Agency presents its Global Strategy on Children, Digital Health and Privacy

  • The Spanish Data Protection Agency has presented its priority lines of action to promote effective protection of children and adolescents on the internet.
  • Cooperation with national and international bodies responsible for this matter is very prominently included in the Strategy.
  • It contains 10 priority actions and 35 measures grouped under three axes: regulatory collaboration, strengthening the rights of children and adolescents and the exercise of investigative and sanctioning powers
  • It also includes two major blocks focusing on education, and digital health and well-being.
Estrategia de menores, privacidad y salud digital

(29 January 2024). Today, the Spanish Data Protection Agency (AEPD) presented its Global Strategy on Children, Digital Health and Privacy, a document setting out its priority lines of action to promote the effective protection of children and adolescents when using the Internet and its services. 

The actions carried out by the Agency in recent years, in cooperation with more and more public and private actors, have highlighted the multidisciplinary challenge of protecting minors in a technology-driven world. The Agency’s Strategy on Minor Digital Health and Privacy contains a total of 10 priority actions and 35 actions grouped into three main strands: regulatory collaboration for the comprehensive protection of minors on the internet, strengthening their rights at national and international level, and the exercise of investigative and punitive powers against illegal practices harmful to children and adolescents. 

On the first axis, the Agency, which already supports the proposal for a State Pact promoted by civil society organisations for the protection of children and adolescents on the Internet, will promote the adoption of complementary provisions and implementing the Law on the Comprehensive Protection of Children and adolescence by coordinating the Working Group on ‘Digital Health and Privacy’; participate in the development of Guidelines on Children in the framework of the European Data Protection Board and promote the regulation of neurodata processing and related neurorights, especially in the area of child services.

With regard to strengthening the rights of children and young people, the Agency will encourage the production of apps that make it possible to put in place effective age verification systems to protect minors from access to inappropriate content in line with the data protection principles already published on this subject and in cooperation with the National Commission on Markets and Competition (CNMC), the National Mint of Currency and Timber (FNMT), the Ministry of Digital Transformation and the Ministry of the Interior. It will also promote the uptake of these principles in the EU framework to serve as a reference for the development of age verification systems at European level. 

To help families, the Agency will work with the National Cybersecurity Institute (INCIBE) for the analysis of parental control tools and with the National Institute for Educational and Teacher Training Technologies (INTEF) and INCIBE to provide families with digital training, resources and materials through training modules.  

In addition, the Agency will inspect educational and learning platforms and digital tools used in schools to ensure compliance with data protection rules, while working with education and health administrations to encourage the conduct of impact assessments on privacy and digital health according to the age of children.

As regards investigative and sanctioning powers, the Agency shall prioritise its exercise in relation to webpages of content for adults, in particular pornography, with regard to age verification for access. The AEPD has already sanctioned various adult content websites, launching actions to analyse the functioning of so-called trusted third parties in the field of age verification, and cooperates with other data protection authorities when companies are not established in Spain. In parallel, it will carry out an analysis of the algorithms and addictive patterns that aim to influence user behaviour and decisions, in particular in relation to data and profiling of minors. 

The Agency’s Global Strategy also envisages two major clusters of cooperation focusing on education, and digital health and well-being. 

At the educational level, minors and their parents are often unaware of the wide exchange of personal information in the use of digital services, which makes it necessary to raise awareness of how to protect personal data in order to avoid harm and harm, many of them difficult to repair, such as the publication and dissemination of sensitive content. To this end, the education authorities, the Public Prosecutor’s Office, the Ministry of the Interior and NGOs will work together. 

In the section on digital health and well-being, it will support health administrations and scientific societies in initiatives to address the impact of inappropriate use of the internet on health (physical, mental, psychosocial, sexual) and neurological development of minors, while continuing to support the Spanish Paediatry Association in disseminating the Digital Family Plan to families and health professionals, and support their adaptation to the school environment so that schools can have a protocol.