The trouble with children these days

I’ve written about the importance of terms of use and privacy policies online a number of times and the contractual nature of those documents. They form an important part of a site’s contractual framework that governs access to and use of a site. Although most people don’t take the time to read those documents, when prepared and presented properly on a site, they are nevertheless binding contracts with visitors to a site. Well, for the most part …

What most people don’t realise is that this general rule doesn’t apply to minors, that is children or people under the age of 18. This poses a very interesting and troublesome challenge to anyone who operates a website which caters for or may even be aimed at children. Possible implications could include the invalidity of website terms of use and privacy policies as contracts with minors and even violations of the anticipated Protection of Personal Information Bill which will regulate how personal information may be collected and processed when it is passed, hopefully later this year.

School children singing, Pie Town, New Mexico (LOC)

The contractual issue has to do with children’s legal capacity to enter into a contract. The Children’s Act sets the age of majority at 18 so anyone younger than 18 years of age is likely a minor (I say likely because minors can be emancipated and would become adults or majors when emancipated, even if they are younger than 18. This is by far the exception to the rule and usually the result of a court process). The general rule was set out in the case of Edelstein v Edelstein (1952 3 SA 1 A) by the then-Appellate Division (now the Supreme Court of Appeal). Judge Van den Heever said the following in that judgment:

In Roman Dutch law the judgment of a minor is considered immature throughout his minority and he is consequently not bound by his contracts.”

This is a general principle and there are exceptions to it. These exceptions include instances where the child enters into a contract with a guardian’s or parent’s consent or where the contract is purely beneficial for the child and imposes no obligations. The challenge or website proprietors is that their terms of use and privacy policies frequently impose obligations on visitors or users and where a child makes use of an online service or browses to a website without a guardian’s or parent’s consent, that child can’t be regarded as having entered into a contract with the website proprietor in the form of that legal framework on the website. In a nutshell, website terms of use and privacy policies could be ineffective when it comes to minors and that means all the protections those documents afford site owners could fall away when dealing with children.

When it comes to privacy policies there is an additional dimension which complicates matters somewhat. The Protection of Personal Information Bill prohibits processing of a child’s personal information. The term “processing” has specific meaning in the Bill:

processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including-

(a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation, use;

(b) dissemination by means of transmission, distribution or making available in any other form; or

(c) merging, linking, as well as blocking, degradation, erasure or destruction of information;

One exception to this prohibition is where a parent or guardian consents to a provider processing the child’s personal information although I expect that this consent must be informed. Short of a provider satisfying these requirements, it will not be permitted to “process” a child’s personal information at all. This means that a provider may not permit a child to create profiles on their service, submit any personal information or even comment on a blog post where doing so would mean submitting a name, email address or any other personal information in the process. The Bill defines personal information as follows:

personal information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to—

(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;

(b) information relating to the education or the medical, financial, criminal or employment history of the person;

(c) any identifying number, symbol, e-mail address, physical address, telephone number or other particular assignment to the person;

(d) the blood type or any other biometric information of the person;

(e) the personal opinions, views or preferences of the person;

(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

(g) the views or opinions of another individual about the person; and

(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;

Consider the scope of “personal information” for a moment and you start to appreciate how far reaching these provisions will be.

Restrictions on access to sites for minors isn’t new but the usual way providers have tried to deal with this has been by including a provision in their terms of use to the effect that the visitor confirms he or she is above a certain age. The problem with this approach is that agreeing to that provision in the terms of use is an exercise of contractual capacity which adults generally enjoy. As I pointed out above, children, for the most part, do not enjoy this contractual capacity so those sorts of age verification provisions are meaningless. It then potentially falls to the provider to verify visitors’ age independently of the visitors’ say so or to accept that any claims they thought they may have against minors using their service would not exist contractually where they can’t establish a binding contract against the minor.

This may all sound rather esoteric but it could have real implications for providers who, for example, operate a paid service which a child accesses and then refuses to pay for. This could affect mobile content providers who sell mobile content, often as a subscription service. Children increasingly have mobile phones of their own and could easily subscribe to a mobile subscription service where charges could rapidly escalate if not kept in check.

Providers need to take special care when it comes to children both for contractual and privacy reasons. It is not enough to rely on vague age verification statements. Providers need to do more than that or they could assume a substantial risk. Certainly more risk than they assume at the moment.

Published by Paul Jacobson

Enthusiast, writer, Happiness Engineer at @automattic. I take photos too. Passionate about my wife, Gina and #proudDad.

%d bloggers like this: