Making responsible use of the Internet is a pending task for all of us. We must know what risks our personal data are exposed to and Caring for minors in the digital environment since they are more exposed and deserve greater protection. And so demands it article 84 of the General Data Protection Regulation (GDPR) which tells us that "fathers, mothers, guardians, curators or legal representatives must ensure that minors make balanced and responsible use of digital devices and information society services in order to guarantee adequate development of their personality and preserve their dignity and fundamental rights.”
In turn, the article 97 of the Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD), refers to the Policies to promote digital rights with which the Government, in collaboration with the autonomous communities, requires that an Internet Access Plan be prepared with the aim of promoting the training, dissemination and awareness actions necessary to ensure that minors make balanced and responsible use of digital devices and social networks and the equivalent information society services of the Internet in order to guarantee their adequate development of personality and preserve their dignity and fundamental rights.
Even Title X of the LOPDGDD undertakes the task of recognizing and guaranteeing a list of digital rights of citizens in accordance with the mandate established in the Constitution. As a result we have the Digital Bill of Rights.
However, regardless of our efforts to protect minors, it is the data controllers (RTs) who must exercise extreme caution when they wish to carry out any activity involving the processing of minors' data.
Such is the protection given to minors who art. 73 LOPDGDD consider that it is a serious infringement the processing of personal data of a minor without obtaining their consent, when they have the capacity to do so, or that of the holder of their parental authority or guardianship. And, within the different legitimizing bases available in the RGPD, consent is the most recurrent in the digital environment, whether to activate cookies, register a user's registration, share information or subscribe to the newsletter.
He art. 8.1 GDPR establishes that when the legality of the processing of personal data is based on the consent given by a minor In the area of direct offers to these information society services, it will be considered granted lawfully when the person is at least 16 years old. However, In Spain this age limit drops to 14 years. For the little ones, the intervention of those who have parental authority or guardianship will be necessary.
It is also considered a serious infraction not to prove the use of reasonable efforts to verify the validity of the consent given. Therefore, to avoid a penalty, when implementing the security measures referred to in art. 32 GDPR and art. 28 LOPDGDD, data controllers must take into account the greater risks that could occur in the processing of personal data of minors in the digital environment.
As an example, we bring the article 92 LOPDGDD, on the protection of minors' data on the Internet, which tells us that educational centers and any natural or legal persons that carry out activities in which minors participate. will guarantee protection of the best interests of the minor and your fundamental rights, especially the right to protection of personal data, in the publication or dissemination of your personal data through information society services.
Another example is found in the Guide of the Spanish Data Protection Agency on the use of cookies on web pages where it specifies that in Sites that are frequented by minors must adapt informative messages so that the minor is aware of the risks to which they are exposed and the personal data they provide. An acceptance form is even enabled for those who have parental authority or guardianship to verify that the minor is authorized to enter said website. Finally, the development of the website must be adequate and relevant, so that no more data is requested than is strictly necessary (privacy by design).
If you are interested in data protection and want to develop professionally in this sector, request information about our Master in Compliance & Data Protection Management on this page.
