Momio is the kids’ first social media, catering to kids aged 7 – 13 years of age. So limiting processing of the Momio users’ personal data has always been core to our ways of doing business. We are therefore looking forward to May 25, 2018 when the EU General Data Protection Regulation (known as the “GDPR”) has effect.
We believe GDPR is good since it puts a European focus on privacy and data security being a fundamental human right. Many people haven’t always been conscious of what personal information of theirs is being processed when using free services like Facebook, Instagram, Facebook Messenger, Snapchat, YouTube, Musical.ly and the like. This is especially true when it comes to children under 13 using adult-oriented services.
GDPR makes it possible for the users to be more in control when it comes to privacy, which is good. It also compels organisations to be transparent and account for their actions, which is even better. Finally, GDPR is a great opportunity for organisations like Momio to build trust with users and their parents.
We have a very good connection with the Momio users, but we have lacked a way to get in direct contact with their parents. We know from research that online privacy is a concern for parents. GDPR is therefore welcomed since we will now get in direct contact with the parents and tell about Momio being a safe, fun, first social media for their kids.
We acknowledge, that children need particular protection when we are collecting and processing their personal data because they may be less aware of the risks involved. We handle the users’ data with the utmost respect and care, and process only necessary personal data and primarily for safety reasons.
Data protection by design and by default: Momio Lite
As part of the principle of data protection by design and by default, we are launching a Lite version of Momio called Momio Lite. All users will by default be Momio Lite after May 25, 2018 if we haven’t gotten consent to save their personal data either from them or their parents. Momio Lite users can dress their momio, decorate their room, have friends, see what other momios are posting, engage by liking and sharing and watch videos and advertising. The only change from the current Momio user perspective is that Momio Lite users can only use emojis when making posts, chats and comments and they can’t post pictures. The reason for this limitation is that text and images can contain personal data.
Momio Lite is integrated into the current Momio app, so the user will not need to download a new app but just update the current Momio app when applicable.
When a Momio user with consent is chatting with a Momio Lite user without consent, then communication will be on the same level, i.e. only via emojis and no images, so no personal data is shared between the users.
If a user withdraws consent, then all posts, chats, images and other personal data like email and school information will be removed from Momio.
Consent is required by the GDPR
In the GDPR the age limit is 16 years of age for giving consent but can be down to 13 in select countries. If the user is below age limit, then they will need to get parental acceptance to allow us to process personal data. If they do not get their parents’ consent, then they will have the Momio Lite version, where no personal data is processed.
The parental acceptance flow is handled by email and a Momio Parents page, where the parents can see some basic information about their kids’ Momio account.
The parent can see the Momio username of the child, help their child if the child forgets their password, and control the consent. They will also have easy access to more information about Momio.
If the user does not get consent, then the user will stay as a Momio Lite user, and no personal data will be processed.
The child’s data protection rights
The Momio users will have access to an updated settings menu, where they can manage their account. The Momio users will have the possibility to access their personal data, request rectification, object to processing and have their personal data erased.
Children learn digital intelligence
The GDPR changes fit well into the Momio principles. We have as a focus to teach the children about digital intelligence, which includes topics like digital identity, digital use, digital safety, digital security, digital emotional intelligence, digital communication and digital literacy. We will, as part of GDPR, start to teach our users about digital rights as well, so the Momio users will be better equipped on this topic when moving on to more adult-oriented media when they get older.