CIPL Project on Protecting Children's Data Privacy
Context and Background
Ensuring the protection of children’s data and privacy as well as the continued ability of children to participate and benefit from the information society services has become a hot topic in global data privacy law, policy and practice. Many stakeholders are trying to address several legal, regulatory and operational concerns and challenges in relation to this topic—including governments, policy- and law-makers and companies that provide services and products to children, or whose products and services are accessible to them. While companies are often criticised for their children’s data processing activities, they are also creating solutions that fill regulatory gaps.
The developments, debates and challenges cut across multiple jurisdictions, and some common topics include: determining the scope of application of special rules; age verification; age of children consent and parental consent; legal bases for processing; transparency; risk-based approach to regulation and compliance; protective mechanisms; exercise of children’s rights; balancing the benefits of children’s use of online services against the risks; online safety standards for processing children’s data. They also cut across multiple regulatory areas, such as ePrivacy Regulation, AI and algorithmic training.
In addition, CIPL has been observing a number of legal and regulatory data protection developments around the world specific to children’s data:
Taking into account the above developments and the increasing interest of CIPL members on the topic of children’s data, CIPL launched in April 2021 a special global project on Children’s Privacy.
This project was designed to build on the discussions on children’s data CIPL has already been having in 2019/2020 in the context of the GDPR, UK and US laws, but will have a broader, global scope to encompass the developments and challenges in other parts of the globe.
The project activities will include virtual and live events (if possible), roundtables, working sessions and written papers and other deliverables.
The project objectives are to enable CIPL members to:
The developments, debates and challenges cut across multiple jurisdictions, and some common topics include: determining the scope of application of special rules; age verification; age of children consent and parental consent; legal bases for processing; transparency; risk-based approach to regulation and compliance; protective mechanisms; exercise of children’s rights; balancing the benefits of children’s use of online services against the risks; online safety standards for processing children’s data. They also cut across multiple regulatory areas, such as ePrivacy Regulation, AI and algorithmic training.
In addition, CIPL has been observing a number of legal and regulatory data protection developments around the world specific to children’s data:
- Data protection laws across the globe have included, or are going to include, special provisions concerning the protection of children’s data, such as the California CPRA, the EU GDPR, the US COPPA, the Brazilian LGPD, Thailand’s and Korea’s data protection laws, as well as data protection bills in India, China, Indonesia, Philippines and Australia (Review of the Online Privacy Bill) and Ontario;
- Data protection authorities (DPAs) are increasingly focusing on children’s data and issuing guidance, rules, binding codes and decisions, including:
- US FTC’s public consultation on COPPA;
- Irish DPC’s publication of the final version of its guidance “Children Front and Centre: Fundamentals for a Child-Oriented Approach to Data Processing” (the Fundamentals).
- UK ICO’s statutory Age Appropriate Design Code and work on developing a risks and harms taxonomy and framework relating to the processing of children’s data;
- French CNIL’s recommendations to enhance the protection of children online;
- Italian Garante’s enforcement order to a social media company to immediately stop collecting and using data of users without verified minimum age; and
- EDPB’s recommendations on children’s consent and flagging children as a particular area of concern in the GDPR in their Guidelines 05/2020 on consent (EDPB is also expected to issue guidelines specific to children’s privacy).
- Law- and policy-makers are also working on new rules concerning children’s data processing, such as:
- New federal legislative proposals in the US concerning children’s data;
- The UK cross-departmental Verification of Children Online (VoCO) project, aiming to bringing about an internet that actively recognises children and adapts the spaces they use to make them safer by design; and
- The UK Draft Online Safety Bill;
- The EU Digital Services Act and European Parliament’s proposal to ban online ads that target children.
Taking into account the above developments and the increasing interest of CIPL members on the topic of children’s data, CIPL launched in April 2021 a special global project on Children’s Privacy.
This project was designed to build on the discussions on children’s data CIPL has already been having in 2019/2020 in the context of the GDPR, UK and US laws, but will have a broader, global scope to encompass the developments and challenges in other parts of the globe.
The project activities will include virtual and live events (if possible), roundtables, working sessions and written papers and other deliverables.
The project objectives are to enable CIPL members to:
- Engage with peers, children experts and key DPAs and relevant law and policy makers around the globe;
- Understand the operational and legal challenges in delivering compliance with children’s data protection provisions across multiple jurisdictions;
- Exchange information on best practices, solutions, and technologies to implement children’s data protection requirements;
- Explore how to build and apply a risk-based approach to children’s data protection compliance programs; and
- Shape the interpretation of data protection laws applicable to children in a way that drives global convergence.
Project White Papers, Written Submissions and Articles
A Multi-Stakeholder Dialogue on Age Assurance: Key Takeaways
May 15, 2024
CIPL Response to the ICO Consultation on the Draft Guidance for 'Likely to be Accessed' in the Context of the Children's Code
May 18, 2023
Key Takeaways from CIPL Roundtable on Age Assurance and Age Verification Tools
March 16, 2023
Protecting Children's Data Privacy Policy Paper I: International Issues and Compliance Challenges
October 20, 2022
CIPL Response to the Ireland Data Protection Commissioner's Draft Guidance on Fundamentals for a Child-Oriented Approach to Data Processing
March 26, 2021
CIPL Response to UK ICO Consultation on Age Appropriate Design - A Code of Practice for Online Services
May 31, 2019
CIPL White Paper on GDPR Implementation in Respect of Children's Data and Consent
March 6, 2018
May 15, 2024
CIPL Response to the ICO Consultation on the Draft Guidance for 'Likely to be Accessed' in the Context of the Children's Code
May 18, 2023
Key Takeaways from CIPL Roundtable on Age Assurance and Age Verification Tools
March 16, 2023
Protecting Children's Data Privacy Policy Paper I: International Issues and Compliance Challenges
October 20, 2022
CIPL Response to the Ireland Data Protection Commissioner's Draft Guidance on Fundamentals for a Child-Oriented Approach to Data Processing
March 26, 2021
CIPL Response to UK ICO Consultation on Age Appropriate Design - A Code of Practice for Online Services
May 31, 2019
CIPL White Paper on GDPR Implementation in Respect of Children's Data and Consent
March 6, 2018
Copyright © 2024 by the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP.
|