This post is also available in: Español

The lockdown imposed by the Government to contain COVID-19 affects all aspects of our lives. One of the consequences is that children are spending more time than usual online. This has led the Spanish Data Protection Agency ( “AEPD”) to publish a technical note offering advice and recommendations for parents to protect children from inappropriate content (the “Note”).

The AEPD reminds that children are often exposed (even involuntarily) to inappropriate content consisting of harmful images or information given their age, maturity, sensitivity or the very subject matter or its treatment. In the framework of its Safe Internet for Kids initiative (, the Spanish National Cybersecurity Institute ( “INCIBE”) highlights that such information usually takes the form of fake images and videos promoting harmful habits, negative values and misleading or deceitful information. This is particularly worrisome in the current exceptional situation, with children spending more time online.

The Note lists some methods (not infallible, as the AEPD points out) that parents can use to prevent, or at least restrict, children’s access to inappropriate content, such as applications specifically designed for children, parental control tools offered by operating system manufacturers, or content filtering solutions, including parental controls in TV and streaming platforms.

Along with these mechanisms, the Note includes a set of recommendations for parents and service providers and developers. It stresses the need for parents to promote proper education and communication, showing children the risks involved in using the internet or limiting their use of smart devices. They are also reminded that it is desirable to be properly informed about the personal data processing carried out by applications when selecting and implementing a specific parental control measure.

The AEPD urges service providers and developers to comply with data protection regulations, in particular with regard to the principle of data minimization (e.g., by implementing mechanisms to turn features on or off, applying security measures or minimizing permissions, among other things). Emphasis is also placed on the need to establish guarantees for cloud services, as well as security measures that consider the volume, categories and profile of the data subjects.

Finally, the Note includes an annex with a table comparing parental control tools to reduce children’s inappropriate use of the internet in an effective and long-lasting way.

By Sergi Gálvez and Ana Sánchez

This post is also available in: Español



42 artículos

Asociado del Área de Propiedad Intelectual y Protección de Datos. Especialista en protección de datos y tecnologías disruptivas. Participa en el asesoramiento recurrente en materia de protección de datos y contratación tecnológica de compañías nacionales e internacionales, especialmente en la configuración jurídica de evaluaciones de impacto, transferencias internacionales de datos personales, contratos de encargo de tratamiento y en el asesoramiento durante violaciones de seguridad. Además de prestar asesoramiento continuado a clientes en los ámbitos mencionados, tiene experiencia en asesorar a empresas de diferentes sectores en la configuración legal de proyectos que implementan tecnologías disruptivas, tales como el Big Data, Internet of Things, artificial intelligence y smart robots.


45 artículos