حمایت از داده های شخصی کودکان در مقررات عمومی حفاظت از داده های اتحادیه اروپا و جای خالی آن در حقوق ایران (مقاله علمی وزارت علوم)
درجه علمی: نشریه علمی (وزارت علوم)
آرشیو
چکیده
در دنیای امروز که اینترنت و فناوری های دیجیتال بخشی جدایی ناپذیر از زندگی کودکان شده است، حفاظت از داده های شخصی آنان اهمیتی ویژه دارد. مقررات عمومی حفاظت از داده های اتحادیه اروپا (GDPR) با وضع قواعدی مانند لزوم کسب رضایت قانونی از سرپرستان کودکان، ساده سازی اطلاعات برای درک کودکان و تأکید بر حق حذف داده ها، به طور مؤثر از حقوق کودکان در فضای دیجیتال حمایت می کند. در نظام حقوقی ایران، به منظور حفاظت از داده ها تلاش هایی شده است؛ مانند تهیه طرح حمایت و حفاظت از داده های شخصی که هنوز به تصویب نرسیده است، اما مفاد طرح مذکور نیز به طور خاص و چشمگیر به حمایت از کودکان نمی پردازد؛ به ویژه کاستی هایی مانند بی توجهی به سن رضایت والدین برای پردازش داده های کودکان هم سو با قانون حمایت از اطفال و نوجوانان (1399) و مقررات بین المللی، نبود قوانین شفاف درباره محدودیت های بازاریابی هدفمند، تأکید نکردن بر زبان ساده و شفاف و کمبود آموزش و آگاهی بخشی در این زمینه مشاهده می شود. این مقاله با مقایسه تطبیقی بین مقررات عمومی حفاظت از داده های اتحادیه اروپا و نظام حقوقی ایران، پیشنهادهایی ارائه کرده است؛ ازجمله افزایش سن قانونی رضایت به هجده سال، تدوین قوانینی برای محدودسازی پردازش داده های کودکان و اجرای برنامه های آموزشی برای کودکان و والدین. این اقدامات می توانند گامی مؤثر در راستای حفظ حریم خصوصی کودکان و پیشگیری از سوءاستفاده های احتمالی در فضای مجازی باشند.Protection of Children's Personal Data under the General Data Protection Regulation (GDPR) of the European Union and its Absence in Iranian Law
In today's digital era, where the internet and digital technologies play an integral role in children's lives, safeguarding their data has become critical. The General Data Protection Regulation (GDPR) of the European Union stands as one of the most comprehensive legal frameworks addressing this concern. It mandates parental consent for data processing, promotes the use of simple language for children's understanding, and upholds the right to data deletion. Additionally, the GDPR enforces strict limitations on processing children's data and ensures specific rights to them. However, Iran's legal system still lacks a structured and comprehensive regulatory framework for protecting children's data. Although initiatives like the "Personal Data Protection and Support Plan" have been introduced, they fail to explicitly prioritize children's data protection. The rapid growth of online platforms and services targeting children has raised serious concerns about privacy and data security. Social media, educational applications, and gaming platforms often collect and process children's data without adequate safeguards, exposing them to potential risks such as identity theft, unauthorized profiling, and targeted advertising. The GDPR has sought to address these concerns by introducing stringent measures that hold data controllers accountable for the lawful and transparent processing of children's data. Conversely, Iran’s legal framework remains underdeveloped in this area, lacking clear guidelines and enforcement mechanisms to ensure children’s data privacy. Keywords: Child, Personal Data, Protection, General Data Protection Regulation (GDPR) 1. Introduction Children are increasingly engaged in digital environments, making their data vulnerable to misuse and exploitation. The internet has revolutionized access to information, communication, and entertainment, allowing children to interact in virtual spaces that were previously inaccessible. However, this increased connectivity has also led to new challenges concerning privacy, security, and digital rights. With the expansion of digital technologies, children’s data has become a valuable commodity for companies and organizations that seek to analyze user behavior, target advertisements, and develop consumer profiles. This commercialization of data has raised ethical and legal concerns, particularly regarding the extent to which children's information should be collected, stored, and processed. While digital platforms provide numerous benefits, such as educational resources and social networking opportunities, they also expose children to potential risks. Cyberbullying, identity theft, and exploitation are just some of the dangers that children face in the online world. The lack of legal literacy among children, coupled with their limited understanding of privacy policies, makes them particularly vulnerable to data misuse. Consequently, there is an urgent need for governments and regulatory bodies to implement policies that protect children from these threats and ensure their digital rights are safeguarded. The GDPR was introduced to address these challenges by establishing a legal framework that prioritizes the protection of children's data. By requiring companies to obtain parental consent before processing children's data, the GDPR aims to reduce unauthorized data collection and provide greater transparency in how data is used. Furthermore, the regulation emphasizes the need for child-friendly privacy policies that are easy to understand and accessible to younger audiences. These measures ensure that children and their guardians can make informed decisions about their digital presence and the data they share online. Despite the advancements brought by the GDPR, many countries, including Iran, have yet to implement comparable regulations. Iran's current legal framework on data protection is fragmented and lacks specific provisions that address children's online privacy. While some legislative efforts have been made, such as the proposed "Personal Data Protection and Support Plan," they fail to comprehensively address children's digital rights. This gap in regulation leaves Iranian children exposed to potential data exploitation without adequate legal recourse. The primary objective of this study is to compare GDPR's child data protection mechanisms with Iran's current legal framework and to highlight the gaps that necessitate legal reforms. By analyzing both legal systems, this research aims to provide insights into the challenges and opportunities associated with protecting children's online privacy in Iran. Additionally, the study explores the broader socio-cultural implications of implementing stricter data protection policies and the potential impact on businesses, education systems, and digital governance. With the proliferation of digital technologies, children's data is often collected, processed, and stored without their informed consent. The absence of comprehensive regulations in Iran leaves children susceptible to online threats, including cyberbullying, unauthorized data sharing, and surveillance. Given these challenges, the study aims to provide a comparative legal analysis that will assist policymakers in formulating effective data protection strategies tailored to children's needs. By drawing lessons from the GDPR, Iran can develop a robust legal framework that prioritizes children's digital rights and ensures that their data remains secure in an increasingly connected world. 2. Methodology This study employs a comparative legal analysis method, examining the GDPR’s provisions on children's data protection alongside Iranian laws. Data is gathered from legislative documents, legal analyses, and international reports on children's digital privacy. The study also incorporates case studies and expert opinions to identify key areas where Iran's legal system requires improvement. The analysis further explores the socio-cultural implications of adopting stricter data protection policies in Iran. A qualitative research approach is utilized, involving document analysis and expert interviews to assess the effectiveness of existing legal frameworks. Furthermore, international best practices are reviewed to propose policy recommendations that align with global standards. By adopting a multidisciplinary perspective, the study aims to bridge the legal and technological gaps in child data protection. 3. Results and Discussion The study identifies several key differences between GDPR and Iranian laws regarding children's data protection: Age of Consent : The GDPR sets the digital age of consent at 16, allowing member states to reduce it to 13. Iran, however, follows Islamic legal age definitions (9 years for girls, 15 for boys), which significantly undermines children's ability to make informed privacy decisions. The discrepancy between the legal age of consent in Iran and international norms exposes Iranian children to potential data exploitation. Transparency and Language : The GDPR mandates that digital service providers use child-friendly, simple language in privacy policies. Iranian regulations lack explicit provisions requiring clear and understandable communication with children. Without accessible privacy policies, children in Iran are less likely to understand their digital rights and responsibilities. Marketing and Data Use Restrictions : GDPR imposes strict limits on the use of children's data for marketing and profiling, whereas Iranian laws do not explicitly prohibit data exploitation for commercial purposes. As a result, children in Iran may be targeted by advertisers and data brokers without adequate legal protections. Right to Data Deletion : Under the GDPR, children have the right to request data deletion, an essential safeguard against long-term privacy risks. Iran's legal system lacks explicit guarantees for such rights, leaving children's digital footprints unprotected. The absence of a "right to be forgotten" provision in Iran further complicates efforts to safeguard children's online privacy. The findings highlight the need for urgent reforms in Iran’s legal framework to align with global best practices. Implementing child-specific data protection measures can reduce the risk of cyber exploitation and unauthorized data processing. Additionally, integrating privacy education into school curricula can empower children and parents to navigate digital environments safely. A comprehensive policy shift is required to ensure that Iran adopts child-centric data protection laws. Legal reforms should be accompanied by technological solutions, such as age-verification mechanisms and parental control tools, to enhance the safety of children’s online experiences. Moreover, collaboration between government agencies, educational institutions, and the private sector is essential to developing an effective child data protection ecosystem. 4. Conclusions and Future Research The study concludes that Iran must establish a legal framework similar to the GDPR to ensure children's online safety. Key recommendations include: Raising the legal age of consent for data processing to 18 to align with international child protection standards. Mandating the use of clear and comprehensible language in privacy policies for children to ensure transparency and informed decision-making. Introducing strict regulations limiting the commercial use of children's data and prohibiting targeted advertising practices that exploit minors. Recognizing and enforcing children's right to data deletion to protect them from potential digital harm. Implementing digital literacy programs to educate children and parents about online privacy risks and responsible internet use. Establishing an independent regulatory body dedicated to monitoring and enforcing child data protection laws. Encouraging private sector compliance with ethical data handling practices through incentives and penalties. Promoting cross-sectoral collaboration between government agencies, tech companies, and advocacy groups to ensure a holistic approach to child data protection. Conducting periodic assessments and revisions of child data protection policies to keep pace with technological advancements and emerging threats. Enhancing international cooperation to adopt best practices from global data protection frameworks and ensure seamless integration into Iran’s legal landscape. By adopting these measures, Iran can create a safer digital landscape for children, ensuring their fundamental right to privacy is protected in the evolving digital age. Addressing legislative gaps and fostering a culture of data privacy awareness will ultimately empower children to navigate the digital world securely and responsibly.
تبلیغات
