CAP has updated its rule on database practice for collecting data from children for marketing purposes. In 2010, the ICO produced guidance on personal information online. It advises marketers who collect information from children to:

[...] assess the level of risk associated with asking a child to provide personal data about a third party. In some cases the risk is low because the information collected is relatively innocuous, for example where a child provides another person’s email address to transmit a newsletter and where the address isn’t retained or used for any other purpose.

In light of this, CAP has updated its rule on database practice to ensure it is consistent with that guidance and joined up with the ICO.

The updated rule (CAP Code, rule 10.16) states:

Marketers must not knowingly collect personal information about other people from children under 16 unless that information is the minimum required to make a recommendation for a product, is not used for a significantly different purpose from that originally consented to, and the marketer can demonstrate that the collection of that information was suitable for the age group targeted.

Data about third parties collected from children must not be kept for longer than necessary.

The rule applies across media, including to data gathering for marketing purposes on social networking sites. For example, marketers collecting a list of a child’s friends’ contact details in order to recommend a product or social networking application.

When gathering data from children for marketing purposes, marketers should also be aware of rule 10.15 that prevents marketers from collecting personal information from children under 12 without parental consent.

The change will come into effect immediately.

Written by Sally Ramsden.

---

More on

• Online, catch-up TV and radio, in-app and in-game
• Mailings, email, phone/fax and messaging

---