Here are breaches of trust, safeguarding, privacy and law. They expose kids to risks of online harm and discrimination.

Charities and public services must not share kids or encourage kids to share their troubles with social media and ad systems.

Social media only allow sites to use their embeds if sites respect terms regarding age limits, parental consent and data collection.

Had these organisations paid attention to the terms, they may have realised that what they were doing was wrong.

If you are distressed by any content, please seek support. The Samaritans are available on 116 123.

The Buzz (National Deaf Children's Society)

What was the charity getting wrong?

Some of their pages like this one offer deaf kids a video blog to enjoy.

The video content is hosted using YouTube embeds and therefore directing the children to the online harms risks of YouTube.

The embeds were not using YouTube's privacy enhanced mode. Thus, from a privacy perspective this was a worse situation than the Childline situation currently.

As a result of this, identifiable data was being sent to YouTube, without user consent, from NDCS's website, that indicates the user is likely a deaf kid. Data, that YouTube advises they will use for various purposes including their analytics, personalised adverts and video recommendations.

Furthermore, the YouTube embed asks the child to "Watch on youtube.com" when they hover over the YouTube icon and the video title takes the child to YouTube. Thus the embed the charity has chosen, is encouraging the kid to go to YouTube, where they are then at risk to the online harms risks outlined on the NSPCC article on this site.

Is it all fixed?

Not when last checked, but it is better than it was.

Raising the complaint

4th January 2023, NDCS and the ICO received a complaint detailing how The Buzz website was sharing data with YouTube.

Summary of their response

12th January

Thank you for flagging this to us, the charity takes Data Protection and Privacy very seriously.

We have done a number of things on our young person’s website when first created to protect any visitors to the site, but you have highlighted further areas where updates can be made to ensure that our website visitors are protected.

Over the last week we have been reviewing the current privacy settings and have been amending the videos to use You Tube’s no cookie embedded code, which has been done. We have also flagged the site as child directed in Google Search console.

We have started a complete review of the Buzz website looking at the following areas:

  1. We are in process of updating our content editors user guides and doing further training with the content editors to train them on how to set any videos they embed on the website to use You Tube’s no cookies embedded code.
  2. We have also started a complete review of how videos are held on the website which could result in videos being moved from You Tube.
  3. The Buzz website is having a complete technical audit, checking all the privacy settings to identify if there are any other areas where further improvements can be made.
  4. Further updates to the Buzz website will be made over the coming weeks to address any changes to how content is held or to address any issue that is identified

As this has only just commenced exact timings are not yet known but we have resources assigned and are working on the activities above.

Still waiting...

The response is improving the situation, but still poses many of the risks highlighed on the NSPCC page (directing kids to YouTube and non-consensual data collection).

As they have advised further updates will happen to their site, let's see what happens...