Historically speaking, data protection authorities from the beginning of their existence in the 1970s have been occupied not only with ‘supervision’ of whether data protection laws were observed, but also with a wide range of other roles, from ombudsmen, auditors to consultants to policy advisers. All these activities have a common goal of a greater level of protection, and one of those tasks is public education. Data protection authorities turned out to be also active in this field, as their awareness campaigns can include initiatives targeting directly children (for instance, via their website) or parents, but also teachers, or even direct participation to education by supporting staff members of schools in teaching. The inclusion or not of privacy issues in national curricula falls ultimately under the competence of the state, and not all member states of the European Union have taken steps in that direction.

Implication for Policy or Practice

The newly adopted General Data Protection Regulation (GDPR), which will apply from May 2018 on, explicitly acknowledges that children need to know about the risks associated with personal data processing, but also about the applicable rules, safeguards and rights. Awareness of risks shall in fact be instrumental for them to usefully exercise their rights. Activities addressed specifically to children shall receive additional specific attention and effective protection by the enforcement authorities.

Activities of these authorities can also target policy makers, often with a view to shaping school curricula or otherwise informing and influencing policy development. Owong to their role in society and their expertise, they can play a crucial role both in energising and improving privacy education in schools and make a useful contribution to the legal frameworks dealing with the widespread use of online services collecting students’ data.