On 6 November 2024, the Philippine National Privacy Commission (NPC) closes the consultation on guidelines on child-oriented transparency to protect children's personal data in accordance with the Data Privacy Act (DPA) of 2012. The guidelines outline the responsibilities of Personal Information Controllers (PICs) when processing children's data, ensuring that appropriate security measures are in place to safeguard the best interests and evolving capacities of children. The scope of the guidelines covers both digital and physical environments, applying to PICs involved in any form of processing of children's personal data. In particular, PICs are required to conduct risk-based assessments and include Child Impact Assessments (CIA) in their Privacy Impact Assessments (PIA) before releasing products or services that children may access. This ensures that children are fully aware of the purpose, nature, and extent of data processing. Furthermore, PICs may implement age verification mechanisms and set high default privacy settings to give children better control over their privacy. Moreover, the guidelines emphasise the need for child-friendly privacy notices that are clear, accessible, and easily understandable for children. Various formats, such as videos or infographics, can be used to present privacy information in a more engaging, age-appropriate way. In cases of data breaches involving children’s personal data, PICs must notify both children and their guardians using language that children can easily understand. Accountability is a key principle, with PICs required to prioritise the best interests of children in all processing activities. Finally, they must adopt a risk-based and context-specific approach, implementing enhanced security measures to protect children’s data.
Original source