Awareness raising on children’s privacy protection
Awareness raising on children’s privacy protection

Handbook

CONTENT

1. PROTECTION OF PERSONAL DATA. (Dijana Šinkūnienė)
1.1. Vocabulary of Personal Data Protection Terms
1.2. Legal Regulation
1.2.1. Requirements for Personal Data Processing
1.2.2. Criteria for Lawful Processing of Personal Data
1.2.3. Rights of Data Subject and Their Realisation
1.2.4. Other Requirements Obligatory for Data Controller
1.2.5. Order of Protection of Data Subject Rights
2. INFORMACION FOR PARENTS (Milda Mačėnaitė)
2.1. Child Privacy and Parents' Role
2.1.1. Child's Right to Privacy and Personal Data Protection
2.1.2. Representing the Child.
2.1.3. Realisation of Child's (Data Subjet's) Rights
2.1.4. Consent for Personal Data Processing
2.1.4.1. Juvenile's Consent
2.1.4.2. Conflict of Interests
2.2. Child Education and Protection
2.2.1. Online Threats
2.2.2. Getting to Know the Virtual World
2.2.3. Promotion of Safe Online Behaviour
2.2.4. Agreement on Online Rules
2.2.5. Introduction Technical Control Measures
2.2.5.1. Filtration of Online Content
2.2.5.1.1. Filters of Operating Systems
2.2.5.1.2. Content Filtration Browser
2.2.5.2. Parental Control Software
3. INFORMATION FOR PARENTS (Daiva Paulikienė)
3.1. Mark Publication and Electronic Registers
3.1.1. Publication of Marks
3.1.2. Electronic Registers
3.1.2.1. Additional Functions of Electronic Registers
3.1.2.2. Safety of User Name and Password
3.1.2.3. Agreement with Electronic Register Service Provider
3.2. Publication of Personal Data on School Web Site
3.3. Schoolchildren's Video/Audio Recordings, Pictures and Their Publication on School Web Sites
3.3.1. Is a Picture, Video and Audio Recording a Part of Personal Data?
3.3.2. Requirements for Publication of Schoolchild's Picture
3.3.2.1. Character of the Picture
3.3.2.2. Cases of Picture Publication
3.3.2.3. Recommended Form of Consent
3.3.2.4. School Order for Taking Pictures and Their Processing
3.3.2.5. A Few Suggestions for Safer Online Publication of Pictures
3.3.3. Requirements for Parents for Taking and Publication of Children‘s Pictures
3.4. Processing of Special Categories of Personal Data
3.5. Other Problems of Personal Data Protection at Schools
3.5.1. Video Surveillance
3.5.2. Webcams
3.5.3. Mobile Phones with Video Cameras
3.5.4. Schoolchildren's Education on Privacy
3.5.6. Data Safety
4. INFORMATION FOR SERVICE PROVIDERS (Indrė Skersytė)
4.1. Realisation of Requirements for Personal Data Processing
4.2. Consent of the Data Subject - Legal Basis for Personal Data Processing
4.2.1. Features of the Consent
4.2.2. Is the Parent's Consent Necessary?
4.3. Data Safety
4.4. Privacy Policy
4.5. Use of Personal Data for Direct Marketing
4.6. Liability for Infringements

Book Summary

Dijana Šinkūnienė

The chapter "Protection of Personal Data" presents a short vocabulary of main personal data protection terms such as "personal data", "special categories of personal data", "subject of the data", "data processor", "data controller", etc.; the meanings of those terms are explained and examples submitted. It also discusses the main provisions of legal regulation (requirements of personal data management, criteria for personal data lawful processing, etc.), which should be known and applied by school and online service providers, who process schoolchildren's personal data. The criteria for lawful processing of personal data, special categories of personal data and personal identification numbers are presented separately with respect to school and online service providers' business specifics, and to when and how they should be applied in the process of processing schoolchildren's personal data. The chapter also includes a definition of the data subject's rights and some peculiarities of the implementation of those rights, when the data subject is a child; besides, it includes obligations of school and online service providers, as data managers, in exercising those rights. There is a short overview of other requirements, which are to be implemented while processing personal data. Competence of the institutions that protect, in many aspects, the child's right to privacy and protection of personal data is being analysed, as well as the order of addressing these institutions and the features of their decisions.

Milda Mačėnaitė

The chapter "Information for Parents" has a goal of helping parents to have a better understanding of their role in implementing the child's right to privacy and personal data protection, as well as of providing advice on how to educate children and protect them from online threats.
The first part of the chapter offers information on the parents' rights in representing their child before he/she becomes a capable person: the right to respect the legal interests of the child; listen to his/her opinion; let the child participate in decision-making; not to abuse the parental power, and implement the rights of the child as the data subject. Besides, the chapter defines the cases when the parents' consent for the processing of the child's personal data is obligatory (e. g. when special categories of the child data are being collected, when the picture data of the child and his/her photo are being used in mass media, etc.), and at what age and in what situations the child is capable of deciding for himself/herself about processing of his/her personal data.
The second part gives information to parents about possible threats to the child's online privacy, such as identity theft, electronic fraud, threatening, bullying, unlawful use of pictures, undesirable messages, computer damage, and also about educational and technical measures, which may help avoid those threats.

Daiva Paulikienė

The chapter "Information for Teachers" presents information for teachers, school administration, and other persons who participate in the process of child education, on how to assure the children's/schoolchildren's right to immunity of their private life while managing their personal data at school, what actions the school shall take in order to manage legally the personal data in its daily life so that the management is in line with the requirements of the Law on Legal Protection of Personal Data.
The chapter informs about schoolchildren's personal data processing in the process of video surveillance, publication of the children's video, audio recordings, pictures and other personal data on websites. It presents a discussion on schoolchildren's personal data processing in electronic registers, and on the requirements for concluding an agreement with an electronic register service provider. It also offers recommendations for processing of special categories of personal data (e. g., health-related data), implementation of the data safety requirements, form of consent for a schoolchild's photo/video being taken and for his/her picture being published online; besides, it explains the way to follow the obligations of the school as the data controller (registration, prior checking), and the ways of solving other problems of personal data protection at school.

Indrė Skersytė

The chapter "Information for Service Providers" includes advice on how those service providers, who collect the children's personal data, store it or process it in any way, or intend to do so in the future (controllers of the social networks, chat, dating, and gaming sites, etc.), i. e. the controllers of the data, should implement the requirements of the legal acts regulating lawful protection of personal data.
The requirements for processing of personal data may differ depending on what kind of services are provided, what type of personal data is being processed and what its purpose is. The chapter discusses what service providers should pay their attention to before making decision about the purpose and means of the children's personal data processing, about the scope of personal data to be processed, about its storage time, and data safety. The chapter also provides information on what should be indicated in the privacy policy of service providers, which is meant for the children, and what is the way of doing it.
With respect to the fact that consent of the data subject is one of the most frequent criteria of personal data lawful processing for service providers, special attention is paid to the subject. The chapter explains what features the consent should correspond to; how old the child should be in order to be able to give his/her consent, and when such consent is sufficient, or when their parent's consent is necessary.
Personal data processing for the purpose of direct marketing, without violating the requirements of legal acts, presents a number of problems for the data controllers in practical terms; this is the reason why the requirements for this type of data processing are discussed in greater detail.
The chapter also refers briefly to the liability of the service providers, as data controllers, for infringements.