The Irish Data Protection Commission (DPC) launched a consultation on the processing of children’s personal data with a view to introducing guidance and a Code of Conduct for organisations.
Although it will be some time before any steps are taken, it is important that businesses are aware of the key issues involved and to consider developing and investing in their own technology solutions to meet legal requirements under the Data Protection Act and General Data Protection Regulation (GDPR).
On the 19th December 2018, the DPC opened a consultation and invited public comment on the processing of children’s personal data.
The GDPR’s regulation of children’s data is open-ended. There is no direct list of information that must be provided to children (or their parents) before children’s data is processed. The different EU member states may set the age at which children themselves may consent to the processing of their data for use online which means for children under that age parent’s consent would be required. This varies between 13 and 16 in member states, with Ireland taking 16 as the threshold – a marker of its commitment to protecting children.
The DPC intends to publish a Code of Conduct on processing children’s data. This has a basis in the Irish Data Protection Act, which encourages the formation of codes of conduct in specific sectoral areas, such as the protection of children’s rights, transparency of information and the manner in which parents’ consent is to be obtained. The Code will enable the DPC to carry out mandatory monitoring of compliance with the Codes of Conduct by the controllers or processors which undertake to apply it.
To read the full blog please click on the link below: