The Committee on the Rights of the Child is clear that this right still applies online, just like it does everywhere else. Its General Comment 25 details some of the ways in which your right to privacy might be affected online.
Internet access is an essential part of the modern world, and it’s important that your right to privacy is fulfilled in a way that allows you to remain using online spaces. These are the steps we’ve taken – and are taking – to protect that right within our digital channels.
Cookies on our website
Cookies are text files containing small amounts of information which are downloaded to your phone, computer or other device by websites that you visit.
When you first came to our website you’ll have been told it sets one cookie that’s essential for the site to function. This cookie’s called privacy-settings-cookie, and it’s needed to the privacy setting function on our website to work. It will remain on your device for a year.
You’ll also have been told it sets cookies from Open Analytics and Google Analytics to better allow us to understand how people use our site. You can choose to opt-out of setting this cookie on your device. These cookie’s called open-analytics-cookie and will remain on your device for 365 days.
More information about the Open Web Analytics cookie
Our website uses the third party service Open Web Analytics to collect information about the ways people behave when they use our site. Some of what that includes is:
- the places on our site people visit, and how long they visit for,
- how many people on our site are visiting from Scotland, and
- how many people read our site on phones, and what kind of phones they use.
This information is then processed in a way that doesn’t identify anyone. We don’t make any attempt to try and find out who any of the individuals who use our site are.
Basis for processing
We rely on article 6(1)(f) of the GDPR to process data for analytics, which allows us to process personal data when it’s necessary for the purposes of our legitimate interests.
In this case, those interests are to improve how our site functions for our users, so that we’re better able to provide advice and information to our users.
Third party cookies
Some content on our website requires us to use the services of another organisation. For example, if we want to put a YouTube video on our website, we’ll need to use YouTube’s services in order to do that.
These other organisations are known as third parties, and often they set cookies of their own. These are known as third party cookies.
We don’t have control over third party cookies
It’s important to know that once you give your personal information to a third party, we can’t control what that third party does with it. They may take more information than you realise, use it in ways you haven’t thought of or give it to organisations you don’t want to have it. For these reasons, it’s important to know how third parties will use your information before you agree to give it to them.
Processing your personal information through web forms
Our website allows you to submit your personal information to us or to a third party for a few different reasons:
- you can contact us over email using our contact forms. When you do this, your details are sent to our website, then automatically deleted once they’re forwarded to our email server.
- you can opt into receiving our newsletter, which we send out through the third party Mailchimp. If you opt into our newsletter, then Mailchimp will store your details.
The ICO Age Appropriate Design Code
The Information Commissioner’s Office (ICO) has created an Age-Appropriate Design Code which organisations must keep to so that children’s privacy rights are respected.
Our office isn’t one of the organisations who’s expected to keep to the Code, but we want to do so anyway. The ICO’s Code is founded in the UN Convention of the Rights of the Child and has the best interests of children at its heart― so we think it’s appropriate that we should follow its recommendations.
That will involve:
- Asking ourselves if our website always keeps the best interests of children as a primary consideration,
- Making sure we have clear information on our website about potential risks around children’s data protection and privacy, in ways that are appropriate to all age groups,
- Making sure we never nudge children and young people towards giving up their personal data,
- Making sure children’s privacy and personal data are still protected on multi-user devices.