Abstract

Once upon a time, they managed to bring Neverland into the bedrooms; they were seen as the heroes of a new era. However, as heroes always tend to walk a fine line between good and evil, it does not come as a surprise that a decade later the perception has dramatically changed; the fairy tale turned into a nightmare. Are Internet Service Providers (ISPs) no more than data-guzzling monsters that need to be tamed? In November, the European Commission published a “Comprehensive approach on personal data protection in the European Union” which seems to nod approval. The approach seeks to strengthen the individual’s rights regarding the use of data by ISPs. The Commission notes that children deserve specific protection in this context due to the fact that their awareness of risks and consequences is usually underdeveloped. Both a general principle of transparent processing and specific obligations for data controllers regarding the type of information to be provided and the modalities for providing it had to be taken into account. Not only legal but also self-regulatory initiatives should contribute to a better enforcement of data protection rules. This approach is both applauded and heavily criticized by the European Data Protection Supervisor. In particular, he argues that children’s particular interests have not been sufficiently addressed presenting a long list of suggestions for improvement including specific provisions against behavioral advertising, the exclusion of some data categories, an age threshold or special requirements on the issue of informed consent and a reinforcement of data controllers’ accountability. Is there really a need for a new magic formula? This paper reviews the current options for addressing the challenges of the use of personal data of minors by ISPs