Strengthening Children’s Rights to Privacy and Data Protection in the Digital Environment: Walking the Tightrope in the EU

In today’s digital landscape, the widespread processing of children’s personal data is prominent. Among the various contexts where this occurs (such as the home, school or in administrative environments), one notable feature is the ever-increasing interaction between children and artifcial intelligence (AI) technologies. Considering recent technological and legal developments, this contribution focuses on the latest legislative and policy changes in the European Union (EU) which specifcally address children’s rights to privacy and data protection in the digital environment. In the past few years, EU Member States have implemented the EU General Data Protection Regulation (GDPR) into their national legal frameworks, mostly updating their national data protection Acts. One of the novelties introduced by the GDPR relates to the requirement of specifc protection of children’s personal data and the concrete rules associated therewith. Recent developments in three countries, namely the UK, Ireland and the Netherlands, serve as clear examples of national authorities treating the crucial obligation of safeguarding children’s personal data with greater seriousness. Tese states adopted what we will refer to as ‘Children’s Codes’, incorporating the GDPR and providing for more stringent and detailed requirements not only to implement children’s rights to privacy and data protection, but also the United Nations Convention on the Rights of the Child (UNCRC) and its general principles (children’s best interests, rights to non-discrimination and development, and the right to be heard). In addition to the developments concerning the legislative and policy frameworks relevant for children’s rights to privacy and data protection in the EU, this contribution outlines some of the tools and mechanisms provided by the three Children’s Codes. Tis leads to recommendations for amendments and additional measures that could also be adopted by other European authorities, nationally or at EU level (such as by the European Data Protection Board). It focuses particularly on the importance of the specifc protection of children’s personal data, the principles of fairness and transparency, the ways to apply the best interests of the child in practice, and the potential of data protection impact assessments, as well as the precautionary principle, to constitute practical ways of strengthening the protection of children’s privacy and data protection rights in the digital environment