Feature Requests
Share ideas, discuss and vote on requests from other users in community
 

Data Protection for Children and Date of Birth tracking.

CurtisMEDIAMAD shared this idea 3 months ago
Under Consideration

Some great new features are upcoming to support us with GDPR! Keep up the great work guys.

One concern I have just stumbled across is when dealing with children. GDPR requires anyone recording the personal information of anyone under the age of 16 (this May be lowered to 13 in the UK) to gain permission from a parent or guardian and again to store and keep a record of this information.

Currently WHMCS doesn’t actually record the age (date of birth) of any clients. This may pose an issue, 1, for organisations who may purposefully focus their services towards clients of this age and 2, any organisation in general as we all know WHMCS is best know for its automation features, however when do we ever ask ourselves who is actually signing upto our services, there is currently nothing to stop a child signing upto our services. I really think this is something that should be considered.

Comments (6)

photo
1

Hi,

Thanks for your suggestion. Can you clarify for me, specifically what functionality are you proposing be added/changed in WHMCS?

photo
1

Hi John,

I think it would be important to have the date of birth field implemented possibly as a standard profile question for clients accounts, this could further be enhanced by allowing functionality within WHMCS so that if a child signs up for our services with a date of birth under the threshold, this could either simply trigger a task or ticket for staff to investigate and request parental permissions, or the better option if WHMCS supported this fully, this could request the the child's parents complete the second newly implemented form to give their consent and that this be logged and tracked within WHMCS.

photo
1

I think this is a must have feature for the upcoming GDPR changes. I think it is article 8 of the GDPR: http://www.privacy-regulation.eu/en/article-8-conditions-applicable-to-child%27s-consent-in-relation-to-information-society-services-GDPR.htm

Since different countries can specify different ages, the threshold age would have to be adjustable.

photo
1

Hi,

Thanks for the information. There is existing regulation for children's online privacy in other parts of the world (eg. COPPA) whose requirements are not met as standard by WHMCS. We've not seen any demand for this before, so it's not something currently on our radar.

I'd be interested to learn what services you are offering to minors using WHMCS?

photo
1

Hi, we ourselves don’t directly target minors, however as stated due to the way WHMCS works currently, there is no way unless you were to contact each of your new customers directly to know if the person creating the account is over the age of 16 or 18. And I am sure there could be companies who do offer products to minors as there has been a big push in Website and software development throughout the UK’s education system and I think it’s important for any company to ensure the safety of those minors or at least have the ability to track which accounts may be someone under a certain age.

Also, my opinion aside, this is something that is changing with GDPR and is becoming more of a compliance issue if we are not able to do so.

Thanks

photo
1

I think the best solution would be a checkbox with the statement, 'You must be at least 16 years old to use our services. Please check this box to confirm you are aged 16 or over' or similar. If they don't tick it but try to submit, they're informed they're not able to create an account or place an order. This is GDPR compliant - it avoids asking for unnecessary data (like birthdays) but can be also used as proof that attempts were made for consent/age.