Children are online at a younger age than ever, and for longer — according to Tech Advisor, children’s mobile phone usage has nearly doubled since the pandemic began. While we have data protection laws in place to protect children’s privacy online, it’s important that we teach ourselves and the children in our care how to use the internet safely, and the 4C’s can help you protect child data.  

This is part 4 of 5 of our ongoing 4C’s of Online Safety series.   

  1. The 4C’s of Online Safety Part 1: Protecting Students from Harmful Content Online  
  2. The 4C’s of Online Safety Part 2: What is Online Contact Risk? 
  3. The 4C’s of Online Safety Part 3: What is Inappropriate Online Behavior? 
  4. The 4C’s of Online Safety Part 4: How to Protect Child Data 

Why is it important to protect children’s data? 

According to CORE¹, contract risk is when “the child is party to and/or exploited by potentially harmful contract or commercial interests (gambling, exploitative or age-inappropriate marketing, etc.). This can be mediated by the automated (algorithmic) processing of data. This includes risks linked to ill-designed or insecure digital services that leave the child open to identity theft, fraud or scams. It also includes contracts made between other parties involving a child (trafficking, streaming child sexual abuse).” 

How do I protect children from social media? 

When children install social apps, you can guide them through the privacy settings on the app. With social apps, there is often the option to share your data, which could include your contacts, or your photos.   

How do you teach kids about data privacy? 

It is important that you have open and honest conversations with the children in your care regarding data privacy. Teaching them about the types of scams they will encounter online (such as phishing) and how to identify them will help them be on their guard when using the internet.  

In general, they should closely examine the emails, texts, messages, or other communications they receive and confirm that they know the person or company they are communicating with before engaging with them. Hackers will often leave telltale signs that they are up to something fraudulent (spelling mistakes/grammar errors/odd phrasing, sense of urgency). 

COPPA, GDPR, and CRPA – the data protection laws 

While data protection laws exist, they aren’t enough to protect children on the internet. We need to be proactive and teach them about the privacy threats that exist online.  

Here are some of the data protection laws that exist: 


The Children’s Online Privacy and Protection Act (COPPA) requires that children over the age of 13 obtain their parents explicit consent before providing their personal information to access online content. Websites most post a “clear and comprehensive” privacy policy and keep the information they collect secure and confidential. COPPA applies to companies who are based in the US and any business collecting data from American resident under the age of 13. 


The European General Data Protection Regulation (GDPR) harmonizes data protection across Europe. It gives users greater rights over their data (such as the ‘right to be forgotten’, meaning the user can ask the company/business to have the personal data they’ve collected erased, and can ask for access to the data a company/business may have). 


The California Privacy Rights Act (CRPA) will amend the existing California Privacy Protection Act (CCPA). There will be additional rules regarding consent and data requirements that websites/businesses will need to follow, such as needing consent before sharing/selling information from minors and letting users know how long their data will be stored for.  

How do I protect child data? 

nFilter, part of the Netsweeper platform, protects students from harmful content such as self-harm, child sexual exploitation, substance abuse, cyberbullying, and more by analyzing, filtering, and blocking in real-time using AI technology. Whether they are learning in the classroom or remotely, educators can rest assured knowing their students are protected.


  1. Livingstone, S., & Stoilova, M. (2021). The 4Cs: Classifying Online Risk to Children. (CO:RE Short Report Series on Key Topics). Hamburg: Leibniz-Institut für Medienforschung | Hans-Bredow-Institut (HBI); CO:RE – Children Online: Research and Evidence.