Résumé: Dans ce post, Ricard Martínez expose les défis générés par Internet dans le cadre de la protection du droit des mineurs à l’oubli. Il y décrit le risque que provoquent les nombreuses publications de photos et de vidéos exposant des mineurs. Il conclut que la politique préventive de préservation des droits des mineurs et de leur données devrait être renforcée.

What is the identity of a person or his biography? What is the digital identity of a child? Are adults unconsciously creating a digital identity for the children or teenagers? Will they pay the consequences of our acts on the Internet throughout their life? The Internet never forgets. Everything that is shared will be there forever. And this fact is emphasised by the awareness campaigns of the data protection authorities.

We cannot face the difficulties posed by minors’ right to be forgotten without taking into account a set of facts. First, EU Kids Online and other researching groups show that the age of first internet connection is lower each year.But minors are not treated in the same way in all countries.In the Scandinavian countries there seems to be a greater impetus for training and greater parental commitment.This scenario allows minors to be advanced Internet users.In southern countries, the lack of advanced culture regarding the Internet makes public policies focus on ​​risks.

Education should provide greater control of information regarding children and minimise the impact of the Internet on their biography. Consequently, millions of children would live the transition to adulthood using the Internet without being aware of how their behaviour can impact on their digital identity. But this is not only a problem for them. The parents’ attitudes could be decisive. In recent years, a consistent behaviour regarding the oversharing of minors’ information on the Internet has been detected.In most cases, the first picture of a minor that is shared in a social network is usually his or her first ultrasound.In the first years of life, due to the natural eagerness of paternity, the network is flooded with hundreds of photographs of children.This behaviour occurs throughout the entire childhood.Thus, thousands of photographs are disseminated over social networks, without considering the risks.It would be excessive to consider that we are dealing with a seriously reprehensible behaviour.But this proliferation of images and comments about a minor represents the germ of possible subsequent violations of their rights.

Schools too publish data, images and videos of minors throughout the network.For a perceptive observer, the advertising value of the images of happy children in classrooms is obvious.And schools publish thousands of photographs and videos with their students.On many occasions, however, they do it in good faith.Although this represents a debatable exercise of freedom of speech, some schools want to show the community of their pupils “at work”.Nevertheless, when there is competition between public and private schools, we may witness an unconscious and impudent exposition of minors’ privacy.We want to offer the public opinion a kind image that makes schools attractive with the objective of increasing the number of enrolments each year.An unpleasant and pathological manifestation of this phenomenon recently took place in Spain.Many schools opened the door to an alleged paedophile for the sole purpose of receiving a good critique in his specialised blog about schools.

Furthermore, there is the interest of the Internet companies themselves in having children and youth audience. This is perfectly legitimate but it necessarily involves a commitment of the organisation that should guarantee the rights of minors. In this area, the European General Data Protection Regulation (GDPR) has paid close attention to the right to be forgotten and to the processing minors’ data. The GDPR stresses the importance of protecting the digital identity of boys and girls. However, the EU legislator is less demanding than US Law (see the Children ‘s Online Privacy Protection Act of 1998). In fact, Member States’ laws, such as the Spanish Regulation, is more complete than the GDPR. As regards the GDPR, it states that Member States may provide by law for a lower age than 16 to give consent to controllers. The proceedings to verify the children and parental consent will take into consideration the “available technology”. The current Spanish Regulation is much more ambitious and precise.There is no coherence between the poor outcome of the GDPR and the Commission’s statements on the importance of protecting children and the right to be forgotten.

The guarantee of the respect of minors’ digital identity, as well as their right to be forgotten must necessarily be based on preventive policies. Indeed, we do not need to forget the stories that never happened. Therefore, investment in education should be an essential objective in all the States of the Union.Said education should not focus solely on the discourse of fear or the identification of risks.The promotional campaigns of authorities regarding data protection and the Law Enforcement Bodies are not enough.A systematic design of the academic curriculum is necessary.This effort must permeate all levels of education from the early years to the University.Additionally, it is necessary to complement it with education for parents and educators themselves.

From a legal perspective, a more precise regulatory framework is indispensable.The principles of data protection by design and by default, as well as accountability require a strict interpretation of the guarantee of minors’ rights of on the Internet. We have lost the opportunity to consider the development of data protection impact analysis in case of large-scale processing of minors data. It is also essential to underline the importance of behavioural or profiling processing when it affects minors.We certainly have a long way to go, but we believe that this matter will receive more attention in the future.

Ricard Martínez is Director of the Privacy & Digital Transformation Microsoft-University of Valencia Institutional Chair. Member of MINECO Research Project “El impacto del nuevo Reglamento Europeo de Protección de Datos: análisis nacional y comparado”. Project number DER2015-63635-R.