Victim identity protection

What is it?

  • Preserve the anonymity of child victims.

Why is it important?

  • Children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data[1].
  • The re-traumatisation of abuse or exacerbation of trauma for victims, due to child sexual abuse material (CSAM) still being available on the internet, is one core challenge associated with CSEA online.
  • Also, the publication of personal information of a child victim can add more dimensions to recovery, dissuade future disclosures or reports of concern and hamper cooperation with authorities and social service professionals.
  • Victim identity protection, combined with the procedures and actions listed in capabilities 9, 10 and 11, can help give child victims and survivors more confidence, control and power over important choices within their lives.

How can it be implemented?[2]

  • All actors need to respect children’s rights to privacy and the protection of personal data in the context of the internet and digital technologies.
  • Businesses and other actors must gather children’s personal data on the principle of “data minimization” or a “need to know” basis only.[3]
  • Relevant data should be gathered and in a manner that is legitimate, well informed / understood, free, fair and consented (by parents or guardians and / or children, as per local legislation).
  • Requesting consent gives children control over how their personal information is used and shared, and empowers children to understand and exercise their right to privacy.
  • Age verification techniques can be put in place to ensure that consent and other protocols are in place.
  • No website, platform, product, service or application should share children’s personal data publicly by default. Children must be empowered to protect their privacy and adjust their privacy settings based on an informed understanding of opportunities and risks.
  • No game or application should automatically activate a webcam. Information should be shared and consent received (from child and/or parent or guardian) before a webcam is switched on.

Further resources:

UNICEF, Children’s Rights and Business in a Digital World, Discussion Paper Series: Privacy, Protection of Personal Information and Reputation Rights.

[1] European Union (2016), General Data Protection Regulation (GDPR), Recital 38. The data requested must be necessary for the delivery of the service or application in question.

[2] Informed by: UNICEF (2018),Industry Toolkit: Children’s online privacy and freedom of expression.

[3] European Union (2016), General Data Protection Regulation (GDPR), Article 6 (1)(c).