The toothpaste is out of the tube. Once personal data hits the internet, there is no going back. Children today grow up leaving permanent traces with every like, post, and DM, often unaware of how much of themselves they have exposed. To shield children, lawmakers have taken decision-making out of their hands and placed them in the care of adults. The assumption is children lack the understanding to have a say.
However, we often underestimate them. Children’s abilities are constantly evolving, and today’s average ten-year old knows Instagram and TikTok like the palm of their hand. Children nowadays possess the knowledge and more; what they need is guidance so that they can develop the judgment to make informed decisions about data privacy matters.
The foundation of these protections is the principle of transparency. As data subjects and rights holders, children are entitled to information on how their personal data is collected, processed, and used.
Philippine data privacy laws for children
In December 2024, the National Privacy Commission took a leap forward by issuing Advisory No. 2024-03, also known as the Guidelines on Child-Oriented Transparency (the “Guidelines”).
The Guidelines emphasize the vulnerability of children, while also acknowledging their rights as primary data subjects and their increasing ability to understand how their personal data is used. They require children to be informed, through age-appropriate privacy notices, regarding the nature, purpose, and extent of the processing of their personal data, even in cases where the product or service is intended for adults. They also require that children must be notified if their personal information is affected by a data breach.
However, transparency does not necessarily equate to autonomy. While the Guidelines call for data processors to be open towards children, the accountability and responsibility of providing consent still rests on those exercising parental authority.
The Guidelines themselves require data processors to conduct Child Privacy Impact Assessments before launching products or services, and, whenever necessary, secure the involvement of parents or guardians in deciding whether children should participate in a specific processing activity.
Global approaches to parental consent
This crucial role of parents and guardians is reflected in international laws, although the age threshold for parental consent varies across jurisdictions.
In the United States, consent must be obtained before processing data of children under 13. South Korea sets this age at 14, whereas India enforces a stricter rule, requiring verifiable parental consent for individuals younger than 18.
In Europe, countries find guidance in the General Data Protection Regulation (GDPR), which requires parental consent for children below 16. However, the GDPR allows Member States to set a lower age limit by law, provided it is not below 13. In Italy, parental consent is required for processing the personal data of children under 14.
Certain jurisdictions are more progressive in terms of giving children decision-making rights once they reach a certain age. For instance, in Vietnam and Thailand, as young as 7 and 10, respectively, a child must give his or her consent alongside that of his or her parents.
In the Philippines, parental consent is required for children who are below 18 or those over 18 with disabilities. Currently, there is a pending house bill proposing to lower this age to 15.
Empowering the next generation
It is no doubt that today’s children are adept with technology and the internet. However, they have yet to fully grasp the long-term impact of sharing their personal information. The onus, therefore, also falls on data processors, especially social media platforms, to inform them about all matters affecting their data.
In fact, the Guidelines recommend specific strategies in crafting child-specific and age-appropriate privacy notices that consider the readability, comprehension, and granularity of the information while keeping in mind the best interests and evolving capacities of children. In any case, the information must be presented in a manner that is simple and easily understandable for children using videos, infographics, animations, and audio recordings.
The growing digital maturity of children highlights not only their adaptability but also their potential as informed digital citizens. By empowering them through education, transparent policies, and supportive parental guidance, we can shift the narrative—from seeing them as mere vulnerable subjects to recognizing them as active participants in protecting their own personal data.
Ultimately, protecting children’s data privacy implores us to “prepare the child for the road, not the road for the child”. In this age of open information, keeping children safe requires more than shielding them from the digital world. It entails empowering them to thrive within it.
This article was first published by BusinessWorld at bworldonline.com. It is only for general informational and educational purposes and is not offered as and does not constitute legal advice or opinion.
Clarisse Paulina M. Valdecantos-Javelosa is a Senior Associate of the Intellectual Property Department and a member of the Data Privacy and Security Group of the Angara Abello Concepcion Regala & Cruz Law Offices (ACCRALAW).
[email protected]
(632) 8830 8000