Odia Kagan of Fox Rothschild writes:
With enforcement on children’s data privacy ramping up around the world, Ireland’s Data Protection Commission has issued a detailed report on the fundamental principles of such data privacy, as well as some helpful suggestions to controllers on how to improve.
The key principles:
- FLOOR OF PROTECTION: Online service providers should provide a “floor” of protection for all users, unless they take a risk-based approach to verifying the age of their users.
- CLEAR-CUT CONSENT: When a child has given consent for their data to be processed, that consent must be freely given, specific, informed and unambiguous, and by a clear statement or affirmative action.
- ZERO INTERFERENCE: Ensure that the pursuit of legitimate interests do not interfere with, conflict with or negatively impact, at any level, the best interests of the child.
- KNOW YOUR AUDIENCE: Take steps to identify your users and ensure that services directed at/ intended for or likely to be accessed by children have child-specific data protection measures in place.
- INFORMATION IN EVERY INSTANCE: Children, not just their parents, are entitled to receive information about the processing of their own personal data.
Read more of the key principles and recommendations at Privacy Compliance & Data Security.