The contractual issue has to do with children's legal capacity to enter into a contract. The Children's Act sets the age of majority at 18 so anyone younger than 18 years of age is likely a minor (I say likely because minors can be emancipated and would become adults or majors when emancipated, even if they are younger than 18. This is by far the exception to the rule and usually the result of a court process). The general rule was set out in the case of Edelstein v Edelstein (1952 3 SA 1 A) by the then-Appellate Division (now the Supreme Court of Appeal). Judge Van den Heever said the following in that judgment:
In Roman Dutch law the judgment of a minor is considered immature throughout his minority and he is consequently not bound by his contracts."
When it comes to privacy policies there is an additional dimension which complicates matters somewhat. The Protection of Personal Information Bill prohibits processing of a child's personal information. The term "processing" has specific meaning in the Bill:
"processing" means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including-
(a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation, use;
(b) dissemination by means of transmission, distribution or making available in any other form; or
(c) merging, linking, as well as blocking, degradation, erasure or destruction of information;
One exception to this prohibition is where a parent or guardian consents to a provider processing the child's personal information although I expect that this consent must be informed. Short of a provider satisfying these requirements, it will not be permitted to "process" a child's personal information at all. This means that a provider may not permit a child to create profiles on their service, submit any personal information or even comment on a blog post where doing so would mean submitting a name, email address or any other personal information in the process. The Bill defines personal information as follows:
"personal information" means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—
(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
(b) information relating to the education or the medical, financial, criminal or employment history of the person;
(c) any identifying number, symbol, e-mail address, physical address, telephone number or other particular assignment to the person;
(d) the blood type or any other biometric information of the person;
(e) the personal opinions, views or preferences of the person;
(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
(g) the views or opinions of another individual about the person; and
(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;
Consider the scope of "personal information" for a moment and you start to appreciate how far reaching these provisions will be.
This may all sound rather esoteric but it could have real implications for providers who, for example, operate a paid service which a child accesses and then refuses to pay for. This could affect mobile content providers who sell mobile content, often as a subscription service. Children increasingly have mobile phones of their own and could easily subscribe to a mobile subscription service where charges could rapidly escalate if not kept in check.
Providers need to take special care when it comes to children both for contractual and privacy reasons. It is not enough to rely on vague age verification statements. Providers need to do more than that or they could assume a substantial risk. Certainly more risk than they assume at the moment.
We discussed this issue further and recorded our discussion which you can listen to below.