One out of three Internet users has not reached the age of 18; some call them “digital natives”, because they were born after the invention of Internet, and the global communication it implies.

Although they might outsmart us in the use of digital competences, they might not be as savvy when it comes to understand their rights and obligations in the digital world. It is our duty, as adults, to ensure their rights are well preserved.

New european law regarding data protection: the GDPR

The General Data Protection Regulation (GDPR) is due to become law across the EU in May 2018.

This law has to be applied by any company or institution that stores and/or manages personal information. School managers must be especially aware of the provisions of this law, because the GDPR brings special protection in the case of children’s personal data.

There are many rules regarding the use of children’s personal data in the context of commercial internet services, and the use of social networks. The most important provisions for school managers to keep in mind are:

  • Age of consent: the Member States will agree on the minimum age where anyone will be entitled to give their own consent to the use of its own personal data; which will be between 13 or 16. 
  • Parental/guardian consent: the institution storing children’s personal data must make reasonable efforts to verify that consent has been given or authorized by the holder of parental responsibility in the light of available technology. 
  • There are some exceptions the requirement of parental consent, for instance, when the children’s personal information is stored to provide counselling services. 
  • The protection of this law is especially significant where children’s information is used for the purpose of creating online profiles.
    Some criticise the GDPR, since it does not specify the age at which a person is to be considered a child; it simply refers to children as “vulnerable individuals” who deserve “specific protection”.

In light of the new legislation about data protection, school managers must consider:

  • Putting systems in place to ensure the implementation of  appropriate parental consent mechanisms.
  • When issuing children’s data, schools must obtain boardroom approval, since the GDPR includes the directors’ personal liability in case of misuse of personal data.