On 1 April 2025, the Information Commissioner’s Office (ICO) published detailed findings from its review into the use of children’s data by financial services.
The review looked at the gathering of children’s data from services supplying them with current accounts, savings accounts, trust accounts, ISAs and prepaid cards, with a focus on the following areas: governance, transparency, use of information, individual rights, age verification, and further contact and marketing.
The review report summarises:
- Evidence of good practice.
- Evidence of risks to data protection compliance.
- Instances where the ICO found that improvements may be necessary to data practices.
Examples of areas identified in the report where financial services organisations need to make improvements include the need to revisit privacy information as children age and their understanding increases, having specific training for staff on children’s data protection, and making more of a distinction between parents and children when conducting marketing.