Advertising targeting children: New proposals from Europe | Resources

Advertising targeting children: New proposals from Europe

Risk Management Consultancy

Children online advertising

European Parliament lawmakers prepare a new proposal for banning the online targeting of minors

What happened

  • The European Parliament has stated that it is looking to develop new legislation on restricting targeted advertising, particularly in relation to children and sensitive data.
  • The new law being proposed specifically states that “personal data of minors collected by online platforms shall not be processed for commercial purposes related to presenting behaviourally targeted advertising to minors”.
  • Platforms would also be required not to perform unnecessary age verification checks and that the ban should be applied by default.
  • The legislation is still being drafted and will have to go through an approval process involving the Council of the European Union.

Why it matters

  • The GDPR already contains specific provisions relating to profiling and the processing of personal data relating to children.
  • The GDPR requires the completion of a Data Protection Impact Assessment when large-scale processing of special categories of personal data (such as health, ethnicity and sexual orientation) and/or systematic monitoring on a large scale is envisioned or carried out.
  • This can include online profiling where users go on various websites and profiles are generated ‘behind-the-scenes’ based on browsing habits.
  • These profiles are then used to present tailored adverts to the user.
  • The new law being proposed would ban this type of processing when it involves children.


Draft proposal for the European Health Data Space (EHDS) Regulation released

What happened

  • he new draft proposal sets out a detailed set of rules for the processing of electronic health data for health and care use as well as for research purposes.
  • The regulation mainly applies to health and care organisations such as hospitals, pharmacies and providers of Electronic Health Care systems (i.e. solutions intended by the manufacturer to process electronic health records).
  • Similar to the GDPR, the EHDS Regulation will give individuals the right to access their electronic health data and to rectify it and restrict its processing.
  • EU member states will also be required to put in place a common infrastructure for cross border sharing of personal electronic health data and products.

Why it matters

  • The EHDS Regulation intends to take advantage of the EU’s newly published Data Governance Act and the creation of common ‘data spaces’.
  • The aim of the EHDS Regulation is to promote continuity of care as well as the advancement of medical research through greater data sharing.
  • These proposals will not affect the UK due to Brexit. However, the UK already has a long-established information governance framework within its National Health Service (NHS) that involves applying specific data security principles known as the ‘Caldicott Principles’.
  • One of these principles involves promoting data sharing for direct care purposes.


Court of Justice of the European Union (CJEU) confirms that phone data cannot be held indiscriminately

What happened

  • A recent decision by the EU’s top court ruled that national authorities cannot retain phone data in a general and indiscriminate manner, but could use specific information to tackle very serious crimes.
  • This case was brought by the Supreme Court of Ireland.
  • The decision by the CJEU follows another last year where it was also found that such data could only be used to combat serious crimes such as threats to national security.

Why it matters

  • Indiscriminate access to personal data for law enforcement purposes is a hotly debated topic in data protection and one the central issues in relation to the invalidation of the EU-US Privacy Shield (i.e. the mechanism that was widely used to enable data transfers from the EU to the US).
  • The CJEU’s decision confirms the European stance on the matter – that access to this type of data should only be for very serious crimes such as threats to national security.

You can stay up to date with the details of other key emerging themes as events unfold. Follow our round-up of latest stories and find out what the latest developments mean for your organisation.

We’d love to hear from you

We have a strong track record in providing risk advisory services with a focus on governance, regulatory compliance, conduct and culture, data protection, and third-party assurance. We help organisations successfully address governance, risk management and compliance challenges.

To discuss how the areas highlighted in this post, or any other aspect of risk management, information governance or compliance impact your business, speak with our team, tell us what matters to you and find out how we can help you navigate complex issues to help you deliver long term value.

If you have any questions or comments, or if there’s anything you would like to see covered, please get in touch by emailing Xcina Consulting at We’d love to hear from you.

Lindsey Domingo

Senior Director

Speak to me directly by Email, or
Telephone: +44 (0)203 745 7826

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>