With the EU General Regulation on Data Protection coming into force next year, lawyers have a big opportunity to ensure products and services for children incorporate ‘data protection by design’
The global Safer Internet Day 2017 – which took place on 7 February – should encourage us to reflect on how we can use the law to safeguard and protect children from the dangers of the internet. And this is not only from the perspective of penalising offenders, we also have to do more to address issues such as impersonation, as this is often a very common approach used by those seeking to use the internet to harm children.
However, there are other areas of the law which could be improved in this context. In May 2018, the European Union’s General Regulation on Data Protection will come into force. Although references to children in the regulation are limited, it has great potential for safeguarding them. It is not only a matter of the need to obtain consent or authorisation to use children’s data, but rather, using this mandate to govern the entire approach to, or holistic vision of, safeguarding the interests of children.
‘Data protection by design’
Firstly, there is the duty to apply the principle of “data protection by design”, with data protection being the default position. This is fertile ground in which we can encourage lawyers’ commitment to the safety of our children. By adhering to this principle, it will lead us, without a doubt, to seek options that ensure the privacy of children and protect their interests, while minimising the impact on their data. In addition, with regard to the duty to be transparent, this principle will also help us look for a way in which to clearly communicate ideas about privacy and help to contribute to strengthening it.
A so-called impact analysis on data protection will also help us develop criteria on which we can base decisions on providing “safe spaces” on the internet, or on mobiles, or even on toys that are connected to the web. And such an analysis must not always focus solely and exclusively on data protection regulations. It should also consider risks to safety, as well as the potential impact on the personalities of children. To repeat, underpinning all of this analysis should be the best interests of the child. It is not necessary to emphasise the fundamental value of “safety by design” both in relation to the analysis itself, as well as in the development of all products, services and applications that are intended for use by children.
Codes of conduct
Finally, though this list is not exhaustive, so-called codes of conduct, as well as relevant certification, also provide a significant opportunity for improving the safety of children in relation to the internet. Either by considering a situation in which the processing of children’s personal data is included in general rules or policies, or by encouraging specific codes of conduct related to sectors such as education, pediatric care or the toy industry.
In addition, we must identify the cross-border issues that will impact on this subject. Multimedia convergence on Smartphones may mean that legislation protecting minors in relation to media may be considerably out of date. The publication of images, even spontaneously in a family or school context, will require a reconsideration of the meaning and objectives of the legal framework that has evolved for protecting children. In the context of schools, and the associated dynamics, we should consider whether there is room for improvement in legislation related to education, curricula and school rules.
The list could be expanded to include measures relevant to different sectors. Suffice to say that the regulation of the fundamental rights of citizens in the digital world is now on the agenda. This is an extraordinary opportunity to propose the development of a framework that favours, and supports, the digital transformation of our society. Experts must dedicate themselves to overcoming dogmatic beliefs and prejudices by disseminating their knowledge and experience. The reality of the internet requires standards that are viable and which are used to contribute to the building of a better and safer society for our children. The challenge is certainly formidable, but the goal deserves our maximum effort and dedication.
Ricard Martínez is director of the chair of privacy and digital transformation at Microsoft-Universitat de València