Before starting to explain the subject we are going to deal with in this entry, it is worth detailing what is meant by «personal data»
.
A simple concept that society tends to confuse or ignore, but we must be clear to avoid irregularities.
Some time ago, LAWYOU published an entry regarding the definition and treatment of this personal data (to see the entry click here).
By way of summary, personal data is any information about any natural person that makes it possible to know or identify him or her. These data constitute very personal and transcendent information about the specific person, so it is necessary to make good use of it and acquire the necessary means to not disseminate it erroneously.
Nowadays, the issue regarding the treatment of minors’ data is transcendental due to the social and personal problems that have been triggered by the publication by minors of certain information on social networks.
The processing of minors’ data is subject to greater control due to the situation of special vulnerability in which these subjects find themselves. Due to this, the Spanish Data Protection Agency (AEPD) requires a reinforced discipline as far as consent is concerned.
Are the data of all minors treated equally?
.
Spanish data protection legislation, Organic Law 15/1999, of December 13, 1999, on the Protection of Personal Data, differentiates between those minors who are over 14 years of age and those who are not. The most problematic and transcendental with respect to personal data are minors under 14 years of age.
Personal information relating to minors over 14 years of age requires the prior, free, unambiguous, specific and informed consent of the minor in question, with no other particularity or requirement. On the other hand, the difference lies in the processing of personal data of minors under 14 years of age. The procedure for handling information relating to these minors may only be processed when the parents or guardians of the minors give their prior consent.
In short, the great dissimilarity between the processing of personal data of minors over 14 years of age and those under 14 years of age lies in who gives consent.
Likewise, at LAWYOU we consider that the new General Data Protection Regulation (EU) No. 2016/679 deserves to be taken into account. This is a Regulation that includes a new obligation in relation to consent, indicating that the data controller must be able to prove that such consent exists, i.e., whoever makes use of the personal data of the minor will have the burden of proving the existence of consent.
In the case of minors under 14 years of age, the Regulation imposes greater requirements on the controller, such as the valid verification of the age of the minor and the lawfulness of the consent given by the parents or legal guardians of the minor in question.
In the case of minors under 14 years of age, who should exercise the ARCO Rights?
.
The Rights of access, rectification, cancellation and opposition (ARCO) are very personal rights that can only be exercised by the owners of the personal data or by a third party duly representing them.
In this section we must also differentiate between minors over 14 years of age and minors under 14 years of age, with more emphasis on the latter. As regards the former, they are the ones who are qualified to exercise these Rights, their authorization being necessary for their parents or guardians to be able to exercise them.
As for the latter, the exercise of the ARCO Rights will always be carried out by whoever holds the parental authority or guardianship of these minors.
What happens with the publication of photos of minors?
.
An image constitutes personal data and, therefore, in general, data protection regulations apply to it. The publication, capture and dissemination of any image or photographic content of a minor will require the authorization of the person concerned or of the parents or guardians of the latter when the minor is under 14 years of age.
In the case of images taken or recorded at school events, it will be necessary to differentiate the cases in which it is an event within the educational function or outside it. In the case of events within the educational function, the use of personal data is understood to fall within the scope of the Organic Law on Education.
However, it is recommended that the educational center request permission from parents or guardians for the participation of minors in school events and inform them of the possibility that family and friends of the students may take pictures of the event for domestic use. This recommendation is intended to encourage good practice by those attending.
On the other hand, in the case of an event outside the educational function, we will have to assess whether the personal data are images for domestic and personal use or whether it is the center itself that records the images. In the case of images recorded by family and friends, it is understood that the authorization of the parent or guardian is not necessary, since, in accordance with social customs, such recordings will only be used within the scope of private and family life.
However, in the case of images recorded by the center itself, the center must inform minors over 14 years of age or parents and guardians in the case of minors under 14 years of age, on the one hand, of the purpose of the recording of the images and, on the other hand, of the intended dissemination of the images, i.e., if they are to be published on websites, social networks, or any other type of publication, and request their consent.
More and more independent lawyers are wondering about the correct treatment of children’s data with regard to the procedures to be followed and the need to adopt certain security measures to protect such important data.
In order to meet the expectations of our clients and to provide them with an unbeatable treatment, LAWYOU helps you to provide a safe service regarding the treatment of these especially vulnerable people with the training of several lawyers specialized in innovation, new technologies and data protection. All this in order to reduce the risk that the information can produce to unprotected people.
Comentarios