I recently dealt with a case at a school where a boy had asked a girl to send sexually explicit images of herself to him via her smartphone. They were both under the age of 18. She did so – and without knowing it, according to the law, the boy had solicited child pornography, while the girl had created and distributed pornography.
These laws are designed to catch adult perpetrators, yet children are engaging in illegal behaviour in the digital environment, and are finding themselves entangled in a web of tough laws. To make matters worse, the boy who had received the pictures was not the boy who the girl thought she was sharing the images with – he was using another boy’s identity.
This case is just one example that illustrates the complexity of this area of the law. To address this issue, earlier this year, the United Nations (UN) Committee on the Rights of the Child, a UN treaty body of which I am a member, adopted a General Comment on Children’s Rights in the Digital Environment. The committee oversees the implementation of the Convention of the Rights of the Child to which all countries, except the USA, are parties. General comments are authoritative interpretations that countries are expected to follow. The convention was adopted in 1989, at a time prior to the internet, and the committee needed to come up with clear guidelines with regards to children and the cyber age.
It’s a balancing act, because while we need to protect children from harm in the digital environment and educate them about the pitfalls, we also need to ensure that they have digital access rights and freedom of expression. What makes it trickier is that children and adolescents are often more tech-savvy than their parents/carers or teachers, and so to suggest that it should be left up to adults to guide children is not enough.
Children’s right to privacy is engaged within four spheres. The first addresses the state’s responsibilities with regards to protecting the privacy of children; the second addresses the parents/carers/educators’ responsibility to protect the child; the third addresses children’s own responsibility to avoid getting themselves and each other into trouble particularly in the social media space; the fourth is the relationship between children’s rights and business, because the cyber world is largely managed by big business.
One way of providing children with information about their rights to privacy is to use the digital platforms themselves, where engaging articles and programmes that guide children on how to protect themselves and their privacy online can be found. Another way is to include this in the school curriculum, as parents and schools often find themselves on the back foot, especially with so much education online and children spending so much more time on their devices. One of the areas of great concern is cyberbullying, which can result in children getting into trouble with the law and which is quite often linked to self-harm. Girls in particular tend to become withdrawn and, in extreme cases, take their own lives.
If parents are buying and providing children with access to the internet or smartphones, where possible, they need to make sure they know that the correct safety and privacy measures are in place. When children are younger, it’s easier to manage their device use, but it has always been difficult to manage teenagers’ behaviour, and the digital age has made it so much more challenging. Once posted, certain content cannot be taken down, and we need to advise children (and parents) about these risks. Unfortunately, adolescents tend to make decisions that they later regret.
At the same time, we live in a country where there is a huge digital divide. So many children are cut off from reliable internet connectivity and are at schools with lower levels of digital knowledge. The government therefore has a responsibility to ensure that all children have access to the benefits that digital connection brings.
However, getting into cyber-related trouble is not confined to the digitally resourced. I dealt with a case where a girl from an economically poor family sent images of herself to an adult man on her smartphone in exchange for airtime. She was convicted of creating and distributing child pornography; thankfully, we managed to get her conviction set aside.
In terms of children’s rights and the responsibility of business to respect them, one of many issues being addressed by the Committee on the Rights of the Child’s General Comment is sensory embedding – like a QR code in clothes or a digital chip in toys where, for example, the chip that makes a toy’s lights go on can also gather and send information for marketing purposes to determine what kind of games the child plays or what kind of brand or style of clothing children prefer. Children are consumers from a very young age, particularly of toys, digital technologies, devices and clothing. What they tick or click, and how often, is what companies want to know.
The other problem is that so much is owned by private service providers. The obligations of the convention are mainly to the state, so it is difficult to enforce codes of conduct on multinational technology companies like Facebook. The problem is that, to a large extent, they are keepers of our information, yet they are not held accountable by international law; and while there are codes of conduct for businesses, they are not binding.
If we are not strict about the firewalls that need to be in place, we could find that information gathered for one purpose is increasingly misused for another, and so data gathering needs to be governed by considerable protection of privacy. Where there is use of data, it needs to be made known to the child or child’s parents/carers, and there needs to be complete transparency about how the information is going to be used.
South Africa is working on developing appropriate regulations. For example, the Law Reform Commission has been working on a bill that will prevent adolescents from being criminalised for consensual exchange of explicit activities, which should not be criminalised. However, such behaviour still carries major risks, as once an image is shared, it is “out there” and the owner loses control. Children and adolescents have to be educated about these dangers.
The new Protection of Personal Information (POPI) Act provides that children’s data cannot be processed unless a parent or guardian consents, or where the child makes the information available with the consent of a parent or guardian. There are some exceptions, such as statistical information for research purposes. As we proceed further into the cyber age, children’s rights in the digital environment will become a massive growth area in everyday life and in the law.
Professor Ann Skelton is UNESCO Chair: Education Law in Africa, Faculty of Law, University of Pretoria (UP).