• Monday, 29th December, 2025

From Africa to the Rest of the World: Are We Doing Enough to Protect Children’s Online Privacy? 

Featured | 12 months ago

By John Omotunde

As of December 2024, about 5.5 billion people globally use the internet, representing approximately 68% of the world’s population. Life online has become the new normal for different purposes, such as communication, education, online shopping, entertainment, and social networking. As the internet increasingly becomes an essential part of our daily lives, at least 1 in 3 internet users is a child, and more than 175,000 children go online for the first time daily.
This article reviews the key regulations protecting children’s data privacy in Africa, the European Union, and the United States, highlighting their strengths and limitations, and proposing recommendations to better safeguard children’s data online.  

Why Protect Children’s Online Privacy?

The increasing presence of children online presents both opportunities and a flood of risks, such as cyberbullying, sexual abuse, profiling, online exploitation, identity theft, and surveillance. Children often overshare their data online without understanding the consequences. The rise of Artificial Intelligence systems, which collect data even from the most minimal interactions, aggravates these issues.
Despite various global regulations, online platforms have grown more sophisticated, and implementation gaps persist. Hence, there is a pressing need to evolve these laws to better address concerns about children’s online privacy.

Africa: African Union’s Child Online Safety and Empowerment Policy

On May 21, 2024, the African Union Executive Council (the “Council”) recently adopted the African Union Child Online Safety and Empowerment Policy (the “Policy”) in response to the growing concerns about children’s privacy. The Council established guiding principles and goals to ensure the protection of children’s rights in the digital environment across the African continent.
The guiding principles of the Policy state that personal data must be processed in compliance with the rights of a child, which are provided for by the African Committee of Experts on the Welfare of the Rights of the Child. One of these guiding principles stated was the best interest, which the Policy elaborately defined.
The Council noted the need to use practical solutions to effectively ensure the online privacy of children, such as identifying and mitigating harm, promoting child access and inclusion, integrating child privacy design, building a chain of responsibility, and ensuring effectiveness.
The Policy set out an implementation plan, and a committee was established to ensure the delivery of the provisions of the Policy. The plan is to be exercised in three segments: governance, legal framework, and capacity building.
The Policy is a step in the right direction to address children’s online privacy within the African region. However, unlike what is obtainable in other regions such as Europe, the Policy merely makes recommendations and is not legally enforceable. Also, the policy, although vastly encompassing various integral aspects that make up or relate to children’s online presence, lacks a detailed explanation of how to achieve the set goals.

European Union: General Data Protection Regulation (GDPR)

The GDPR applies to the processing of the personal data of EU citizens, including children, and recognizes the need for specific protection for children due to their potential lack of awareness of risks and consequences.
 Under the GDPR, when offering online services to a child and consent is the basis, processing a child’s personal data requires consent of a child over 16 years old, or for a child under 16, consent of a person with verifiable parental authority over the child.
Despite the requirement for consent, the GDPR has several limitations concerning children’s privacy protections. First, it requires parental consent to be verified using “available technology” without specifying which type of technology. This ambiguity may lead to unreliable verification methods.
Second, EU member states can set the age of consent between 13 and 16 years, with some choosing 13 or 14, which weakens the regulation’s intended protection for children.
Finally, the GDPR does not specify a specific requirement for child-focused privacy by design and default requirements.

United States: Children Online Privacy Protection Act (COPPA)

COPPA’s main objective is to give parents control over what information online service providers collect from children under 13. The Act requires businesses, including foreign websites that intend to make use of the personal data of children in the US, to obtain verifiable parental consent before collecting personal data from a child.
The Act provides methods that can be adopted by online operators to verify parental consent, such as credit cards, consent forms, Government-issued Identification, video conferences, and phone calls. COPPA also mandates that operators must establish measures to ensure the security, integrity, and confidentiality of children’s data. This also includes ensuring that third parties to whom personal data is disclosed establish such measures. Operators are mandated only to retain personal data as may be necessary, delete such personal data where no longer required, and ensure it is not subject to unauthorized use.
 Similar to the GDPR’s shortcomings, COPPA’s application to children under 13 leaves a whole group of teenagers out of the protection of the Act and makes them vulnerable to online operators.
 The COPPA 2.0 bill, which was recently passed by the United States Senate, amended the initial Act to strengthen children’s online privacy protections. COPPA 2.0 extends protection to teenagers up to age 16 and prohibits behavioral and targeted marketing. The FTC’s revised rules include biometrics in the list of personal information. Also, more verifiable methods have been provided, such as verifying the government ID with the face of the parent through a camera app.
 While the new revisions of the Act have contributed positively to the state of children’s online privacy in the United States, there are still areas of concern.
 COPPA targets online operators that offer services targeted at children. Various online service providers and operators process children’s data even when they do not offer services targeted towards children. These operators are thereby outside the scope of the Act’s regulation.
 The Act does not provide a right of action for children. Therefore, children are incapable of enforcing claims or the obligations of the operators without FTC intervention.
 
Are We Doing Enough to Protect Children’s Privacy?

While progress in protecting children’s data is evident, many laws are new or have gaps, necessitating further efforts from companies, governments, and parents.
Governments need to ensure that companies that process children’s data develop evolving policies, work processes, and new governance procedures to strengthen comprehensive compliance with privacy laws. Businesses are also encouraged to use impact assessments on children’s rights and showcase how children’s rights are protected in practice through their design solutions.
Parents, legal representatives, or guardians, and educational institutions have shared responsibilities in reviewing applications and websites’ privacy policies. Parents need to enlighten their children on the importance of taking precautions when sharing personal information online. Additionally, they should monitor their children’s online interactions.

Conclusion

Although there are existing regulations in place aimed at ensuring the privacy of children online, these regulations have numerous limitations, making it easy for online operators or service providers to bypass the provisions of the regulations and violate children’s online privacy.
The regulations must continue to be revised to adequately address children’s online privacy while considering emerging developments that could pose a risk to the online privacy of children.

Omotunde is a member of the Managing Board of the Georgia Journal of International and Comparative Law, where he focuses on important issues at the intersection of international law, data privacy, AI governance, technology, and global policy.

Related Articles

Founded on January 22, 1995, THISDAY is published by THISDAY NEWSPAPERS LTD., 35 Creek Road Apapa, Lagos, Nigeria with offices in 36 states of Nigeria , the Federal Capital Territory and around the world. It is Nigeria’s most authoritative news media available on all platforms for the political, business, professional and diplomatic elite and broader middle classes while serving as the meeting point of new ideas, culture and technology for the aspirationals and millennials. The newspaper is a public trust dedicated to the pursuit of truth and reason covering a range of issues from breaking news to politics, business, the markets, the arts, sports and community to the crossroads of people and society.

Helpful Links

Contact Us

You can email us at: hello@thisdaylive.com or visit our contact us page.