigating threats and challenges online; and knowing how to solve problems and be creative.70 UNESCO views digital literacy, along with digital safety and resilience digital participation and agency, digital emotional intelligence, and digital creativity and innovation as key in any child-centred approach towards digital citizenship.71 Providing children with digital literacy skills allows them to make informed choices regarding the personal information they share, it advances their understanding of the importance of privacy and avoiding risk, all while exercising their right to freedom of expression online. States should incorporate digital literacy training at an early stage in the school curriculum, with various opportunities provided to upskill as children mature and advance. Ensuring that children are informed ‘allows a child to develop an appreciation of the many opportunities of the online world’.72 States further need to take steps to ensure the digital literacy of educators, parents and guardians and caregivers.73

3.2 Role of parents, guardians and care givers

It is undeniable that children, in accordance with their age and maturity, require assistance to understand and engage with the use of online platforms.74 For instance, children are not asked to provide informed consent for the collection and processing of their personal information where they do not possess the capacity to do so.75 Parents or guardians play a more active role in deciding the scope and nature of the information and content that younger children can share and consume, but should do so while also considering the views and opinions of the children themselves.76

As mentioned, this is recognised by the internal limitation clause contained in article 10 of the African Children’s Charter, which provides that the right to privacy may be limited by a parent or guardian exercising reasonable supervision of the conduct of their children. The ambit of reasonable supervision is not defined in article 10, leaving the definition open. Sillah and Chibanda express concern that ‘this gives parents and guardians the leeway to possibly completely circumvent the right to privacy under the guise of “reasonable supervision”’.77 In our view, however, this could not have been the intention of the drafters. Furthermore, any restriction on a right may not erode the right to such an extent that the right itself becomes illusory.78 Rather, in our view, this limitation should be read with article 20 of the African Children’s Charter regarding parental responsibilities, which imposes a duty on parents and guardians to ensure that the best interests of the child are their basic concern at all times; to secure, within their abilities and financial capacities, conditions of living necessary to the child’s development; and to ensure that domestic discipline is administered with humanity and in a manner consistent with the dignity of the child.79

Parents and guardians should understand their responsibility as being one that promotes an environment conducive to the right to privacy of the child. In this regard, parents and guardians should be cautious about themselves violating the privacy rights of the child, through for instance sharing content about children on public platforms. While this may be well-intentioned, parents or guardians may make such disclosures without appropriately considering the privacy policies of the websites that they are using or the effect that such sharing may have on their child’s well-being. The concern here is twofold: First, there is the possibility of the disclosure being unwanted or harmful to the child, resulting in, for instance, bullying, harassment or embarrassment; and, second, this information can be used by third parties, such as digital marketers, to profile the child in an impermissible manner. As explained by Steinberg:80

Children have an interest in privacy. Yet parents’ rights to control the upbringing of their children and parents’ rights to free speech may trump this interest. When parents share information about their children online, they do so without their children’s consent. These parents act as both gatekeepers of their children’s personal information and as narrators of their children’s personal stories. This dual role of parents in their children’s online identity gives children little protection as their online identity evolves. A conflict of interests exists as children might one day resent the disclosures made years earlier by their parents.

Another way in which parents or guardians may infringe the right to privacy of the child is by unduly monitoring the child’s online behaviour. As with states, parents and guardians should consider whether the ambit of the reasonable supervision being exercised pursues a legitimate aim and is necessary and proportionate. In this regard, considerations to take into account might include whether there is a pressing and substantial need that is relevant and sufficient; whether it is the least restrictive means to achieve the considered aims; and whether the benefit of pursuing that aim outweighs the harm that may arise from the privacy infringement.

In determining what constitutes reasonable supervision, regard must be had to the age, maturity and level of understanding of the child. There are certain online services, platforms and applications in which children should be able to engage at an appropriate stage of their development without scrutiny from parents or guardians, who may inhibit the lawful content that the child may seek and share. For instance, under article 8 of the GDPR the age of consent for a child in relation to information society services is set at 16 years. This practically means that where the child is below the age of 16 years, the processing of personal information will only be lawful if consent is given or authorised by the holder of parental responsibility over the child.81 However, the GDPR also stipulates that member states may provide by law for an age lower than 16 years, provided that such lower age is not below 13 years.82 In the United Kingdom, for example, children aged 13 or older can provide their own consent for online services.83 In practice, however, the decision on who can consent – whether it is the child or the holder of parental responsibility – and at what point often is unclear; of particular concern, this may have the consequence of denying services to children and keeping children away from the internet until they have attained a certain age.84 In our view, this is not a reasonable exercise of supervision by parents or guardians, and would unduly encroach on the privacy rights of the child in their engagement with online activities.

The role of parents and guardians in the protection of children’s privacy rights online, and particularly in the African context, can be complicated by a lack of digital literacy skills. Recognising this, General Comment 25 notes that there is a need for states to support parents and caregivers by providing them with opportunities to gain digital literacy skills and learn how ‘technology can support the rights of children and to recognise a child victim of online harm and respond appropriately.’85 It therefore is necessary to ensure that those responsible for children, and those that seek to protect children, are empowered to and capable of doing so. As discussed above, and as highlighted in General Comment 25, digital literacy for parents, guardians and care givers is imperative for the advancement of children’s safety online – an important component of their privacy rights.

3.3 Role of the private sector

Unlike the obligations and duties placed on member states, parents and guardians, the African Children’s Charter does not explicitly engage with the obligations of non-state actors and the advancement of children’s rights. In the context of children’s rights online this is concerning given that the digital world is predominately driven by private sector actors.86 However, there has been some subsequent acknowledgment of the application of the African Children’s Charter to private sector actors. According to the African Children’s Committee in General Comment 5, it is recognised that private sector actors are also duty bearers involved in the implementation of children’s rights and that the principle of the best interests of the child applies to both state and private sector actors.87 Further to this, General Comment 5 emphasises the obligations on state parties to ensure that private sector actors do not adversely impact the rights of children.88 Although these are necessary acknowledgments, more concrete responses are needed to ensure that children’s privacy rights, both on and off-line, are not infringed by private sector actors.

Online platforms and social media companies wield significant power over how various rights are advanced or limited online.89 Unfortunately, existing laws, both regionally and globally, do not adequately safeguard children’s privacy online, and there appears to be a lack of coherent guidelines on the duties and obligations of the private sector.90 Children’s data privacy is of particular concern, with private sector actors having the capabilities and scope to erode children’s privacy rights. For example, ubiquitous technologies and the growing global reliance on data and related infrastructure lead to an array of privacy risks, including the misuse and abuse of personal data, commercial exploitation, profiling, fraudulent attacks on dignity, damage to reputation and discrimination.91 Children also risk being exposed to inappropriate content and have little or ill-informed knowledge on the implications of their digital footprint.92

The approaches to collecting, using and processing children’s data are becoming increasingly prolific, with private sector actors being able to gather extensive amounts of data on children, causing commercial data collection to be considered the highest-ranking privacy concern.93 UNICEF has recently submitted that data processing itself is a concrete concern for children’s rights, noting concerns of how personal data can impact the safety and well-being of a child, their development and opportunities and can have adverse social effects.94

Private sector actors, including online platforms, social media companies and marketers, often employ invasive tactics to collect information about children, taking advantage of the developing capacities of children and their ability to understand data privacy, the long-term consequences of sharing personal data, and the nuances of consenting to data collection.95 The user-generated content and interactive nature of social media and other online platforms present a paradox between the voluntary sharing of personal information which can in many ways promote children’s freedom of expression, their ability to disseminate information, associate and participate, but can equally threaten their privacy rights.96 Accordingly, there is a need to strike the appropriate balance between online protection and the empowerment of children. Private sector actors are central to this balance and appropriate guidance is needed to assist them in navigating these competing interests.

While data protection frameworks are not without criticism – for example, its potential to limit children’s online activities and hamper their access to opportunities and ability to participate, with parental consent being too inclusive and overprotective – it is necessary to recognise that the provisions of data protection frameworks can safeguard the privacy rights of children, and can serve to address the infringements presently committed by private sector actors. However, although data protection is an important means of limiting infringements by private sector actors, there is limited regional guidance directed towards private sector actors and how they can give effect to the African Children’s Charter. Regionally, Africa is falling short of ensuring that the privacy rights of children, specifically their data privacy, are upheld. It is also of concern that there is limited guidance to private sector actors to ensure that they advance – and not infringe – children’s privacy rights.

In response to these emerging challenges and the undeniable power of the private sector, there has been a steady incline in the introduction of duties and obligations on the private sector to respect human rights, including the rights of children. UNICEF and the International Telecommunication Union (ITU) developed Guidelines for Industry on Child Online Protection to provide advice on how different actors in the private sector can promote the safety of children who use the internet and the devices that can connect to it.97 These guidelines reinforce existing principles, such as the United Nations Guiding Principles on Business and Human Rights and the Children’s Rights and Business Principles.98

The African Children’s Committee, in the context of CRC, has recognised the ‘transnational nature of the digital environment’ which ‘necessitates strong international and regional cooperation to ensure that states, businesses and other actors effectively respect, protect and fulfil children’s rights in relation to the digital environment’.99 Along with this recognition, General Comment 25 calls on states to100

require businesses that impact on children’s rights in relation to the digital environment to establish and implement regulatory frameworks, industry codes and terms of services that adhere to the highest standards of ethics, privacy and safety into the design, engineering, development, operation, distribution and marketing of their technological products and services. States should also require businesses to maintain high standards of transparency and accountability, and encourage them to take measures to innovate in the best interests of children.

General Comment 25 further addresses issues pertaining to commercial advertising and marketing, noting that targeting of children of any age for commercial purposes on the basis of a digital record of their actual or inferred characteristics should be prohibited.101 These are important recognitions that can go a long way in advancing children’s privacy rights online.

3.4 Role of children

Last, and by no means least, children have a role to play in the protection of their privacy while enjoying the online world. Both internationally and regionally, the concept of children’s participation has evoked some controversy. Many viewed the inclusion of the concept of children’s participation in CRC102 as a ‘radical and profound challenge to traditional attitudes’.103 Fortunately, there are concerted efforts to ensure that children can meaningfully participate in decisions that affect them.104 General Comment 25 is a key example of this – the Committee conducted consultations with children from around the world who shared their experiences, their opinions and their hopes for a safer and more inclusive internet.

The African Children’s Charter provides a different route for children’s participation. Article 31 of the Children’s Charter provides for the responsibilities of children. Article 31 may ‘lead to challenges in understanding and appreciating the extent to which children can exercise responsibilities while at the same time enjoy the rights guaranteed by the Charter’,105 and has caused critics to view it as a ‘licence for harmful practices which violate children’s rights’.106 Owing to some of the misconceptions, the African Children’s Committee published a General Comment giving meaning and scope to the interpretation and understanding of the responsibilities of the child. The Committee explains:107

The responsibilities of the child as contained in Article 31 of the African Children’s Charter present an indication of the value placed on children’s role as active participants and contributors to the greater good of society, right from childhood. It is recognition of children and young people as citizens who have contributions to make to society in the here and now, and not only in the future.

We endorse this position and align with a purposive interpretation of article 31, which reveals that children should be required to play a role at ‘family, community, national and continental levels, in accordance with their age and maturity as they grow up, as part and parcel of their heritage, empowerment and developing citizenship’.108 We therefore support the ‘inclusion of the voices and experiences of young people in the decisions made about safety and security online and promote their safety, privacy, and access to information’.109 A child’s online journey is undoubtedly advanced when children are informed, equipped and afforded the opportunity to engage with decisions, systems and processes that affect them.

Aligned with the position of the African Children’s Charter, children’s participation is not limited to their involvement in decisions, but is equally about how they participate in their communities and societies. Principles of respect, dignity and equality should inform how children participate and engage online. In 2020 a group of children in South Africa worked on a Digital Rights Charter which seeks to reflect key elements of an ideal and achievable digital world for children, which is accessible, safe and empowering, and which advances the development of children in line with their rights and interests. Notably, the children felt that kindness, integrity and inclusivity should inform how they participate online. The Digital Rights Charter reflects the following in relation to the role of children online:

  • Children should be treated – and treat each other – with dignity and respect. All persons should work towards fostering the best interests of children, including by encouraging, uplifting and empowering children.
  • Children must be afforded the opportunity to meaningfully participate in decisions that affect them, and must, where reasonably possible, be included in discussions around internet governance and the development of child-centred programmes, platforms and spaces.

Engaging with children about their privacy rights, incorporating their views and working with them to ensure that they equally respect the privacy of others online are integral components to the full realisation of children’s privacy rights online.

4 Conclusion and recommendations: The future of the right to privacy of the child

As noted by UNICEF, childhood is a continuous and rapid period of development, and no single approach can fully guide efforts to realise the right to privacy of the child.110 Information shared on the internet has the potential to exist long after the value of the disclosure remains, and therefore disclosures made during childhood have the potential to last for a lifetime.111 It has been noted that

[t]he fact that children’s data can now be collected from the moment of their birth, the sheer volume of digital information that is generated during the first 18 years of life, and the multiple and advancing technological means for processing children’s data all raise serious questions about how children’s right to privacy can best be preserved and protected.112

As we look to the future of the right to privacy of the child in Africa, we propose eight recommendations to be considered to guide the actions of relevant stakeholders.

First, multi-stakeholder cooperation is essential for appropriately safeguarding the privacy rights of the child. This requires cooperation from states, regulators, non-state actors, national human rights institutions, educators and civil society. Most importantly, this requires input from children themselves to understand the digital future in which they want to participate. The right to privacy now is so intertwined with the realisation of a range of other rights, and finds application in such a vast array of online spaces, that it cannot be considered or dealt with in isolation.

Second, states should adopt and implement child-sensitive legal frameworks that provide appropriate protections for the privacy rights of the child. In some instances this might require the reform of existing laws, such as surveillance laws that are typically applied in a relative blunt manner that infringes the right to privacy of all affected persons, children included. In other instances this might require the development of new laws, such as data protection laws, that include appropriate provisions for the processing of personal information relating to children to ensure that such personal information is processed in a manner that is fair, lawful, transparent and compatible with the purpose for which it was collected. Such legal frameworks must be nuanced to address the evolving maturities and capabilities of a child through the duration of childhood and address the potential harms that children may suffer to minimise the risks of being online. States must take responsibility for ensuring that other stakeholders meet their obligations in terms of such laws. States must equally ensure that appropriate implementation, compliance and enforcement mechanisms are in place in order to avoid any unjustifiable limitations on the rights of children.

Third, digital literacy must be seen as a key imperative from an early age. For present purposes, we emphasise the importance of digital literacy for children, to enable them to make informed decisions about their online engagement and privacy rights. It is only through such digital literacy that children can be truly empowered to realise the right to privacy in their personal capacities, and to understand the consequences that this may have for them, both now and in the future. More broadly, however, it is also important to ensure that there is appropriate digital literacy for parents, guardians and educators, to enable them to assist children to exercise their privacy and other online rights in a manner consistent with their best interests. Coupled with digital literacy for children, states must provide appropriate support and guidance for parents, guardians, care givers and educators.

Fourth, the development of privacy-protecting technologies, as well as online platforms and services, should be encouraged and promoted. These should be developed in a child-friendly manner that considers the ways in which such technologies will be used by children. By creating an enabling environment for the development of such technologies, children will be able to engage in online platforms in a safe and secure manner and will be able to do so without their privacy rights being infringed.

Fifth, children must be able to seek redress where their privacy rights have been infringed or their reputations have been damaged. As noted by UNICEF:113

Children’s reputations are increasingly shaped by the growing quantities of information available about them online. This not only influences children’s interpersonal relationships but may also have an impact on their ability to access services and employment as they enter adulthood.

Children should be able to easily request that their personal information is corrected or deleted, especially where such information has been collected or published without their consent, and seek the removal of content that they believe to be damaging to their reputation.114 Furthermore, children should be able to seek appropriate remedies against any stakeholder that has infringed their privacy rights, be it the state or a private sector actor, and be enabled to receive effective redress in this regard. To this end, data protection authorities should establish units or departments that are available to assist children seeking redress.

Sixth, parents and guardians should be considered and deliberative in their approaches to the exercise of reasonable supervision over the right to privacy, and avoid unduly restricting the right. The guidance provided in the General Comment on article 31 of the African Children’s Charter can be applied to children’s rights in a digital environment, and may assist parents and guardians in ensuring that the ‘[r]ights of the child including freedom of expression, participation, and development, among others, shall not be compromised or violated by reference to “respect for adults”’.115 Furthermore, clarity should be provided on the age of consent for children when accessing online platforms, and the roles and responsibilities of parents and guardians when exercising such consent on behalf of the child. Parents and guardians should also be cautious about the role that they can play in indirectly infringing the privacy rights of children, such as through online disclosures or the undue monitoring of online content. Parents and guardians should, to the extent possible, and with support from the state, engage in digital literacy opportunities in order to provide meaningful and appropriate support to their children.

Seventh, private sector actors should adopt child-centric policies that are compliant with the African Children’s Charter and other international law guidance on the right to privacy. Such policies should be accessible and transparent,116 and cover (i) processes relating to data collection, retention and preservation; (ii) appropriate online advertising to children; and (iii) ownership of user-generated content and the removal thereof.117 Private sector actors should be required to adapt and implement advanced default privacy settings for the collection, processing, storage, sale and publishing of personal data of children, including location-based information and browsing habits.118 Moreover, in line with General Comment 16 of the CRC Committee, it is important for there to be child rights impact assessments conducted in order to consider the privacy impact on all children affected by the activities of a particular business or sector.

Finally, it is apparent to us that there is much need for further debate and discussion on how the privacy rights of children will be developed in Africa in the coming decades. In this regard, we therefore call on the African Children’s Committee to develop a General Comment on the rights of children in the digital era, with specific reference to the right to privacy of the child in Africa, including the roles and responsibilities of the state, parents, guardians and private sector actors. General Comment 25 provides a useful point of departure. However, as evident in the drafting of the African Children’s Charter it is necessary to ensure that African realities and realistic solutions are captured. The proposed General Comment by the African Children’s Committee would therefore be more nuanced, taking into consideration the specificity of the relevant provisions of the African Children’s Charter, the unique context in Africa, and the need for appropriate accountability from the full range of stakeholders. In doing so, the African Children’s Committee has a key opportunity to develop the laws, practices and policies of stakeholders operating in the digital environment, and fundamentally change the way in which the right to privacy of the child is realised in Africa.

In conclusion, while today’s young people will be the first to settle into adulthood under this new landscape, future generations will follow in their path.119 The answer, however, is not to unduly restrict children’s access to online services. This risks jeopardising a range of children’s rights, including the rights to freedom of expression, access to information, education, association and assembly. The right to privacy is vital for a child’s development, including developmental areas of autonomy, identity, intimacy, responsibility, trust, resilience, critical thinking and sexual exploration.120 As such, a carefully considered and balanced approach needs to be developed that balances the range of competing rights and interests, and which treats the best interests of the child as the paramount consideration.


1 UNICEF Review of progress in the advancement of child rights in Africa: Reflecting on the past and future challenges andopportunities (2020) 10.

2 See History of the African Declaration on Internet Rights and Freedoms, https://africaninternetrights.org/en/about (accessed 15 February 2021).

3 S Livingston et al ‘One in three: Internet governance and children’s rights’ UNICEF Innocent Discussion Paper 2016-01(2016) and UNICEF Children in a digital world (2017) 46.

4 African Union Africa’s Agenda for Children 2040: Fostering an Africa fit for children (2016) 14.

5 CRC Committee General Comment 25: Children’s rights in relation to the digital environment CRC/C/GC25 (2021).

6 UNICEF Children’s rights and the internet: From guidelines to practice (2016) 12.

7 For a further discussion on these risks, see M Viola de Azevedo Cunha ‘Child privacy in the age of web 2.0 and 3.0: Challenges and opportunities for policy’ UNICEF Innocent Discussion Paper 2017-3 (2017) 6. See also UNICEF (n 1) 91. See further Council of Europe Policy guidance on empowering, protecting and supporting children in the digital environment (2018) 14.

8 UNHRC ‘The right to privacy in the digital age’ A/HRC/34/L.7/Rev.1 (2017).

9 African Charter on the Rights and Welfare of the Child (1990).

10 Convention on the Rights of the Child (1989).

11 Centre for Child Law and Others v Media 24 Limited & Others 2020 (3) BCLR 245 (CC) para 49.

12 UNHRC ‘Report of the United Nations High Commissioner for Human Rights’ A/HRC/39/29 (2018) 1.

13 Universal Declaration of Human Rights (1948).

14 International Covenant on Civil and Political Rights (1966) art 17.

15 African Charter on Human and Peoples’ Rights (1981).

16 For a detailed discussion on reading the right to privacy into the African Charter on Human and Peoples’ Rights see, A Singh & T Power ‘The privacy awakening: The urgent need to harmonise the right to privacy in Africa’ (2019) 3 African Human Rights Yearbook 202.

17 Declaration of Principles on Freedom of Expression and Access to Information in Africa (2019) Principle 40.

18 See United Nations Human Rights Committee ‘General Comment 16 on Article 17 of the International Covenant on Civil andPolitical Rights’ HRI/Gen/1/Rev.1 (1994) (General Comment 16).

19 African Commission on Human and Peoples’ Rights ‘Resolution on the Right to Freedom of Information and Expression on the Internet in Africa’ ACHPR/Res.362(LIX) (2016); United Nations Human Rights Council ‘Resolution on thePromotion, Protection and Enjoyment of Human Rights on the Internet’ A/HRC/32/L.20 (2016) para 1.

20 M Gose The African Charter on the Rights and Welfare of the Child (2002) 79.

21 O Ekundayo ‘Does the African Charter on the Rights and Welfare of the Child (ACRWC) only underlines and repeats the Convention on the Rights of the Child (CRC)’s provisions?: Examining the similarities and the differences between the ACRWC and the CRC’ (2015) 5 International Journal of Humanities and Social Science 143 147 and J Oestreich ‘UNICEF and the implementation of the Convention on the Rights of the Child’ (1998) 4 Global Governance 184.

22 Ekundayo (n 21).

23 J Adu-Gyamfi & F Keating ‘Convergence and divergence between the UN Convention on the Rights of the Children and the African Charter on the Rights and Welfare of the Child’ (2013) 3 Sacha Journal of Human Rights 50.

24 As above. See further T Kaime ‘The foundations of rights in the African Charter on the Rights and Welfare of the Child: A historical and philosophical account’ (2009) 3 African Journal of Legal Studies 131.

25 Preamble to the African Children’s Charter.

26 Ekundayo (n 21 ) 144-145.

27 J Sloth-Nielsen ‘A dutiful child: The implications of article 31 of the African Children’s Charter’ (2008) 52 Journal of African Law 159.

28 Ekundayo (n 21) 155.

29 African Committee of Experts on the Rights and Welfare of the Child General Comment on Article 31 of the African Charter on the Rights and Welfare of the Child on ‘the responsibilities of the child’ (2017).

30 As above.

31 Art 1 African Charter.

32 General Comment 16 (n 18) para 7.

33 Bernstein v Bester NNO 1996 (2) SA 751 (CC) paras 67 & 75.

34 As above.

35 UNICEF Children’s online privacy and freedom of expression (2018) 4.

36 As above.

37 General Comment 25 (n 5).

38 Preamble to the African Children’s Charter.

39 CRC Committee General Comment 5: General Measures of Implementation of the Convention on the Rights of the Child CRC/GC/2003/527 (2003). See further Council of Europe Guidelines to respect, protect and fulfil the rightsof the child in the digital environment (2018) 12-13.

40 General Comment 25 (n 5).

41 General Comment 25 paras 9-19.

42 African Children’s Committee General Comment 5 on State Party Obligations Under the African Charter on the Rights and Welfare of the Child (Article 1) and Systems Strengthening for Child Protection (2018) (General Comment 5) 7.

43 As above.

44 Art 3 African Children’s Charter.

45 General Comment 5 (n 42) 18.

46 General Comment 16 (n 18) para 7.

47 General Comment 16 para 9.

48 UNICEF (n 35) 8.

49 In general terms, there are two common types of surveillance: mass surveillance, or passive or indirect surveillance, whichrelies on systems or technologies that collect, analyse, and/or generate data on indefinite or large numbers of people. Targeted surveillance differs in that it amounts to surveillance directed at particular individuals and can involve the use of specific powers by authorised public agencies. See Privacy International Mass surveillance and House of Lords overview of surveillance and data collection (2009).

50 See, eg, principle 41(1) of the African Commission Declaration of Principles, which provides that ‘[s]tates shall not engage in or condone acts of indiscriminate and untargeted collection, storage, analysis or sharing of a person’s communications’. See further AmaBhungane Centre for Investigative Journalism NPC v Minister of Justice and Correctional Services ; Minister of Police v AmaBhungane Centre for Investigative Journalism NPC 2021 (3) SA 246 (CC) in which the South African Constitutional Court remarked in a footnote that ‘[a]ny arbitrary or unlawful interception of children’s communications is at odds with South Africa’s international law obligations under Article 16(1) of the Convention on the Rights of the Child, 20 November 1989, which provides that “[n]o child shall be subjected to arbitrary or unlawful interference with his or privacy, family, home or correspondence” and Article 10 of the African Charter on the Rights and Welfare of the Child, 1 July 1990, which provides that “[n]o child shall be subject to arbitrary or unlawful interference with his privacy, family home or correspondence”’.

51 General Comment 25 (n 5) para 67.

52 This aligns with the approach adopted in General Comment 25 para 72 which requires states to take ‘legislative and other measures to ensure that children’s privacy is respected and protected by all organisations and in all environments that process their data. Such legislation should include strong safeguards, independent oversight and access to remedy.’

53 Recital 38 to the General Data Protection Regulation (2016).

54 For a mapping of data protection laws in Africa, see https://dataprotection.africa/ (accessed 14 July 2020). See also GGreenleaf & B Cottier ‘2020 ends a decade of 62 new data privacy laws’ (2020) 163 Privacy Laws and Business International Report 24-26.

55 African Union Convention on Cyber Security and Personal Data Protection (2014).

56 See T Illori ‘Data protection in Africa and the COVID-19 pandemic: Old problems, new challenges and multistakeholder solutions’ (2020) African Declaration on Internet Rights and Freedoms 4. See also G Greenleaf & B Cottier ‘Comparing African data privacy laws: International, African and regional commitments’ (2020) University of New South Wales Law Research Series.

57 Supplementary Act A/SA.1/01/01 on Personal Data Protection (2010).

58 Sec 37 of the Data Protection Act prohibits the processing of the personal information of a child who is under parental control unless the processing is necessary or the parent or guardian of the child consents. Section 32 of the Protection of Personal Information Act contains additional exceptions, including whether the information has been deliberately made public by the child with the consent of a parent or guardian.

59 Sec 33(1) Data Protection Act 24 of 2019.

60 Sec 33(2) Data Protection Act 24 of 2019.

61 Secs 12 and 26 of the Cyber Security and Data Protection Bill. The Bill does not define competent person.

62 Council of Europe Comments submitted by the Secretariat of the Council of Europe on the UN Committee on the Rights of the Child’s draft General Comment on children’s rights in relation to the digital environment (2020) 16.

63 United Kingdom Information Commissioner’s Office Age-appropriate design: A code of practice for online services (2020).

64 As above. The Children’s Code sets out 15 standards that are cumulative and interlinked, including the best interests of the child, data protection impact assessments, age-appropriate application, parental controls, and profiling.

65 Postal and Telecommunication Regulatory Authority of Zimbabwe (POTRAZ) Child Online Projection Guidelines for Children (2015).

66 See NNW ‘Zambia commits to protect children from online abuse through National Child Online Protection Policy’ News from non-aligned world’
13 October 2020.

67 UNICEF Child online protection (2018).

68 The South African Portfolio Committee on Social Development is working on the Children’s Amendment Bill [B18 – 2020] which aims to amend the Children’s Act, 2005 so as to, among other things, provide for children’s right to privacy and protection of information.

69 UNICEF (n 35) 9.

70 See UNICEF Children in a digital world (2017) 128, and UNICEF Children’s online privacy and freedom of expression (2018) and Media Monitoring Africa Children’s rights online: Towards a digital rights charter (2020). See also N Law et al A global framework of reference on digital literacy skills for indicator 4.4.2 (2018).

71 See UNESCO Digital kids Asia-Pacific: Insights into children’s digital citizenship (2019).

72 Media Monitoring Africa (n 70) 19.

73 General Comment 25 (n 5) para 89.

74 UNICEF (n 35) 10.

75 As above.

76 As above.

77 RM Sillah & TW Chibanda ‘Assessing The African Charter on the Rights and Welfare of the Child (ACRWC) as a blueprint towards the attainment of children’s rights in Africa’ (2013) 11 IOSR Journal of Humanities and Social Sciences 53.

78 Communication 140/94-141/94-145/95, Constitutional Rights Project & Others v Nigeria (2000) AHRLR 227 (ACHPR 1999).

79 Art 20(1) African Children’s Charter.

80 SB Steinberg ‘Sharenting: Children’s privacy in the age of social media’ (2017) 66 Emory Law Journal 839.

81 Art 8(1).

82 As above. See, also Better Internet For Kids Status quo regarding the child’s article 8 GDPR age of consent for dataprocessing across the EU (2019).

83 Information Commissioner’s Officer Children and the GDPR (2018).

84 Multi-stakeholder Expert Group To Support the Application of Regulation (EU) 2016/679 Contribution from the multi-stakeholder expert group to the stock-taking exercise of June 2019 on one year of GDPR application (2019).

85 General Comment 25 (n 5).

86 UNHRC (n 8).

87 General Comment 5 (n 42) 4 & 11.

88 General Comment 5 45-47.

89 See eg in the context of the rights to freedom of peaceful assembly and of association Report of the Special Rapporteur on the rights to freedom of peaceful assembly and of association (2019).

90 Viola de Azevedo Cunha (n 7) 11.

91 M Macenaite & E Kosta ‘Consent for processing children’s personal data in the EU: Following in US footsteps?’ (2017) 26 Information and Communications Technology Law 146.

92 UNICEF Guideline for Industry on Child Online Protection (2015) 6 (Guidelines for Industry).

93 S Livingtone, M Stoilove & R Nandagiri Children’s data and privacy online: Growing up in a digital age (2018) 14.

94 Submission from UNICEF to the CRC Committee on the General Comment on children’s rights in relation to the digital environment (2019).

95 Livingtone et al (n 93) 15. See also UNICEF (n 35).

96 As above. See further Guidelines for Industry (n 92).

97 ITU and UNICEF Guidelines for industry on child online protection (2020).

98 UNHCR Guiding Principles on Business and Human Rights (2011) and CRC Committee General comment 16 (2013) on State obligations regarding the impact of the business sector on children’s rights.

99 General Comment 25 (n 5).

100 General Comment 25 para 39.

101 General Comment 25 para 42.

102 Art 12 CRC.

103 Art 12 CRC.

104 CRC Committee General Comment 12 The right of the child to be heard CRC/C/GC/12 (2009).

105 General Comment on art 31 (n 29).

106 Sloth-Nielsen (n 37).

107 General Comment on art 31 (n 29).

108 Sloth-Nielsen (n 37).

109 Feminist Principles of the Internet (2014).

110 UNICEF (n 35) 10.

111 Steinberg (n 80) 846.

112 UNICEF (n 35) 4.

113 UNICEF (n 35) 9.

114 As above.

115 As above.

116 Submission from the EU Kids Online Network to the UN Committee on the Rights of the Child on the General Comment on children’s rights in relation to the digital environment (2019).

117 Guidelines for Industry (n 92)

118 As above.

119 Steinberg (n 80) 846.

120 Livingtone et al (n 93) 17.