Skip to content

Practical Scenario How-Tos

Protecting Your Child's Digital Footprint

A calm, step-by-step way to understand what's online about your child and to route the data-rights requests that help you tidy it up.

In short

To protect a child's digital footprint, first see what already exists about them online, then reduce what you can control: tighten privacy settings, limit what you and others post, and use UK GDPR rights such as access and erasure to ask organisations to show or remove their data. Parents usually exercise these rights on a young child's behalf.

What a child's digital footprint actually is

A child's digital footprint is the trail of personal data connected to them online. Some of it is active, created when a child posts, comments, or signs up for an app. A surprising amount is passive: school portals, photos shared by relatives, screenshots in group chats, profiles on platforms a child joined years ago, and records held by companies a family has used. Children rarely create most of this themselves, which is exactly why a parent's calm attention helps.

Under UK GDPR, a child's information is personal data just like an adult's, and any organisation holding it is acting as the data controller for that data. That gives the child rights, and where a child is too young to act for themselves, a parent or guardian can usually exercise those rights on their behalf. As children grow older, they increasingly make their own decisions about their data, so this becomes a shared conversation rather than something done entirely for them.

The goal here is understanding, not alarm. You cannot see or control everything, and no one honestly can. What you can do is build a clear picture of the obvious, reachable parts of the footprint and decide, together where appropriate, which pieces are worth tidying up. This article is general information, not legal advice.

  • Active footprint: things your child posts, uploads, or signs up for
  • Passive footprint: data others create, like tagged photos or account records
  • Inherited footprint: old accounts and apps a child has outgrown

Step by step: see it, then tidy it

Working through this in order keeps it manageable. The aim is to move from a vague worry to a short, specific list of things you can actually act on. Do this with your child where their age makes that appropriate, so they learn the habit rather than just having it done for them.

Most steps are about looking first and acting second. Many parents find that simply tightening privacy settings and pausing before posting handles a large share of the footprint, with formal data-rights requests reserved for the handful of organisations that genuinely hold data you want to see or remove.

  • Search your child's name (and common nicknames) in a few search engines to see what is publicly visible.
  • List the apps, games, and accounts your child uses, plus any old ones still active, and review each one's privacy settings.
  • Check what relatives and friends have shared, and politely ask them to take down or restrict anything you would rather not be public.
  • For organisations that hold your child's data, send an access request to see exactly what they hold.
  • Where data is no longer needed or was collected without a proper basis, send an erasure request asking them to delete it.
  • Set a calm recurring reminder, perhaps every few months, to repeat a quick version of this review.

Using data-rights requests for a child

Two UK GDPR rights do most of the work here. The right of access lets you ask an organisation to confirm what personal data it holds about your child and to provide a copy. The right to erasure lets you ask it to delete that data in certain situations, for example when the data is no longer needed or was based on consent that has been withdrawn. You make these requests directly to each organisation as the data controller.

When a request is on behalf of a child, explain that you are the parent or guardian and be ready to show that you are entitled to act for them. Organisations may ask for reasonable proof of identity and of your relationship to the child, which is normal and helps protect the child's data from the wrong hands. Keep your wording simple and specific, and note the date you sent it, as there are time limits for a response.

If an organisation does not reply, refuses without a clear reason, or handles the request poorly, you can raise a complaint with the Information Commissioner's Office, the UK's data protection regulator. OSINTA can help you understand your child's footprint and prepare these requests, but the decisions stay with you, and this remains general information rather than legal advice.

Frequently asked questions

Can I make a data request on behalf of my child?

Yes. Where a child is too young to act for themselves, a parent or guardian can usually exercise data-protection rights on their behalf. Organisations may ask for reasonable proof of your identity and that you are entitled to act for the child before they respond.

At what age does my child make their own data decisions?

There is no single switch. As a child matures they take on more say over their own data, so it becomes a shared conversation. In the UK, children are often considered able to make many of their own data choices from around the age of 12 or 13, though it depends on the child and the situation.

Can I get old photos or accounts deleted?

You can ask. The right to erasure lets you request deletion in certain cases, such as when data is no longer needed or was based on consent that has been withdrawn. The organisation holding the data decides whether an exception applies. No one can promise that every item will be removed.

Is this legal advice?

No. This article is general information about UK GDPR and the role of the ICO, not legal advice for your situation. For advice on a specific concern about your child, consider speaking to a qualified professional.

Related terms

This is general information, not legal advice. For guidance on your own situation, consider speaking with a qualified professional.

Reviewed by OSINTA's founding lawyer — 2026-06-27.

Tidy your child's footprint, one calm step at a time

See what's out there, decide together what to tidy, and route the requests that help, with you in control.

See the DSAR guideJoin the waitlist