| Tähelepanu! Tegemist on välisvõrgust saabunud kirjaga.
Tundmatu saatja korral palume linke ja faile mitte avada. |
Dear Estonian Data Protection Inspectorate:
I am the Chief Operating Officer for a software company in the USA called Warning Technologies, Inc. Warning Technologies is developing an online cloud-based warning and messaging platform for educational institutions and students.
Confidential warnings could be about bullying, adult abuse, drug or alcohol abuse, depression, threats of violence, threats of suicide, etc.
The system is designed to automatically route confidential warning messages from the community around a school (students, parents, etc.) to the person designated by the educational institution to assess and coordinate any necessary
response to each type of warning. The warnings can be sent via the portal on our website or by using our smart phone app. The system is school- or school district-specific and highly configurable. In some areas we will be able to offer the option of connecting
real-time to first responders such as the Police, Fire Department, and Emergency Medical Services.
Our platform is secure, highly configurable, and we are designing it to support all applicable privacy rules and laws in various countries. The system also includes provisions to minimize or eliminate false alarms and the use
of the system itself as a bullying tool, something that has been a serious problem with other less-sophisticated “tips” systems. For that reason we do not allow anonymous warnings. Our system allows authorized administrators to backtrack to a specific sender
in cases of abuse of the system or attempts to use it as a bullying tool.
As the amount of data for a school, a school district, or a geographic region grows, predictive AI will help identify trends, allowing informed proactive and preventative responses by the school or district rather than reactive
responses driven by real-time crisis.
Registering to use our system will require the user’s name, e-mail address, and a mobile telephone number. The European Union General Data Protections Regulations (GDPR) requires that any information collected from a child under
the age of 16 must be with verified parental consent. However, the GDPR also states that individual EU members may choose a different age of consent. Therefore, I am writing to you to understand several aspects of these requirements within your country:
-
What is the age of consent in your country for a software system to collect a child’s name, e-mail and telephone without parental consent?
-
What is considered to be Verified Parental Consent in your country? What form does that take? We are well aware that some countries have gone nearly completely digital, but please keep in mind that as an American software company we do not typically have access
to any national online systems that your country uses. If this is a requirement, please tell me how we can make an application to interface with and participate in that system. Conversely, can we verify parental consent by storing a digital copy of the parent’s
driver’s license, passport, or some other typical document a parent in your country might possess?
-
Do you have a web site, pdf document, or other means of describing the child privacy laws in your country that we can use as a guide to assure that our system meets or exceeds your privacy standards?
Thank you for your time and consideration.
Respectfully yours,
---------------------------------------------
Tom Nash
Chief Operating Officer
Warning Technologies, LLC
+1 (415) 767-8824 mobile