Fundamentals

On May 25, 2022, the Irish Data Protection Commission (“DPC”) issued 3 short guides for children, with the objective of raising awareness among adolescents about data protection and their privacy rights, as well as serving as a resource “for parents, educators and anyone [else] interested in children’s safety and wellbeing online”. The 3 guides

One of every five people (20.5%) in Ireland are children under the age of 14.  This constitutes the highest proportion of children in the EU, where the average was 15.2% in 2019.  Ireland’s proportion of young people under the age of 30 is also the highest in the EU, at 39%.  It’s an influential figure for Irish policy makers and regulators, who have strengthened their approach to protection of children’s personal data in recent years.  This greater emphasis on children’s rights is due to a number of additional intersecting dynamics including EU law, child abuse scandals, a rise in cyberbullying, and a growing consensus that children face heightened digital risks.  These dynamics have also informed the planned establishment of an Online Safety Commissioner, currently advancing as part of the Online Safety and Media Regulation Bill just published and currently receiving strong media attention.

Together with the Irish DPC role as lead regulator for many leading technology and social media companies, these legal and cultural headwinds provide the context within which the DPC aims to develop strong child data protection standards.

Introduction

Following extensive public consultation, with experts as well as school children, the DPC has issued comprehensive guidance on the processing of children’s data.  Entitled “Children Front and Centre: Fundamentals for a Child-Oriented Approach to Data Processing,” the guidance sets out 14 principles (referred to as “the Fundamentals”) for organizations engaged in processing the personal data of children.

In addition to the usual GDPR expectations, the specific Fundamentals also include:

  • Zero interference with a child’s best interests, where organizations rely on legitimate interests as their legal basis for processing;
  • “Know your customer” requirements focusing on child-oriented transparency; and
  • Specific guidance around age verification and consent

The overall aim of the Fundamentals, in protecting the best interests of children, is to at least set a default floor of high standardised protection for all data subjects where children may form part of a mixed user audience.Continue Reading Irish DPC Publishes Guidance On Processing Children’s Personal Data