Skip to main content

Step 4: Assess necessity and proportionality

Contents

Describe compliance and proportionality measures, in particular: what is your lawful basis for processing? Does the processing actually achieve your purpose? Is there another way to achieve the same outcome? How will you prevent function creep? How will you ensure data quality and data minimisation? If you use AI, how will you avoid bias and explain its use? What information will you give individuals? How will you help to support their rights? What measures do you take to ensure processors comply? How do you safeguard any international transfers.

Lawful bases for processing

Guidance: See Annex C of the code – Lawful basis for processing for guidance on how to determine the lawful basis you can use when processing personal data.

  • Performance of a contract with the data subject (Article 6(1)(b)UK GDPR): where processing is necessary to fulfil a product order (including creating an account, selecting and paying for products, sending products to customers online); provision of after-sales service; and sending service emails.
  • Legitimate interests (Article 6(1)(f) UK GDPR): processing of personal data connected with strictly necessary cookies (security cookies and functionality to enable a service requested by the user); corresponding with customers in response to enquiries; processing of data for fraud prevention and data security purposes; carrying out customer consultations, surveys or market research; administration and protection of the business and website; and platform analytics and monitoring where data is not derived from cookies or similar technologies. We have carried out legitimate interests assessments for all processing activities carried out on this basis.
  • Consent (Article 6(1)(a) UK GDPR: processing connected with sending e-newsletters where a person has opted in to receiving them; and processing personal data in connection with functional, analytics or marketing cookies.

Necessity and proportionality

We consider that our processing achieves the purposes set out in step 3 and does not go beyond what is reasonably necessary to achieve these purposes.

To ensure there is no function creep, we only use data for the limited purposes explained in this DPIA.

We ensure data minimisation and proportionality by only asking for data that we need for a current specified purpose.

Guidance: You should be clear, open and honest with your users about what they can expect when they access your online service. Standard 4 of the code – Transparency – sets out what the ICO will be looking for:

“The privacy information you provide to users, and other published terms, policies and community standards, must be concise, prominent, and in clear language suited to the age of the child. Provide additional specific ‘bite-sized’ explanations about how you use personal data at the point that use is activated.”

See the Children’s code design guidance for support and good practice examples on how to incorporate transparency by design.

Transparency and data subject rights

Adults are given information about our processing through our privacy policy which they are asked to review when they create an account, download apps, and when they configure the tablet for first use. The privacy policy is also accessible from our website footer. Our cookie policy contains information about cookies used on our website and apps. This is accessible through our cookie consent tool and from our website footer. 

In addition to the privacy policy which is aimed at adults, we also provide privacy information to children in both age-appropriate text and video formats.

We explain about individuals’ rights in our privacy policy and include an email address which individuals can use to contact us with any questions about their rights and how to exercise them. Our team members that deal with queries on data protection matters and requests to exercise data subject rights have received basic training on dealing with requests, including data protection and child safety training. From 2021 staff will also receive training in child data protection guidance produced by the ICO and the FTC.

Processors

We use a web hosting service, an analytics service provider, an outsourced call centre, a direct marketing agency and an email services agency/ CRM provider. They all act as processors. We have entered into Article 28(3) GDPR terms with each of these third parties and also carried out appropriate security risk assessments. The Article 28 agreements include a contractual obligation for the processor to use EU SCCs and undertake a risk assessment if or when they engage the services of a sub-processor who is transferring data to a third country.

International transfers

Transfers of data are made in connection with sharing personal data with our hosting provider and analytics service provider described in step 2. We have entered into EU Standard Contractual Clauses with these third parties. We also transfer personal data to our group companies, including those in the US, Hong Kong and China. These transfers are made subject to an intra-group agreement which incorporates the EU Standard Contractual Clauses. We have carried out appropriate transfer impact assessments to ensure  that the level of protection of personal data when transferred internationally is essentially equivalent to the GDPR or equivalent appropriate safeguards existing in the relevant third countries. In situations where the level of protection is not essentially equivalent, we have put in place effective supplementary measures, to ensure an essentially equivalent level of protection.

Describe how you comply with the Age-appropriate design code: what specific measures have you taken to meet each of the standards in the code?

Best interests of the child: We have taken into account the interests and rights of the children that use our tablet. These are reflected in the various controls with have put in place which are described in this DPIA; the age appropriate privacy explanations; our policy of never contacting children; and our limited collection and use of their personal data.  All the content available to children is age-appropriate and is designed to support their learning, development and leisure in a safe environment. The role of parents in protecting their children is recognised and supported through the parental dashboard.

Data protection impact assessments: We have completed this DPIA which covers all processing activities carried out in connection with our processing of customer (both adult and child) data. We keep this DPIA under review and are aware of the need to update it if we make any changes to our processing of customer personal data. We make the up-to-date version of this DPIA available on our website and refer to it in our privacy policy.

Age-appropriate application: The key aim of our tablet and the games and content we offer in connection with it is that it is age-appropriate, and we have focussed on this throughout the design process. The tablet and apps support different age ranges: three to four, five to seven, and eight to 11. When the app is launched, the tablet asks the parent to select the age ranges for their children. Subsequent tablet launches asks the child to log into their profile to ensure the correct content is available for that particular child.

Users can access content from multiple curriculums and levels appropriate for their age range. As the child plays one of our apps the age range selection and details of the content and curriculum previously accessed are sent to our server.  The server can then guide the child to the correct level based on previous progress.

Privacy information is provided to children in age-appropriate text and video formats. This includes if a child is using the tablet when parental controls are in effect, and the child tries to do something which has not been permitted by the parent. For example.  access content and apps, or exceed time limits . In these cases the children see and hear a simple message explaining that they cannot do that particular thing because parental controls are active.

Transparency: We provide a privacy policy and cookie policy explaining how we use personal data and how cookies are used on our website and apps. As set out above, we provide separate age-appropriate privacy information for children. Our terms and conditions are also written in clear and easy to understand language.

Detrimental use of data: We do not use personal data in any way which could be detrimental to a child’s or any other person’s well-being.

Policies and community standards: We follow our terms and conditions and privacy policy and only use data in accordance with these documents.

Guidance: When you set community rules and conditions of use for users of your service, you need to actively uphold or enforce those rules and conditions. Standard 6 of the code – Policies and community standards confirms that your own published terms, policies and community standards include, but are not limited to, privacy policies, age restriction, behaviour rules and content policies or standards you adhere to (eg PEGI ratings).

Default settings:  Privacy settings for our tablet and apps are at high-by-default. We do not use profiling with our core services. Geolocation is set as off-by-default. Changes to the settings can only be made through the parental controls.

Data minimisation: We only collect and process the minimum amount of personal data we need for the purposes for which we are processing the personal data. Parents have the choice about whether to allow access to Google Play and YouTube Kids. Data can only be collected and shared by these third-party apps if parents allow access through the parental control screens. Users have a choice over whether to accept cookies and to sign up for our e-newsletter. Privacy settings on the tablet and our apps are set at high-by-default.

Data sharing: Data we share with the third parties is described under the heading ‘Data sharing’ in step 2. Privacy is set as high-by-default, which limits the amount of children’s data that we collect. Parents can choose not to allow third-party apps such as Google App Store and YouTube Kids.

Some data is shared with other parts of the company to support business purposes, research purposes and legal and regulatory obligations.

Geolocation: We do not collect or use any geolocation data.

Parental controls: The tablet features a number of parental controls. These are explained in detail under the heading ‘Parental controls’ in step 2.

Profiling: Profiling is off-by-default except where analysis of game-play data in educational games serves the purpose of increasing the knowledge of the child. We believe that educational games require  profiling in order to both place the child at the right level and to ensure the child continues in their educational journey. Parents are offered the option of turning game-play profiling for non-educational games on at the set-up stage. We provide an explanation of the profiling to parents at this stage to support their choice.

We do not profile for marketing purposes.

Nudge techniques: We do not use nudge techniques to encourage children to change privacy settings, download content or make purchases.

Guidance: Nudge techniques are design features which lead or encourage users to follow the designer’s preferred paths in the user’s decision-making. The code states that ISS should not use nudge techniques to lead or encourage children to provide unnecessary personal data or turn off privacy protections. See Standard 13 of the code – Nudge techniques

Connected toys and tablets: We make clear in our privacy policy who is collecting and processing personal data. We provide clear information about our use of personal data at the point of purchase of apps and content and when parents first set up the tablet. We also make use of “just-in-time” information (eg when informing children that parental controls are active). We have designed our product around the potential for use by different aged children (see the section ‘Age appropriate application’).  Each child who uses the tablet has their own profile which ensures that they are presented with the current content when using the tablet. Our passive collection of personal data is limited to game-play information which we use for the purposes of providing the appropriate game level and challenges for children of different ages and to develop new features and services. Where our apps allow children to take and store photographs or videos, these are stored on the tablet only.

We provide clear information on the product packaging and in the set up instruction booklet indicating that the product processes personal data at the point of sale and during the tablet set-up stage. The tablet features a clear icon that the product is ‘connected’.

Privacy notices, terms and conditions and the operating manual are available through our website without having to purchase and set up the tablet first. This allows parents to make an informed decision about whether or not to buy the tablet.

Online tools: All marketing emails contain an unsubscribe link. Users who have registered for an account also have the option to delete their account at any time (subject to limited data retention in line with our retention policy). Icons are used to guide children who need help with any content they find online. Clicking the link will report the issue to the company and the parents for resolution.

Guidance: Online tools are mechanisms to help children exercise their rights simply and easily when they are online, such as complaints buttons. Standard 15 of the code – Online tools states that you should provide prominent and accessible tools to help children exercise their data protection rights and report concerns.