PROTECTION OF CHILDREN'S PERSONAL DATA. A CRITICAL OVERVIEW FOLLOWING THE ENTRY INTO FORCE OF THE EUROPEAN UNION REGULATION ON PERSONAL DATA PROTECTION

This article examines the rules introduced by Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation, GDPR) for the purpose of protecting children's personal data. The Preamble of the GDPR refers to children as vulnerable beings requiring specific protection in the field of personal data protection, and states that the GDPR is mainly aimed at providing a strong system of data protection based on fundamental rights for all individuals. Moreover, the GDPR's provisions deal with consent to the processing of children's personal data (Art. 8) and to the requirement of special clarity that is imposed on data processors and controllers when they interact with children (Art. 12). However, the fact that just two of these provisions (out of a total of ninety-nine) refer to children is evidence that the regime provided under Regulation (EU) 2016/679 is essentially 'age blind'. The study of these references and provisions is aimed at assessing whether the protection provided by the GDPR for the benefit of children can actually be considered a "strong protection for children", as the same Preamble proclaims. Considering the aforementioned, this article intends to highlight possible weaknesses of the GDPR in the area of study.