Data, privacy and consent

Overview

Understanding data protection, privacy and online consent is essential in the digital world. Every time we use digital services, we share information about ourselves. These services include:

• search engines
• online shopping
• social media
• emails or messaging apps
• generative AI

Sharing our data helps us to access information, use services and stay connected.

Data protection

In the UK, data protection is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all organisations, including schools, which store, access or collect personal data.

Schools hold data digitally which is accessible not just in school but also from remote locations. The UK GDPR sets out 7 key principles for processing personal data. More information is available on the ICO website.

Generative AI is increasingly being used to power interactive chatbots and other online services. It is important to understand the potential privacy risks and data protection rights when using these services, including how online services need to follow a set of standards when using young people’s data. This is known as the Children’s Code. 

Copyright

Intellectual property gives you ownership over the things you create, the same way that something physical can be owned. One of the main types of intellectual property is copyright. Copyright allows you to protect against others copying or reproducing your work.

Copyright arises automatically when a work that qualifies for protection is created. The work must be original, meaning it needs to originate with the author, who will have used some judgement or skill in its creation. 

Protecting your data

Information about you, what you search for online and where you shop and live, is valuable. Think about who can access that information and how it’s collected through apps and websites. Companies using your personal data must tell you why they need it and what they are doing with it. 

There are steps you can take to protect your privacy and data online.

Secure your accounts

Strong, secure passwords are essential for maintaining your privacy. Change passwords regularly and don’t use the same password across multiple accounts. Where possible, use 2-factor or strong authentication.

Read terms and conditions

Take the time to read the terms and conditions of the apps and websites you want to use. They will tell you how the service operates and what conditions you are asked to agree to. The service’s privacy policy will tell you:

• what information about you is being collected
• how your information will be used and protected
• whether they give your information to third parties

Once you click ‘I agree’, you are agreeing for them to use and share your data as detailed in the terms and conditions and privacy policy. Clicking ‘I agree’ does not mean you have lost all your rights to your personal data. You can still raise a concern or request more details. See the Information Commissioner’s Office (ICO) guidance about your right to be informed.

Adjust privacy settings

Most apps and websites offer privacy settings for users. This gives you the freedom to know how much and what kind of information is shared. Default settings usually allow anyone to see your profiles and access your details. Check whether they are set up for:

• location services
• sharing of contacts
• photos
• calendars
• microphone
• video
• advertising

Consider what you share

Think before you post anything online about yourself or others. App logins, videos, photos, just about anything you post will leave traces of information about you and others. It’s also important to remember that anything you share online can easily be copied.

Delete when you’re done

If you no longer need or use an app or online service, it’s good security practice to delete your account and remove the associated app.

Support for young people

Support for schools

Support for families

Views from the experts

Help and support