In Britain, more than half of 12- to 15-year-olds are on Instagram, according to OfCom, the country’s communications regulator. So are 43 percent of 8- to 11-year-olds. But how many of them understand what they signed when they joined? Pretty much 0 percent, according to “Growing Up Digital”, a report released Jan. 5 by the UK Children’s Commissioner.

“Are you sure this is necessary? There are like, 100 pages,” said one 13-year-old who was asked to read Instagram’s terms of service. (Actually 17 pages, with 5,000 words, but still plenty.)

For the report, Jenny Afia, a privacy law expert at Schillings, a U.K.-based law firm, rewrote Instagram’s terms of service in child-friendly language (see page 10). Here are some of the paragraphs—the emphasis is ours:

– Officially you own any original pictures and videos you post, but we are allowed to use them, and we can let others use them as well, anywhere around the world. Other people might pay us to use them and we will not pay you for that. – […] we may keep, use and share your personal information with companies connected with Instagram. This information includes your name, email address, school, where you live, pictures, phone number, your likes and dislikes, where you go, who your friends are, how often you use Instagram, and any other personal information we findsuch as your birthday or who you are chatting with, including in private messages (DMs). – We might send you adverts connected to your interests which we are monitoring. You cannot stop us doing this and it will not always be obvious that it is an advert. – We can change or end Instagram, or stop you accessing Instagram at any time, for any reason and without letting you know in advance. We can also delete posts and other content randomly, without telling you, for any reason. If we do this, we will not be responsible for paying out any money and you won’t have any right to complain. – We can force you to give up your username for any reason. – We can, but do not have to, remove, edit, block and/or monitor anything posted or any accounts that we think breaks any of these rules. We are not responsible if somebody breaks the law or breaks these rules; but if you break them, you are responsible.

“…[I]f they made it more easy then people would actually read it and think twice about the app,” said another 13-year-old girl after being shown the revised policy. “One-third of internet users are children, but the internet wasn’t created for children,” Afia points out.

Of course, it’s not just kids who struggle; according to the report, only people with postgraduate levels of education could properly understand Instagram’s terms and conditions.

Afia thinks that once people become more aware of what they are giving up, they will demand better terms. But will they? Plenty of adults, after all, are signing similar terms and conditions without demanding that they be changed. Afia explains her optimism thus: “They don’t know what is being done, so no one is saying can it be done differently.”

So what can parents do?

The rewritten privacy policy in the report is a good starting point for parents to be able to talk to their kids about what they are signing away.

In the U.K. at least, Afia says, laws also exist that allow parents to find out what information companies have about their children and with whom they are sharing it. “But they don’t ask,” she says. “No one is asking and no one is holding them to account.”

In addition, the report includes advice and links to other resources for parents. For instance, it says:

the U.K. Safer Internet Centre has a “guide to technology” for parents.

A project called Net Aware offers a parents’ guide to popular apps kids are using, and rates them on their privacy policy, among other things.

A guide from the American Pediatric Family Media Plan provides a tool for planning children’s days so they get the right balance of online time and other activities.

Finally, the Children’s Commissioner’s report makes three policy recommendations.

The first is to create a compulsory “digital citizenship” program for kids aged 4 to 14, which would be led by older kids, and to a lesser degree, teachers. It would not focus on coding and algorithms, which are currently taught, but on how to protect your rights online and how to respect others’ rights; how to disengage as well as engage online.

The class would be built around 5Rights, an idea created by Beeban Kidron, a film director who said children’s online safety is “too vital to leave to the government.” Those rights are:

the right to remove that which you have put up;

the right to know who has access to your data and for what purposes;

the right to safety and support, or knowing where to go when things go wrong;

the right to informed and conscious use, or knowing that the internet wants to keep you on it and how to avoid that;

the right to digital literacy, understanding the use and purpose of what you are using and/or creating.

The report’s second policy recommendation is to implement the U.K.’s General Data Protection Regulation by writing terms and conditions in a way children can understand. And the third is to create a new Children’s Digital Ombudsman to liaise between parents and social media companies.

In practice, how such a person would have any leverage over the likes of Facebook remains to be seen. And it’s hard to imagine the incoming U.S. government, for example, adopting such a nanny-state measure. But as the report shows, there’s plenty parents themselves can do without waiting for the government or the social-media companies to change their stance.