Back to EUR-Lex homepage

EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search
You are here

Document 52012XX1106(05)

Executive summary of the Opinion of the European Data Protection Supervisor on the Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions — ‘European Strategy for a Better Internet for Children’

OJ C 336, 6.11.2012, p. 15–17 (BG, ES, CS, DA, DE, ET, EL, EN, FR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

6.11.2012   

EN

Official Journal of the European Union

C 336/15

Executive summary of the Opinion of the European Data Protection Supervisor on the Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions — ‘European Strategy for a Better Internet for Children’

(The full text of this Opinion can be found in English, French and German on the EDPS website: http://www.edps.europa.eu)

2012/C 336/08

I.   Introduction

I.1.   Consultation of the EDPS

1.

On 2 May 2012, the Commission published its Communication on a ‘European Strategy for a Better Internet for Children’ (1) (hereafter ‘the Communication’).

2.

Before the adoption of this Communication, the EDPS was given the opportunity to provide informal comments. The EDPS welcomes that some of his informal comments have been taken into account in the Communication. In view of the importance of the subject, the EDPS would still like to submit this Opinion at his own initiative.

I.2.   Objectives and background of the Communication

3.

The objective of the Communication is to develop a strategy to enhance the protection of children online. The Communication is placed in the context of the EU Agenda for the Rights of the Child (2), the Digital Agenda for Europe (3), and the Council conclusions on the protection of children in the digital world (4).

4.

The Communication is centred on four main pillars:

1.

stimulating quality content online for young people;

2.

stepping up awareness and empowerment;

3.

creating a safe environment for children online; and

4.

fighting against sexual abuse and sexual exploitation of children.

5.

The Communication outlines a number of actions to be taken by industry, the Member States and the Commission, respectively. It covers issues such as parental controls, privacy settings, age ratings, reporting tools, hotlines, and cooperation between industry, hotlines and law enforcement bodies.

I.3.   Objectives and scope of the EDPS Opinion

6.

The EDPS fully supports initiatives aimed at strengthening the protection of children on the Internet and at improving the means to fight against abuse of children online (5). In two previous Opinions, the EDPS has underlined the importance of the protection and safety of children online in a data protection perspective (6). He welcomes that this has been recognised in the Communication.

7.

The growing use of the digital environment by children and the constant evolution of that environment pose new data protection and privacy risks, which are exposed in point 1.2.3 of the Communication. Such risks include, amongst others, misuse of their personal data, the unwanted dissemination of their personal profile on social networking sites, their growing use of geo-location services, their being increasingly directly subject to advertising campaigns and to serious crimes such as child abuse. These are particular risks that must be addressed in a manner appropriate to the specificity and vulnerability of the category of individuals at risk.

8.

The EDPS welcomes that the actions envisaged in the Communication should respect the current data protection framework (including Directive 95/46/EC and Directive 2002/58/EC (7) on e-privacy), the e-Commerce Directive 2000/31/EC (8) and the Charter of Fundamental Rights of the EU, and that it also takes into account the proposed new data protection framework (9). The EDPS stresses that all measures to be deployed further to the Communication should be consistent with this framework.

9.

This Opinion highlights the specific data protection issues that are raised by the measures foreseen in the Communication, which must be properly addressed by all the relevant addressees of the Communication, i.e. the Commission, the Member States and industry, where applicable. In particular, Chapter II underlines the specific means which can help enhance the protection and safety of children online from a data protection perspective. In Chapter III, the Opinion highlights some data protection issues that need to be addressed for the implementation of measures aimed at fighting against sexual abuse and sexual exploitation of children on the Internet, in particular concerning the use of reporting tools and the cooperation between industry, law enforcement and hotlines.

IV.   Conclusion

49.

The EDPS supports the Communication's initiatives to make the Internet safer for children, and in the fight against sexual abuse and sexual exploitation of children. In particular, he welcomes the recognition of data protection as a key element for ensuring the protection of children on the Internet and for empowering them to enjoy its benefits in safety.

50.

The EDPS underlines that data protection requirements should be appropriately considered by industry, Member States and the Commission when implementing initiatives aimed at enhancing children's safety online, in particular:

Member States should ensure that they include references in their education campaigns and materials to data protection risks as well as information about how children and parents can prevent them. Synergies between data protection authorities, Member States and industry should also be developed in order to foster awareness among children and parents about online safety.

Industry should ensure that it processes personal data of children in accordance with the law, and that it obtains parental consent where necessary. It should implement default privacy settings for children which provide for more protective mechanisms than those that should be embedded by default for all users. It should also implement appropriate warning mechanisms to alert children who want to change their default privacy settings and to ensure that such a change is validated by parental consent where required. It should work on deploying appropriate tools for age verification which are not intrusive from a data protection perspective.

In relation to information to children, industry should explore how to develop a taxonomy to provide information to children in a simple manner and to inform them about the potential risks of a change of their default settings.

In respect of advertising to children, the EDPS recalls that there should be no direct marketing aimed specifically at young minors and that children should not be the subject of behavioural advertising. The EDPS considers that the Commission should provide stronger encouragement to industry to develop privacy friendly self-regulatory measures at the EU level, promoting good practices with respect to online advertising to children, which should be based on full compliance with data protection legislation. He also encourages the Commission to look into the possibility to further legislate at EU level to ensure the appropriate consideration of children's rights to privacy and data protection in the context of advertising.

51.

The initiatives highlighted in the Communication in respect of fighting against sexual abuse and sexual exploitation of children raise a number of data protection issues, which must be carefully considered by all stakeholders in their respective field of action:

Because of their sensitivity from a data protection perspective, the deployment of reporting tools should rely upon an appropriate legal basis. The EDPS recommends that the deployment of the EU-wide reporting tool for children foreseen in Section 2.2.3 is clearly laid down in the law. He furthermore advises that is clearly defined what constitutes ‘harmful conduct and content’ which may be reported through the future EU-wide reporting tool for children.

The EDPS encourages the development by industry of standard minimum reporting templates, which should be designed in a way to minimise the processing of personal data to only those that are strictly necessary.

The procedures for reporting through hotlines could be better defined. A European Code of Practice including common reporting procedures and data protection safeguards, also in respect of the international exchanges of personal data, would improve data protection in this area.

In order to ensure the development of reporting tools which ensure a high level of data protection, data protection authorities should be engaged in a constructive dialogue with industry and other stakeholders.

Cooperation between industry and law enforcement as regards notice and take down procedures concerning child abuse material released on the Internet must only occur pursuant to an appropriate legal base. The modalities for such cooperation need to be more clearly defined. This is also the case concerning the cooperation between industry and a future European Cybercrime Centre.

The EDPS considers that a right balance has to be found between the legitimate objective to fight against illegal content and the appropriate nature of the means used. He recalls that any action of surveillance of telecommunications networks, where necessary in specific cases, should be the task of law enforcement.

Done at Brussels, 17 July 2012.

Giovanni BUTTARELLI

Assistant European Data Protection Supervisor

(1)  COM(2012) 196 final.

(2)  EU Agenda for the Rights of the Child, COM(2011) 60 final.

(3)  Digital Agenda for Europe, COM(2010) 245 final.

(4)  Council conclusions on the protection of children in the digital world, 3128th Education, Youth, Culture and Sport Council meeting, Brussels, 28 and 29 November 2011.

(5)  There are also a number of initiatives at international level, such as the Council of Europe Strategy for the Rights of the Child (2012-2015), COM(2011) 171 final, 15 February 2012.

(6)  See EDPS Opinion on the proposal for a decision of the European Parliament and of the Council establishing a multiannual Community programme on protecting children using the Internet and other communication technologies, published in OJ C 2, 7.1.2009, p. 2, and EDPS Opinion on the proposal for a directive on combating sexual abuse, sexual exploitation of children and child pornography, repealing framework Decision 2004/68/JHA, published in OJ C 323, 30.11.2010, p. 6.

(7)  Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector, OJ L 201, 31.7.2002, p. 37.

(8)  Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market, OJ L 178, 17.7.2000, p. 1.

(9)  Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), COM(2012) 11 final.

Top