• 0800 0862018
  • This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Mon - Fri 8:00 - 17:00

Best Practice Update

hand holding a mobile phone with social media icons on it. Litus Digital logo and Data Protection Education logo. Guardians of Privacy: Navigating social media in educational settings in blue text.  A series of articles about social media, privacy and schools in black text.  Coloured pencils at the bottom

Guardians of Privacy: 2. Law and Regulations

This article is one of a series written by Data Protection Education in collaboration with Litus Digital, a social media management company.  The articles came about from questions asked by Data Protection Education's customers, our own experience of working in education,  as school governors, parents and data protection professionals.  The articles raise questions about how social media can be used as safely as possible in a school environment,  security considerations, the law and protecting children.  It is not possible to cover every aspect of social media, but the articles aim to provide guidance, raise privacy questions and provide some support for safe posting.


The ICO looks at social media from the viewpoint of targeting individuals for advertising purposes or data leaks or excessive use of personal data without the data subject’s knowledge by large organisations.

The ICO’s recommendation  for taking control of your personal data on social media platforms is to use the privacy settings on the apps.  Check the settings before using the service, particularly if there has been an update and your settings may have changed.  Further details, are here and include factsheets for all the major social media channels:


The ICO website indicates that children require specific protection with regard to their personal data as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data.

ICO: What should our general approach to processing children's personal data be?

The Children’s Code

The Children’s Code specifies that any website directly being used by children (online services) must follow a set of rules.  They should provide layers of protection for children’s data.

This might involve restricting or removing certain features to children if they’re under 18. Some of the things you might see are:

  • privacy settings being automatically set to very high;
  • children and their parents/carers being given more control of the privacy settings;
  • non-essential location tracking being switched off;
  • children no longer being ‘nudged’ by sites through notifications to lower their privacy settings; and
  • clearer and more accessible tools being in place to help children exercise their data protection rights (including parental consent tools).
  • Age appropriate content;

    These changes should result in a more positive experience for children online. For example, not having location tracking on may reduce unwanted friend recommendations from people that your child doesn’t know. It should also mean that people your child isn’t friends with shouldn’t be able to see their profile.

    The ICO have produced a number of lesson plans to explain this: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/childrens-information/school-resources/

    The ICO have created a document to explain the Children’s Code to teachers: chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://ico.org.uk/media/4019820/5-background-for-teachers-childrens-code-summary.pdf

    Most social media accounts require the user to be at least 13 years old.  However, it is easy to sign up with a false date of birth.  The following organisations provide help and support for when children are unsure about keeping safe online.

    Online Safety Bill

    The Online Safety Bill has recently been made law and goes a long way to protect children on the internet:

    • Protecting children from harmful online content
    • Limiting user’s exposure to illegal content
    • Requiring online platforms that allow people to post their own content ensure they ‘protect children, tackle illegal activity and uphold their terms and conditions’
    • Ofcom to regulate and fine companies who fail to comply.
    • Tech firms and executives to be held more accountable
    • Protection of freedom of speech

    Further information can be found here: The UK Online Safety Bill becomes an Act (Law)

    Keeping Children Safe in Education

    The DfE has published a new version of Keeping Children Safe in Education in September 2023 which includes a lot about online safety.  When posting to social media, organisations should consider what is covered in this document:

    • All staff should receive appropriate child protection training (including online safety, understanding of the expectations, applicable roles and responsibilities in relation to filtering and monitoring.
    • Staff should be aware of abuse/neglect inside and outside school and online.
    • Staff should be aware technology is a significant component in many safeguarding and wellbeing issues.
    • Awareness of sexual abuse online
    • Awareness of abuse by other children online
    • Physical/sexual abuse could contain an online element
    • DSL should take the lead for online safety and understand the filtering and monitoring systems and processes in place.
    • Governing body should ensure all staff undergo online safety training (including understanding expectations, applicable roles and responsibilities in relation to filtering and monitoring).
    • Staff should receive regular online training (at least annually).
    • Children should also be taught online safety training.
    • Children should be taught how to keep themselves and others safe online
    • Appropriate monitoring of school devices and networks
    • Communication online safety with parents and carers.
    • Cognitive understanding in online content for SEND children.
    • Schools should consider meeting the Cyber Security Standards.
    • Governing body should include an understanding of the monitoring and filtering and should review the standards with IT staff and service providers.
    • Safeguarding should be reflected in the organisation's approach to devices and networks.

    The National Cyber Security Centre also advises using privacy settings across all social media platforms to manage your digital footprint:  Social Media: how to use it safely.

    Guardians of Privacy: Social Media Articles

    Other Articles about Social Media: