Abstract

Given the increased presence of children in the digital environment there is a growing need to protect their data effectively. The GDPR provisions were intended to strengthen the guarantee of respect for the informational autonomy of children by those using their information. However, despite the lapse of 3 years from the date of application of the Regulation, many controllers still fail to understand how they should fulfil their obligations in the context of processing children’s data. Given the planned adoption of the Guidelines on children’s data by the EDPB, the need arises to review Opinion 2/2009 on the protection of children’s personal data (General Guidelines and the special case of schools) issued by the Article 29 Working Party as regards their topicality in the times of dynamic development of personalized services and products. The article aims to assess the need for the EROD to take a new approach to protect children’s data, different from the WP29 position.