“It Sets Boundaries Making Your Life Personal and More Comfortable”: Understanding Young People’s Privacy Needs and Concerns

Using mixed methods, we engaged young people aged 10–18 years old in four locations: 1) Accra in Ghana; 2) multiple places across Slovenia; 3) Saint John’s in Antigua and Barbuda; and 4) Sydney in Australia. These sites were chosen to: 1) allow some international comparisons between young people’s perspectives emerging from Western, Educated, Industrial, Rich, Democratic (WEIRD) contexts, and non-WEIRD contexts and 2) engage with emerging policy and technological debates about privacy and trustworthy tech that were happening in each location. The impact was prioritized in this research, and the aim was to generate insightful, youth-led discussions capable of catalyzing change in each location.

Below, we discuss the common and divergent features of each site, to help understand the nature of the data captured.

The ways that young people are datafied and the nature of their data footprint is distinct from adults.

Many common themes emerged across all the research sites, and these are discussed below.

Privacy intrusions in the digital world may have felt inevitable or normal, but they were not necessarily what the young participants wanted. Young people were able to give us clear ideas about changes they wanted to see and list specific suggestions as well as guiding principles to improve their sense of privacy in the digital world.

The workshops uncovered deep misgivings held by some of the young people about their experiences of privacy in the digital world.

Exploring the list of “dos and don’ts” created by young people, and their guiding policy principles, ten core asks were frequently repeated across areas (and three additional Slovenian asks).

1. Control: The most frequent principle described as important was that young people should have control over their data. There was a sense that young people’s information was collected, used, and sold in ways that were currently beyond their control and that young people were entitled to better. Specific suggestions ranged from giving young people “the right to delete our data” to “allowing young people or teenagers to make their own decisions with the available options.”
2. Transparency and meaningful consent: There was a strong sense that young people were often “pushed or tricked” into personal information collection, from opaque privacy policies to smartphones secretly “eavesdropping” on conversations. The young people in Australia wanted cookies renamed “data grabbers,” and the young people in Slovenia wanted “translations of apps and programs” into Slovenian. There was an overarching belief that young people deserved more honest and clear information about how their personal information would be used, especially from commercial platforms.
3. Restricting or ending targeted advertising: There was consensus that the current state of play—where young people’s information is used to target them with ads by default—did not meet expectations. Young people in Slovenia, Antigua and Barbuda, and Ghana more aggressively called for a ban on advertising, wanting to “cancel ads,” saying “online ads should be banned” and requesting companies “stop sending those ads.” In Australia, the young people instead called for control that young people should be able to opt-in to advertising, and if they did opt-in to advertising, should also then have the choice about whether their data is used to target ads at them or not. Notably, they called for this rather than a full ban because they wanted “realistic” asks; “fundamentally, young people do not want their data used to sell them things” they said.
4. Data minimization: A range of suggestions were discussed that cluster around the concept of “data minimization.” This included suggestions to “avoid asking for data,” “avoid accepting cookies,” “to not collect data at all,” and that companies “don’t access our location every thirty seconds.”
5. Data retention: Young people in each site seemed to agree that young people’s information should not be kept for too long, with requests to “delete young people’s data when it’s not needed” especially after an app is uninstalled.
6. Excessive sharing and selling: There was a feeling that young people’s personal information was shared with too many people, including families, too many apps, and sold to too many companies. Young people wanted data to be more “concealed.” Requests to “Don’t sell our data to others” were others, as were suggestions to limiting “Family link” (an app that shares your location and other data) up until certain ages or banning it altogether.Information about young people’s locations was considered especially sensitive for oversharing, and suggestions to “limit who can see your location” were frequent.
7. Adequate help and support: In each site, young people felt they should have better access to support if something went wrong, from a “Help portal in case of personal profile hacks” to calls for services to “respond quickly to reports and violations of guidelines.”
8. Security: Security came up as a concern in each site, but some more than others. Antigua and Barbuda and Slovenia were very concerned about security, while Ghana and Australia were less so. But generally, young people felt their data deserved higher levels of security and protection from bad actors than it currently received. The bad actors that invoked these security concerns were largely malicious hackers. There was less concern about security to prevent inappropriate data flows to governments or commercial security concerns. This again speaks to the importance of context in deciding which data flows were deemed concerning and which were not.
9. A need for more education for young people about their privacy: At each site, young people talked about the need for more education (often younger young people) about privacy. Suggestions ranged from “talks in schools” to a specialized school subject on the “safe use of the Internet” to more education “about privacy, their rights and risks” in general.
10. Doing things for young people’s benefit: In Antigua and Barbuda, there was a cluster of specific suggestions to ensure that young people benefited from the use of their personal information. “If you take my data, at least make the app better” and “protect our data for better uses.” Likewise in Slovenia, there was support to make all games free and to operate without data. The capacity of the digital world to provide good services that young people want to use was not overlooked. This speaks to their idea of data and its flows as part of a contextual relationship in the commercial world, or more precisely, highlights that they want a “better deal” from this relationship.
11. Limitations and restricted use: Given the vast size of the Slovenian workshops, three unique Slovenian suggestions were generated. A moderate focus on the potential capacities of limitations (such as calls for age restrictions, or limiting device use) and reduced use (such as days off and time limits) emerged.
12. Content moderation: Some Slovenian young people’s suggestions also called for better or safer content moderation, from banning videos that encourage kids to do dangerous challenges, to deleting negative comments.
13. Parental supervision: Some Slovenian young people also called for increased parental supervision or oversight, although it should be noted that others called for privacy from their parents.

We asked young people if they felt that their list of principles aligned with what could be broadly considered “children’s best interests” as the Convention on the Rights of the Child describes it [15]. The reaction was broadly yes, but with specification. In Antigua and Barbuda, young people gave an unstirred “sure” with a shrug of the shoulders because it seemed a bit too common sense. In Ghana, this was one of the most popular suggestions, and they also included suggestions around “doing no harm” with data too. In Australia, they decided that best interest was the first principle, but needed a caveat, that “young people need to decide what young people’s best interests are.”

Realizing young people’s best interests requires their participation in decision-making processes. And off all the brilliant suggestions developed by young people, one suggestion stood out: “so that children make decisions instead of experts and politicians.” This research actively tried to engage with technologists and decision-makers to achieve this.

In Antigua and Barbuda, the principles developed by young people were turned into a “magazine” for decision-makers, and a workshop was held with teachers to share ideas for curriculum reforms. In Australia, the principles were turned into a submission to an inquiry, and participants gave evidence to Senators. In Ghana, young people identified multiple stakeholders, from ministers to business titans, who they are writing to. In Slovenia, throughout 2023, the young people’s principles are being used to inform an exhibition about young people’s privacy with the information commissioner invited to attend.

The reaction from decision-makers was enthusiastic, but the young people’s input sat outside the change-making cycle. For example, teachers welcomed knowing what young people wanted to learn, but were not in a position to change their core curriculum. Senators and regulators thanked us for the information, but were not in an active cycle of rule-making to deliver the changes the young people requested.

But this does not mean these engagements have no value, just that we may not be able to fully track the discreet impact of these young people’s contributions. For example, in Antigua and Barbuda, staff at the Department for Education began to explore progress against their 2013 information and communication technology in education policy and made an “ironclad commitment to ensure that the recommendations from this conversation are realized” as a forward to the magazine. Or in Australia, the Senator’s inquiry may feed into an ongoing review of privacy law. Or in Slovenia, the information commissioner may engage with the Europe-wide process about children’s data across 2023.

There is an old English adage that suggests that people in positions of power “ignore the youth at their peril.” Ensuring young people’s perspectives are understood and heard is vital to ensuring their right to participate is realized. But it may also be essential to ensure that data privacy and information security practices are improved in ways that meet whole-of-community expectations. If these decision-makers heed these young people’s feedback, it is possible that positive changes could be made for everyone, including young people.

Young people have a clear idea of what their privacy is and what it feels like. Privacy is a legitimate expectation or right to conceal information, from potentially intrusive “others,” and creates a feeling of safety and security. Young people did not trust that their privacy was well respected and noted multiple concerns about the way their personal information flowed in the digital world. These inappropriate practices and undesirable flows were normalized, but not accepted; young people were able to identify ten principles they believed should be enacted to improve their privacy, from more control, transparency to greater support and education. Many of these principles take aim at the commercialization of their personal information.

Involving young people in discussions about privacy and information security is important, if we are aiming to develop solutions that serve all members of the community. The small-scale action-research components outlined in this article suggest that there is an appetite from decision makers to engage with young people. Whether this engagement is used, in turn, to develop better privacy and information security policies and practices remains to be seen. It rests on the willingness of decision makers to share their power and integrate their thoughts and perspectives into their work.