General comment No. 25 - Chapter VI: Civil rights and freedoms E 2 - F and Chapter VII: Violence against Children Part 1
Children’s personal data should be accessible only to the authorities, organizations and individuals designated under the law to process them in compliance with such due process guarantees as regular audits and accountability measures. Children’s data gathered for defined purposes, in any setting, including digitized criminal records, should be protected and exclusive to those purposes and should not be retained unlawfully or unnecessarily or used for other purposes. Where information is provided in one setting and could legitimately benefit the child through its use in another setting, for example, in the context of schooling and tertiary education, the use of such data should be transparent, accountable and subject to the consent of the child, parent or caregiver, as appropriate.
Privacy and data protection legislation and measures should not arbitrarily limit children’s other rights, such as their right to freedom of expression or protection. States parties should ensure that data protection legislation respects children’s privacy and personal data in relation to the digital environment. Through continual technological innovation, the scope of the digital environment is expanding to include ever more services and products, such as clothes and toys. As settings where children spend time become “connected”, through the use of embedded sensors connected to automated systems, States parties should ensure that the products and services that contribute to such environments are subject to robust data protection and other privacy regulations and standards. That includes public settings, such as streets, schools, libraries, sports and entertainment venues and business premises, including shops and cinemas, and the home.
Any digital surveillance of children, together with any associated automated processing of personal data, should respect the child’s right to privacy and should not be conducted routinely, indiscriminately or without the child’s knowledge or, in the case of very young children, that of their parent or caregiver; nor should it take place without the right to object to such surveillance, in commercial settings and educational and care settings, and consideration should always be given to the least privacy-intrusive means available to fulfil the desired purpose.
The digital environment presents particular problems for parents and caregivers in respecting children’s right to privacy. Technologies that monitor online activities for safety purposes, such as tracking devices and services, if not implemented carefully, may prevent a child from accessing a helpline or searching for sensitive information. States parties should advise children, parents and caregivers and the public on the importance of the child’s right to privacy and on how their own practices may threaten that right. They should also be advised about the practices through which they can respect and protect children’s privacy in relation to the digital environment, while keeping them safe. Parents’ and caregivers’ monitoring of a child’s digital activity should be proportionate and in accordance with the child’s evolving capacities.
Many children use online avatars or pseudonyms that protect their identity, and such practices can be important in protecting children’s privacy. States parties should require an approach integrating safety-by-design and privacy-by-design to anonymity, while ensuring that anonymous practices are not routinely used to hide harmful or illegal behaviour, such as cyberaggression, hate speech or sexual exploitation and abuse. Protecting a child’s privacy in the digital environment may be vital in circumstances where parents or caregivers themselves pose a threat to the child’s safety or where they are in conflict over the child’s care. Such cases may require further intervention, as well as family counselling or other services, to safeguard the child’s right to privacy.
Providers of preventive or counselling services to children in the digital environment should be exempt from any requirement for a child user to obtain parental consent in order to access such services. Such services should be held to high standards of privacy and child protection.
States parties should promote the use of digital identification systems that enable all newborn children to have their birth registered and officially recognized by the national authorities, in order to facilitate access to services, including health, education and welfare. Lack of birth registration facilitates the violation of children’s rights under the Convention and the Optional Protocols thereto. States parties should use up-to-date technology, including mobile registration units, to ensure access to birth registration, especially for children in remote areas, refugee and migrant children, children at risk and those in marginalized situations, and include children born prior to the introduction of digital identification systems. For such systems to benefit children, they should conduct awareness-raising campaigns, establish monitoring mechanisms, promote community engagement and ensure effective coordination between different actors, including civil status officers, judges, notaries, health officials and child protection agency personnel. They should also ensure that a robust privacy and data protection framework is in place.
The digital environment may open up new ways to perpetrate violence against children, by facilitating situations in which children experience violence and/or may be influenced to do harm to themselves or others. Crises, such as pandemics, may lead to an increased risk of harm online, given that children spend more time on virtual platforms in those circumstances.
F. Birth registration and right to identity
VII. Violence against children
Table of content with link to the whole document as an accessible pdf-file