The financial services sector must do more to safeguard children’s personal data, the UK Information Commissioner’s Office (ICO) says, following an investigation of banking products aimed at minors.
The ICO’s investigation scrutinised how banks, building societies, and fintech firms handle data for under-18s using current accounts, savings products, and prepaid cards. While some good practices were noted, the review identified critical gaps in governance, transparency, and consent - particularly around marketing and age-appropriate privacy notices.
‘Children’s data needs specific protection,’ says Ian Hulme, ICO Director of Regulatory Assurance. ‘They may be less aware of the risks when their information is processed.’ The report calls for:
- clearer distinctions between parental and child consent
- staff training on minors’ data rights
- dynamic privacy notices that take into account a child’s comprehension levels
These findings come amid growing scrutiny of how industries collect data from minors. Unlike the police’s controversial use of facial recognition - which the ICO recently cautioned must be "necessary and proportionate" - financial firms face fewer technological hurdles but greater ethical responsibilities. Their compliance is incredibly important.
What happens when financial institutions do not prioritise child safety? The stakes for non-compliance are substantial. Beyond the immediate risk of ICO enforcement actions - including potential fines of up to 4% of the global turnover for GDPR violations - there's significant reputational capital at play. In an era where data privacy concerns dominate headlines, mishandling children's information could erode customer trust that takes years to rebuild.
Read the ICO’s full report here
