< Back

Share |

Small print and small people

It is hard now to imagine growing up in a world without the internet.  The online environment is invaluable for learning, socialising and entertaining everyone, not least children.

April 2014

With all the benefits of the digital age comes a multitude of risks which children are less able to navigate than adults and parents worry about endlessly.  With horror stories of  children racking up massive bills on costly in-app purchases, privacy issues with games and websites aimed at under 16s, internet trolls and bullies and a general overwhelming sense that every website is trying to sell something to your child, it is understandable that parents are concerned.  This is something traders, developers and ISPs are waking up to, along with the legislator and various regulators.

abstract online dataThe issue facing the regulators is that use of traditional small print is not always appropriate to protect children on the internet. Indeed contracts entered into with children under 18 are usually unenforceable. Adults have enough trouble deciphering the small print, whether in the virtual or the real world, so how can children be expected to do so?  If the small print does not adequately protect children, what does?

In-app purchases

The use of in-app purchases and 'drip-payments' has become increasingly popular, particularly in games. This involves the sale of game play extras to users in order to add an additional revenue stream.  Games such as Candy Crush Saga use time as an incentive – players have to wait twenty four hours before moving on in a game or pay the (measly) sum of £1.99 to progress immediately.

We've all heard about the children who've spent hundreds of pounds on their parents' credit cards for virtual donuts in 'The Simpsons: Tapped Out', or thousands on virtual zombies in 'Zombies vs Ninja' (to name but two UK cases).  However, a game that is advertised as ‘free’ but requires the consumer to pay to access content integral to gameplay may actually be in breach of Consumer Protection Regulations (Annex Practice 20).

The legislator is starting to catch up.  In January, Apple was ordered to pay at least $32.5 million (£19.6 million) to settle a case over in-app purchases in the US.  Last year, Apple agreed to contact 28 million of its app customers to offer them refunds if their child had spent money without parental consent. That settlement resulted in 37,000 claims. The firm was told by the US Federal Trade Commission to overhaul its charging system to make it more obvious when payments are being taken.

The Office of Fair Trading (OFT) similarly considers that consumers need clear, accurate and prominent information up-front to enable them to take informed transactional decisions and to be able to compare products. Apple has since introduced an ‘in-app purchase’ label for downloads available via the App Store which contain buyable extras, as well as an information page on iTunes about how to improve password security on devices to prevent unexpected expense.  On newer iOS platforms, there are also restrictions to enable password time out.  Other developers and providers are also starting to take responsibility for their software.

games controllerThe OFT has published guidance for game developers, stating clearly that the commercial intent of any in-game promotion of paid-for content, or promotion of any other product or service, should be clear and distinguishable from gameplay. The younger a child is, the more difficult it is likely to be for him/her to identify commercial intent and the language, design and structure of the game should take that into account.  Games should not include practices that are aggressive, or which could exploit a child’s inherent inexperience, vulnerability or credulity or place undue influence or pressure on a child to make a purchase.

As regards payments on websites or in games, OFT guidance states that payments should not be taken from the payment account holder unless authorised. A payment made in a game is not authorised unless:

  • express, informed consent for that payment has been given by the payment account holder (usually a parent). Consent should not be assumed (for example by using opt-out provisions); and
  • the scope of the agreement and the amount to be debited is made clear.

For more information on in-app developments, please see our dedicated article, Making game apps pay.

Website Content

The Culture, Media and Sport Committee published a report this month on online safety for children, dealing primarily with illegal content, harmful adult content and bullying on social media. The onus is put on social media platforms to do more but the report also encourages consolidation of existing legislation, more proactive enforcement of existing law as well as enhanced security measures by ISPs to prevent unwanted access to adult content. Recommendations cover the use of bans and site blocking as a last resort where providers of adult content fail to take all reasonable steps to prevent access by children, although as we all know, age verification online is hard to achieve with any accuracy.

Provision of small print targeted at children

Under the Consumer Protection Regulations (CPRs), information should be given to consumers in a clear, intelligible and timely manner.  If businesses give misleading information to consumers or fail to provide them with important information, that may result in a breach of the CPRs.  The OFT considers it likely that younger consumers are more susceptible to particular forms of aggressive or otherwise unfair commercial practices: what may be acceptable for certain audiences will not be acceptable for others.  It is worth considering that the OFT will take into account the understanding of the average CHILD consumer when considering the issue of marketing to children.

Further, all material information about the game should be clear, accurate, prominent and provided up-front before the consumer begins to play, download or sign up or agrees to make a purchase. "Material information" includes any information necessary for the average consumer to make an informed decision to play, download or sign up to the game or to make a purchase.  Again, where products are targeted at children, it is important to ensure that the most sensitive and important information, such as information about content, cost and use of personal data, is presented in a clear way which is easy for the children to understand.

Small print is meaningless unless it is adhered to and this can work both ways.  For example, social media sites usually have policies about user generated content, online bullying or trolling but it is important for them to be seen to act on these policies.

Personal Data

Personal data must be processed fairly and lawfully. Perhaps the most important of the conditions affecting the collection and use of personal data via websites is that: "the data subject has given consent" (Data Protection Act 1998, Schedule 2, paragraph 2).  This raises the question of when a child can give valid consent to the processing of his or her personal data.

The Data Protection Act does not explicitly deal with the issue of obtaining consent from children.  However, the Information Commissioner has written a practice note  stating that Websites that collect information from children must have "stronger safeguards" in place to make sure any processing is fair. Any request for personal information from a child is subject to the need for consent from a parent or guardian, "unless it is reasonable to believe the child clearly understands what is involved and they are capable of making an informed decision”.

Privacy policies should be extra-prominent and extra-clear.  A very young child may never be able to give adequate consent whereas an older child may be able to give adequate consent in many different circumstances - the Information Commissioner refers to a particular age threshold as children under 12.

This is particularly relevant with social media websites.  While many social media sites include small print in their terms and conditions which purports to prevent children having their own accounts, it's clear that this is frequently ignored by users.


As regards generic advertisements, and those within apps and games, the rules on advertising to children and on gathering data about them over the internet have been strengthened in recent months. The Committee of Advertising Practice (CAP) has revised its guidance on the collection of data on children this year.  CAP stipulates that data must not be collected on children under 12, and collection from those under 16 must not include the collection of data about third parties.

The Direct Marketing Association published a revised version of its Code of Practice which binds members, bringing rules for offline data collection in line with those for online collection. This Code now mirrors CAP's, by banning the collection of information from under 12s and information on others from those under 16.

The Advertising Association has also launched CHECK (the Children's Ethical Communications Kit), a site which allows advertisers and agencies to compile their own list of regulatory demands depending on the kind of communications they are planning.


Notwithstanding the issue of whether children can validly consent to terms and conditions or privacy policies, it is important for any website, social media platform, app or game developer targeting children to do as much as possible to ensure that children are not subjected to unfair commercial practices.

Information about the products and/or services should be clear, accurate, prominent and provided up-front, before the consumer begins to play, download or sign up or agrees to make a purchase. It should be clear to the consumer who he/she ought to contact in case of queries or complaints. The business should be capable of being contacted rapidly and communicated with in a direct and effective manner.  Conversely, it is also important for those providing adult content or services unsuitable for children to do what they can to prevent or deter children from accessing them.

social media appsThe onus is also on regulators to help educate parents.  Simple devices like safe search, adult content filters and password protected settings for in-app purchases can reassure parents that their children are accessing the virtual world in a safer way.

Whilst legislation and guidance are catching up, it will still be some time before parents feel their  children can access devices in complete safety.  The horrors of social media trolling, age inappropriate advertising and credit card bills for virtual (or real) items from online purchases are very real.  Developers would be wise to assist parents by following guidance on dealing with children on the internet, not only in order to comply with legal requirements, but also because it's good business.  The PR fallout from getting it wrong can be just as damaging as the legal repercussions.

If you have any questions on this article please contact us.

Keyboard with child's toy car
Joanna Lalor

Joanna considers how to handle dealing with children in the online world where the small print does not always do the job.

"Notwithstanding the issue of whether children can validly consent to terms and conditions or privacy policies, it is important … to do as much as possible to ensure children are not subjected to unfair commercial practices."