Establishing a Children’s Privacy Code

In a nutshell

The CBA’s Privacy and Access to Information Law and Child and Youth Law Sections jointly submit to the Office of the Privacy Commissioner of Canada (OPC) that its guidance for private-sector organizations under the Personal Information Protection and Electronic Documents Act (PIPEDA) is an important first step in supporting organizations’ compliance efforts and enhancing the protection of personal information.

However, the CBA Sections recommend that in developing its initial guidance, the OPC should go further in establishing a modern, enforceable legislative framework for children’s privacy that is consistent across jurisdictions and sectors. This proposed Children’s Privacy Code should go beyond the PIPEDA guidance to:

• Align with international standards such as the United Nations Convention on the Rights of the Child (UNCRC), the UK Age-Appropriate Design Code, and European Union guidelines 
• Apply consistently across all sectors and jurisdictions
• Ensure coordinated implementation through cross‑government, industry, and human rights oversight mechanisms to fully realize children’s rights in the digital environment
• Implement mechanisms for enforcement and consequences for violations

Key details – Taking a robust approach

The CBA Sections submit that the protection of children’s privacy in their digital environments cannot be addressed by improved consent provisions alone. The goal posts have changed and modern regulatory approaches to children’s privacy in the digital environment require careful and stringent measures to intentionally advance children’s privacy and well-being. 

The OPC code guidance on children’s privacy should take a broad approach to the protection of children’s privacy, looking not only to the worst forms of online harm and predation upon children, but looking also to the less obvious ways in which children’s notions of privacy and reasonable expectations of privacy are diminished as a result of routine and ubiquitous denials of privacy in their digital environments.

This includes guidance on halting the data mining of children’s online use, the possible exploitation of children as social media influencers, how health technologies and information management practices are developed to protect children’s privacy interests in the health sector, and interpreting and applying children’s privacy rights in keeping with the general principles of children’s rights and all their other rights guaranteed under the UNCRC.

Why this matters

Canadian Charter jurisprudence has not sufficiently developed a jurisprudence on children’s rights to date. The OPC’s proposed Children’s Privacy Code represents a crucial step in Canada’s effort to protect children’s privacy rights in the digital environment, responding to urgent concerns from parents, legal experts, and policymakers about increasing online risks to children. It aims to establish a comprehensive and enforceable framework aligned with international standards, ensuring child-appropriate digital protections at a national level.

Read the submission.