Feeds

Children should get keys to their data when they come of age

Data protection working party weighs in

Internet Security Threat Report 2014

Companies processing children's data may need explicit consent directly from a child to continue using it once that child reaches maturity, Europe's privacy officials have said. The child may also revoke consent given earlier by a parent or guardian.

The Article 29 Working Party, a committee of European countries' data protection officials, has said when a child becomes mature enough to make their own decisions anyone processing their sensitive data must ensure they have the child's permission and not just that of the child's representative.

"Sensitive personal data" is defined in data protection legislation and includes information about someone's ethnic origin, religious beliefs, health, and more.

The Working Party has outlined the requirement in its guide (pdf) to children's data protection. It said data protection policies for children must be sensitive to the point at which a child is mature enough to make his or her own decisions, and must respect those.

"If the processing of a child's data began with the consent of their representative, the child concerned may, on attaining majority, revoke the consent," said the guidance. "But if he wishes the processing to continue, it seems that the data subject need give explicit consent wherever this is required.

"For example, if a representative has given explicit consent to the inclusion of his child in a clinical trial, then upon attaining majority, the controller must make sure he still has a valid basis to process the personal data of the data subject. He must in particular consider obtaining the explicit consent of the data subject himself in order for the trial to continue, because sensitive data are involved," said the Working Party.

The Working Party also warned of the dangers posed to children's privacy by new digital recording technologies such as the video recording features on many models of mobile phones. It said schools must take responsibility for making children aware of one another's rights to privacy.

"Schools should warn their students that unrestrained circulation of video recordings, audio recordings and digital pictures can result in serious infringements of the data subjects’ right to privacy and personal data protection," it said.

The guidance also said any organisation that holds data on a child must be more than usually vigilant about deleting that data because it will lose its relevance more quickly than data about an adult.

"Because children are developing, the data relating to them change, and can quickly become outdated and irrelevant to the original purpose of collection. Data should not be kept after this happens," said the guidance.

The Working Party also advised that schools be particularly careful about collecting data on children, and said that children should be able to opt out of biometric access systems which are increasingly used in schools to control access to the school. It should be simple for children or their representatives to object and be issued with an access card instead, it said.

The guidance also warned schools about their use of websites. It said private information posted online should be protected, and that schools should exercise caution when using photographs of pupils, obtaining their permission first.

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Bladerunner sequel might actually be good. Harrison Ford is in it
Go ahead, you're all clear, kid... Sorry, wrong film
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
Forget Hillary, HP's ex CARLY FIORINA 'wants to be next US Prez'
Former CEO has political ambitions again, according to Washington DC sources
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.