Step 6: Identify measures to reduce risk
Identify additional measures you could take to reduce or eliminate risks identified as medium or high risk in step 5.
Risk | Options to reduce or eliminate risk | Effect on risk Eliminated/ reduced/ accepted | Residual Low/ medium/ high | Measure approved
Yes/no |
---|---|---|---|---|
Profiling that infers children's personal information is done without adequate transparency or safeguards, or is not in the best interests of the child risking children’s right to development and preservation of identity. | Profiling off-by-default, except for game play data. | reduced | low | yes |
Personalised targeting of service features that generate revenue (targeted ads or the availability of apps to download from the app store) that are set to on-by-default, or without adequate transparency and safeguards that risks children’s right to protection from economic exploitation. | There is no profiling for marketing purposes. Privacy set at high-by-default, with change only possible through parental controls. | reduced | low | yes |
Use of (game-play) data that contravenes health standards and guidelines (eg issues by the Chief Medical Officer or Public Health England). Risk that data-enabled service personalisation leads to excessive engagement that impacts on the child’s right to health. | Parental controls are included in the product which allow parents to limit the time the tablet is used for. Prompts are issued to parents where controls are not used. | reduced | low | yes |
Personalised content that exposes children to content that is damaging to health (for example age-inappropriate products, suicide and self-harm content or inaccurate health information) that risks children’s right to life, survival and development. | All apps available from our own app store are designed for children of under 11 years of age and do not contain any content which could cause harm to children. Parental control features allow parents to determine what apps or websites their children may access generally. Parents may report apps of concern. | reduced | low | yes |
On-by-default data sharing with other service users exposes children to risks of violence or abuse (for example through stalking or harassment). | Photos or video recordings are stored on the tablet only. The tablet does not have functionality which would enable sharing of photos or videos. Security measures in place to guard against third party access to photos etc stored on the tablet. | reduced | low | yes |
Data relating to identity is shared with other service users through on-by-default settings, or without adequate transparency and safeguards, risking children’s right to development and preservation of identity. | The tablet uses the most up to date version of Android with regular security updates. No email or messaging function to allow actors to send tracking downloads or malware. We provide parental controls allowing choice not to link the tablet to web, YouTube Kids and Google App Store. We maintain strong security for our proprietary app store. All apps available for download are tested for malware and tracking cookies. | reduced | low | yes |
Lack of age assurance measures on services that allow children to access or create unlawful sexual content, and risks children’s right to protection from sexual exploitation. | The tablet and apps support different age ranges: three to four, five to seven and eight to 11. No apps are available on the app store that feature a PEGI rating of 12 or above, or feature adult content. When the app is launched, the tablet asks the parent to select the age ranges for their children. Subsequent tablet launches asks the child to log into their profile to ensure the correct content is available for that particular child. Parental controls allow parents to monitor use of the tablet by children. | reduced | low | yes |
Connected devices gathering data within private spaces (eg a child's home), without adequate transparency or safeguards (eg passive listening), risking children’s right to protection of privacy. | Clear privacy information provided in privacy notice and just-in-time notices. Passive collection of personal data is limited to game-play information. Clear icon that shows when device is connected | reduced | medium | yes |
This document is made available on the basis that the user understands that:
- they remain fully liable for their own legal and regulatory obligations;
- the ICO does not accept any liability for any reliance that might be placed on any feedback, comments or other input it might provide; and
- providing this sample DPIA does not prevent or limit the ICO’s ability to take any enforcement action or other regulatory action against companies that might use the sample as the basis for their own DPIA, if the ICO deems such action is appropriate.