Online Privacy for Children and Teenagers: What Data Is Collected and How to Protect It

The Data Economy and Young People

The modern internet is built on a data economy in which personal information is the primary commodity. Most of the services that children and teenagers use for free, including social media platforms, search engines, video streaming services, and many games, generate revenue by collecting data about users and using it to deliver targeted advertising or selling it to third parties.

Children and teenagers generate substantial quantities of this data. Their search histories, viewing habits, location patterns, social connections, and behavioural patterns are collected, aggregated, and used in ways that most young people (and many parents) are not aware of. Understanding this process, and knowing what steps can be taken to limit it, is an important part of digital literacy.

What Data Is Collected and How

Registration data: When creating accounts, children provide names (sometimes real, sometimes pseudonyms), email addresses, dates of birth, and sometimes phone numbers. This data is stored and used to verify accounts, deliver targeted content, and in some cases shared with third parties.

Usage data: The specific content consumed, search terms used, how long attention is spent on particular items, what is clicked or tapped, what is paused, rewound, or replayed. This behavioural data is often more valuable than registration data because it reveals interests, preferences, and psychological patterns.

Location data: Many apps request location access. Location data over time reveals where someone lives, goes to school, shops, socialises, and travels. It can be used to build detailed profiles and has significant privacy implications. Location data from apps is routinely shared with advertising networks.

Device data: Device identifiers, operating system, browser type, and other technical information are collected and used to track users across different services, even when they are not logged into any account.

Social graph data: On social media and messaging platforms, the pattern of connections (who a person communicates with, how often, in what contexts) is collected and used. This data can reveal relationships, social status, and influence patterns.

Audio and camera data: Apps that are granted microphone or camera access can, in principle, access these at any time (subject to permission and platform policies). While systematic abuse of this access would violate platform policies and in most cases the law, granting these permissions to apps that do not need them unnecessarily increases exposure.

Why Children's Data Privacy Matters

The implications of extensive data collection on young people extend beyond the immediate concerns of advertising:

Profiling: Data collected during childhood and adolescence can be used to build profiles that follow an individual into adulthood, influencing what opportunities, products, and prices they are offered, and in some cases affecting employment or creditworthiness assessments.

Manipulation: Detailed psychological profiles built from behavioural data can be used to deliver highly targeted persuasive content, including political messaging, advertising designed to exploit specific insecurities, and other content that influences beliefs and behaviour.

Security risk: Data held about children is a target for hackers. Data breaches exposing children's personal information have occurred at many major companies and can expose young people to identity theft, fraud, or targeted contact from malicious actors.

Loss of future autonomy: Young people cannot fully consent to data collection during childhood, yet that data may have consequences for their adult lives. Many child privacy advocates argue that this represents a fundamental injustice that regulatory frameworks are still working to address.

Legal Protections for Children's Data

Several jurisdictions have enacted specific protections for children's data:

The UK Age Appropriate Design Code (Children's Code): Requires services likely to be accessed by children to default to privacy-protective settings, limit data collection, and not profile children in ways that could harm their interests.

COPPA (Children's Online Privacy Protection Act, US): Requires verifiable parental consent before collecting personal information from children under 13. This is why most platforms set their minimum age at 13: to avoid COPPA compliance obligations.

GDPR (EU General Data Protection Regulation): Sets standards for data collection and use that apply to all European users and, by extension, to how European children's data is handled. Includes rights to access, correct, and delete personal data.

These legal protections, while meaningful, are imperfectly enforced and do not cover all services, particularly those based outside regulated jurisdictions.

Practical Steps for Protecting Privacy

Review and minimise app permissions: On both iOS and Android, it is possible to review which apps have access to location, microphone, camera, contacts, and other data. On iPhone, go to Settings then Privacy and Security. On Android, go to Settings then Privacy then Permission Manager. Revoke permissions that specific apps do not genuinely need.

Use private browsing for sensitive searches: Private or incognito browsing mode prevents search history and browsing data from being stored on the device and reduces (though does not eliminate) data collection by search engines. For children, ensuring they know how to use private browsing for health-related or other sensitive searches reduces the data trail.

Review social media privacy settings regularly: Platform privacy settings change frequently. Conduct a regular review of settings on all social media accounts, covering who can see posts, what data is used for advertising, and whether location data is being shared.

Use privacy-focused alternatives where practical: Search engines like DuckDuckGo collect less user data than Google. Browsers like Firefox and Brave have stronger default privacy protections than Chrome. Email services like ProtonMail offer stronger privacy than mainstream providers. These alternatives involve some trade-offs in features and convenience but are worth considering for children's primary devices.

Read privacy settings, not just privacy policies: Full privacy policies are long and difficult to parse. The privacy settings in app settings menus are where practical control lives. Spending fifteen minutes reviewing and tightening the privacy settings in the apps a child uses regularly is far more impactful than reading legal documents.

Discuss data collection as part of digital literacy: Teaching children that free services are not really free, that the product is their data, and that they can make choices to limit collection, is an important part of digital literacy. This is not a reason to avoid the internet but a context for understanding and navigating it.

Exercise data subject rights: In many jurisdictions, individuals (or parents on behalf of children) have the right to request what data a company holds, request correction of inaccurate data, and in some cases request deletion. These rights can be exercised through formal requests to platforms. The process is not always easy but is meaningful particularly for older data that is no longer needed.

Social Media and Data Privacy

Social media platforms are among the most intensive data collectors. Steps to improve privacy on major platforms include:

• Set accounts to private, limiting data exposure to approved followers only
• Under advertising settings on Instagram and Facebook, opt out of data sharing with third-party advertising partners
• On TikTok, under Settings then Privacy, review location and advertising data settings
• On Snapchat, under Settings then Privacy Controls, review what data is shared and with whom

Conclusion

Complete online privacy is not achievable for anyone living a normal digital life in the 21st century. The goal is not perfection but informed, intentional choices that meaningfully limit exposure. Families that understand how data collection works, take practical steps to limit unnecessary collection, and teach children the basics of digital privacy are far better positioned than those who assume that free services have no cost. The cost is data, and it is worth knowing what you are trading.