In January 2021, the French Supervisory Authority (“CNIL”) published a summary report of contributions it received in response to a public consultation and survey on the digital rights of minors launched in April 2020 (see the press release here and a summary report here, both in French).  Stakeholders who responded to the consultation included companies, professionals dedicated to the legal and educational issues related to children, parents and minors.

Among other things, the CNIL’s summary highlights the significant and autonomous participation of minors online – a reality which the CNIL believes is often underestimated by parents and guardians.  Moreover, responses to the survey appear to reveal two major trends among stakeholder views: first, the need to strengthen protections for minors online, and second, a desire to enhance the autonomy of minors online.  The CNIL states that these two goals are not necessarily incompatible, as long as online autonomy goes hand-in-hand with robust privacy protections.

Following this summary report, the CNIL stated that in the first half of 2021 it will clarify three remaining issues concerning: (i) consent and age verification mechanisms; (ii) the conditions under which minors can be granted more autonomy online; and (iii) the exercise of digital rights by minors.  The ultimate goal is to offer practical advice and clarify certain child-specific aspects of the legal framework – in particular, the General Data Protection Regulation (“GDPR”) – in order to better protect the rights of minors in the digital environment.

The CNIL’s report and forthcoming guidance come on the heels of other notable European developments in the area of children’s privacy.  In particular, the Irish Data Protection Commission (“DPC”) and the UK’s Information Commissioner’s Office (“ICO”) have each recently carried out similar initiatives, looking closely into child-specific privacy issues and publishing in-depth guidance on the topic (see our blog posts on the Irish DPC’s draft Fundamentals here, and the UK ICO’s Age Appropriate Design Code here).

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kristof Van Quathem Kristof Van Quathem

Kristof Van Quathem advises clients on information technology matters and policy, with a focus on data protection, cybercrime and various EU data-related initiatives, such as the Data Act, the AI Act and EHDS.

Kristof has been specializing in this area for over twenty…

Kristof Van Quathem advises clients on information technology matters and policy, with a focus on data protection, cybercrime and various EU data-related initiatives, such as the Data Act, the AI Act and EHDS.

Kristof has been specializing in this area for over twenty years and developed particular experience in the life science and information technology sectors. He counsels clients on government affairs strategies concerning EU lawmaking and their compliance with applicable regulatory frameworks, and has represented clients in non-contentious and contentious matters before data protection authorities, national courts and the Court of the Justice of the EU.

Kristof is admitted to practice in Belgium.

Photo of Nicholas Shepherd Nicholas Shepherd

Nicholas Shepherd is an associate in Covington’s Washington, DC office, where he is a member of the Data Privacy and Cybersecurity Practice Group, advising clients on compliance with all aspects of the European General Data Protection Regulation (GDPR), ePrivacy Directive, European direct marketing…

Nicholas Shepherd is an associate in Covington’s Washington, DC office, where he is a member of the Data Privacy and Cybersecurity Practice Group, advising clients on compliance with all aspects of the European General Data Protection Regulation (GDPR), ePrivacy Directive, European direct marketing laws, and other privacy and cybersecurity laws worldwide. Nick counsels on topics that include adtech, anonymization, children’s privacy, cross-border transfer restrictions, and much more, providing advice tailored to product- and service-specific contexts to help clients apply a risk-based approach in addressing requirements in relation to transparency, consent, lawful processing, data sharing, and others.

A U.S.-trained and qualified lawyer with 7 years of working experience in Europe, Nick leverages his multi-faceted legal background and international experience to provide clear and pragmatic advice to help organizations address their privacy compliance obligations across jurisdictions.