![Sample our Law journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5942/TOC-Subject-Sample-2021-Law.jpg"})
ABSTRACT
The objective of this article is to shed light on a question that has considerable policy significance for the child as a data subject under the General Data Protection Regulation 2016 (‘Regulation 2016/679’) – how can we better integrate the best interests of the child principle, including the emphasis placed by the United Nations Convention on the Rights of the Child (CRC) on respecting a child's autonomy and development in a datafied environment? This article lays the foundation to an answer in three steps. First, it questions whether the political act of integrating the lifeworlds of children into digital infrastructures of the personal data economy and structuring of responsibilities to be owed by data controllers through data protection rules and principles is truly empowering. Second, it uses the dialectical relationship between critical infrastructures in the datafied environment and data protection rules to explain the ramifications of the analytical shift from children's rights to information rights, for conceptions and understandings of autonomy, agency and best interests. Third, CRC provisions will be used to expose the incompatibility of the ontological turn initiated by data protection rules and platform infrastructures with received understandings of the best interests of the child principle. The article concludes with an account of how the present gulf that exists in the understanding of the role of CRC and their application in data protection policymaking in a datafied environment could be bridged.
Disclosure statement
No potential conflict of interest was reported by the author.
Notes
1 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
2 It should be noted that Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the Data Protection Directive), implemented by Data Protection Act 1998, applies to all natural persons but does not have any specific provisions that deal with children and their specific interests.
3 It was envisaged that data controllers would respect their information rights: see Article 29 Data Protection Working Party, Working Document 1/2008 on the protection of children's personal data (General guidelines and the special case of schools) (WP 147), Opinion 5/2009 on online social networking (WP 163) pp 11–13, Opinion 3/2007 (Visa and biometrics) pp 6–8, Opinion 5/2005 Opinion on the use of location data with a view to providing value added services (WP 115) pp 8–9, Opinion 3/2003 European code of conduct of FEDMA for the use of personal data in direct marketing (WP 77) p 5.
4 Article 29 Data Protection Working Party, Opinion 4/2007 on the concept of personal data, 20 June 2007 (WP 136).
5 The lawful basis and specific purposes must be established before processing commences. Article 29 Data Protection Working Party, Guidelines on Consent under Regulation 2016/679, 28 November Citation2017, 17/EN (WP 259), p. 22–23.
6 See Article 29 Data Protection Working Party, Guidelines on Consent under Regulation 2016/679, 28 November 2017, 17/EN (WP 259), pp. 23–26. For example Regulation 2016/679 Recital 38 states, ‘Such specific protection should, in particular, apply to the use of personal data of children for the purposes of marketing or creating personality or user profiles and the collection of personal data with regard to children when using services offered directly to a child’.
7 Regulation 2016/679 Article 7(3). See Article 29 Data Protection Working Party Opinion 15/2011 on the definition of consent (WP 187), pp. 9, 13, 20, 27 and 32–33, and Opinion 5/2005 on the use of location data with a view to providing value-added services (WP 115), p. 7.
8 [1986] AC 112(HL).
9 [2005] 2 AC 246 (HL).
10 The four foundational rights are: the right to development, the right to non-discrimination, the best interests of the child principle and the right to be heard and to participation.
11 Regulation 2016/679 Article 35(2)(7)-(9)).
12 Re S [1992] FLR 313, at p. 321.