Recent EU-wide decision enhanced the requirements for children’s data protection even more
When a week ago Irish Data Protection Authority (DPA) fined Meta company for violating GDPR and publicizing children that were using Instagram for Business contact data with 405 mm Eur, it was the first EU-wide decision on children’s data protection rights and the first binding decision of the European Data Protection Board (EDPB) on the lawfulness of processing personal data.
It was a costly reminder for Meta – but other businesses now can learn from its mistake and not their own. Our colleagues suggest three key takeaways for businesses that process child data:
- It is particularly important to ensure child privacy at the highest level
- Determine the legal basis for the processing of personal data very carefully in each situation
- Where the processing is based on the legitimate interest of the controller, a balancing test should always be applied before assessing its proportionality.
#GDPR #law #childdata