| Dokumendiregister | Andmekaitse Inspektsioon |
| Viit | 3.2.-7/24/2548-2 |
| Registreeritud | 01.11.2024 |
| Sünkroonitud | 04.11.2024 |
| Liik | Väljaminev kiri |
| Funktsioon | 3.2 Rahvusvaheline suhtlemine |
| Sari | 3.2.-7 Rahvusvahelise suhtlusega seonduv kirjavahetus |
| Toimik | 3.2.-7/2024 |
| Juurdepääsupiirang | Avalik |
| Juurdepääsupiirang | |
| Adressaat | Ghent University |
| Saabumis/saatmisviis | Ghent University |
| Vastutaja | Liina Kroonberg (Andmekaitse Inspektsioon, Koostöö valdkond, Koolitus- ja ennetustiim) |
| Originaal | Ava uues aknas |
ERAELU KAITSE JA RIIGI LÄBIPAISTVUSE EEST
Tatari tn 39 / 10134 Tallinn / 627 4135 / [email protected] / www.aki.ee / registrikood 70004235
Ingrida Milkaite
Ghent University
Yours: 07.10.2024 nr Ours: 01.11.2024 nr 3.2.-7/24/2548- 2
Answer to request Estonian Data Protection Authority received your request where you write: I am writing on behalf of Dr. Milda Mačėnaitė and myself in the context of a research paper we are currently writing together about children’s (privacy and data protection) rights in the digital environment, with a particular focus on Central and Eastern European states practices. Specifically, we would like to inquire about any past or ongoing cases and investigations your office may have conducted concerning the protection of children’s data and / or privacy in different contexts under the GDPR and national data protection laws. These may be cases or investigations related to, for example, the protection of children and their personal dataon social media and gaming platforms; in the context of healthcare; restrictions or bans on online services for children; data management practices in schools or other educational institutions; investigations involving hobby services or sports clubs handling children’s personal data, and any other areas where children’s data protection has been a focus of your authority’s enforcement attention. Understanding how national authorities have approached these issues would greatly assist our research into practices for safeguarding children’s personal data in CEE countries. We would be very grateful if you could provide us with any information or guide us to the relevant decisions on any such cases or investigations. If possible, we would like to gather the information on the relevant cases and investigations by 25 October 2024 but we would appreciate any help you might provide us with at a later point as well. Thank You for your inquiry.
We would like to explain that Estonian Data Protection Inspectorate supervises, among other acts,
the General Regulation on the Protection of Personal Data (GDPR) and the Personal Data
Protection Act. More information about Estonian DPA is available here: www.aki.ee. So, our scope
is wide, and we can say that cases where children’s data is processed wrongly are not rare.
Unfortunately, Estonian DPA cannot provide such statistics narrowly on the subject. I can say for
sure lots of cases are related to the topics already mentioned - social media, health care, schools
etc. For example, it is not uncommon for people to post children's actions on social media- child
break something in playing ground etc.
We explain that the inspection receives thousands of appeals and complaints every year. Often,
many of these cases contain children’s data related issues. The circle of topics, where the personal
data of minors is dealt with is very broad but limited to what is dealt with by the above-mentioned
laws. Therefore, it does not differ from the point of view of GDPR whether the data of adults or
minors is processed, both are personal data that needs protection. If the processing of personal data
is not for personal purposes, the regulation applies. There must be a legal basis for data processing,
and if there is not, then the data must not be processed. It is true that minors' data must be processed
2 (2)
with extra care and consideration and case handling can include other institutions (child services,
police etc), as this group is particularly vulnerable and often don’t have appropriate parent’s
protection. For sure, one of the priorities of the Data Protection Inspectorate is to protect the most
vulnerable parts of society and to raise awareness of the processing of data related to children.
Estonian DPA cooperation and prevention department consistently works to make people think
more about their actions when processing data (posting, commenting, saving, collecting data etc).
We make podcasts, participate in conferences, opinion festivals, write articles, give schools the
opportunity to conduct school lessons on personal data processing in DPA, visit schools, we write
circular letters on various topics, we publish various opinion articles, we participate in work groups
related to ensure the well-being of children etc.
If there is a case related to children, in such case we will prioritize the case and if needed, have
close cooperation with other law enforcement agencies, like Estonian Police and Border Guard
Board. If the case contains circumstances indicating a crime, these cases are immediately
processed by the police.
I hope my explanations are helpful and if you have any additional questions, please let us know. Best regards
Liina Kroonberg
lawyer
authorized by Director General
| Nimi | K.p. | Δ | Viit | Tüüp | Org | Osapooled |
|---|