The Personal Data Protection Commission (“PDPC“) has issued the Advisory Guidelines on the PDPA for Children’s Personal Data in the Digital Environment (“Children’s Guidelines“), which aim to provide guidance and best practices to the industry on:
(a) How valid consent may be obtained from children (defined as individuals who are below 18 years of age);
(b) According higher protection standards to children’s personal data as sensitive data; and
(c) How children’s data/profiles may be used.
The Children’s Guidelines apply to organisations whose online products or services are likely to be accessed by children, such as social media services, technology-aided learning, online games, and smart toys or devices.
The Guidelines provide clarification on the following data protection obligations under the Personal Data Protection Act 2012 (“PDPA“) in the context of children’s personal data:
(a) Notification. Organisations should consider the nature of their content and adopt age-appropriate language and media.
(b) Consent. A child between 13 and 17 years of age may give valid consent, when the policies on the collection, use and disclosure of personal data are readily understandable by them. However, there may be instances where an organisation will consider a higher age of consent more appropriate in its business context. Where the child is below 13 years of age, the organisation must obtain consent from the parent or guardian.
(c) Reasonable purposes. The PDPC will adopt a principles-based approach to consider what is reasonable when collecting, using, or disclosing a child’s personal data.
(d) Protection of children’s personal data. The personal data of children is generally considered to be sensitive personal data and must be accorded a higher standard of protection under the PDPA.
(e) Notification of breach. The organisation should proactively inform the child’s parent or guardian of the data breach, or if the organisation does not have his/her contact details, it should ensure that the data breach notification to the child is in a language that is readily understandable by the child.
(f) Accountability. To meet the Accountability Obligation, organisations are advised to conduct Data Protection Impact Assessments to help them develop and implement appropriate policies and practices.
Click on the following link for more information:
- Advisory Guidelines on the PDPA for Children’s Personal Data in the Digital Environment (available on the PDPC website at www.pdpc.gov.sg)
Disclaimer
Rajah & Tann Asia is a network of member firms with local legal practices in Cambodia, Indonesia, Lao PDR, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam. Our Asian network also includes our regional office in China as well as regional desks focused on Brunei, Japan and South Asia. Member firms are independently constituted and regulated in accordance with relevant local requirements.
The contents of this publication are owned by Rajah & Tann Asia together with each of its member firms and are subject to all relevant protection (including but not limited to copyright protection) under the laws of each of the countries where the member firm operates and, through international treaties, other countries. No part of this publication may be reproduced, licensed, sold, published, transmitted, modified, adapted, publicly displayed, broadcast (including storage in any medium by electronic means whether or not transiently for any purpose save as permitted herein) without the prior written permission of Rajah & Tann Asia or its respective member firms.
Please note also that whilst the information in this publication is correct to the best of our knowledge and belief at the time of writing, it is only intended to provide a general guide to the subject matter and should not be treated as legal advice or a substitute for specific professional advice for any particular course of action as such information may not suit your specific business and operational requirements. You should seek legal advice for your specific situation. In addition, the information in this publication does not create any relationship, whether legally binding or otherwise. Rajah & Tann Asia and its member firms do not accept, and fully disclaim, responsibility for any loss or damage which may result from accessing or relying on the information in this publication.
