Where can I check what personal data is being processed about my child or family?
The General Data Protection Regulation (GDPR) is in force in Finland too. The GDPR and other legislation ensure that, as a rule, parents have the right to know what kind of personal data, and what data specifically, a hobby organiser has on their families.
You can ask the hobby organiser for information on the types of personal data it is processing and on what basis, who have access to that data, and whether the organiser is disclosing the data to third parties. Generally speaking, this information should be available without having to specifically ask for it, for example on the organiser’s website. However, if you want to know what specific data a hobby organiser has collected on your child, you need to submit a request for information to the organiser. If you do so, you should bear in mind that your data is usually stored under that of your child. In other words, you need to request your child’s data instead of your own.
As the parent of a minor, you should nevertheless keep a few things in mind when requesting data. First of all, simply being a child’s parent is usually not enough to represent the child. The parent also needs to be the child’s custodian. As in other areas of life, the child’s right to self-determination increases with age. This means that, when your child is 16, you will not be provided as much information about them as when they were 6.
This is because your child’s right to self-determination in the processing and disclosure of their data increases as they get older. When a child is young, their custodians represent the child and manage all of their affairs. This also applies to the processing of personal data. At some point, however, the child achieves a sufficient level of maturity that they are deemed capable of managing their own affairs, such as deciding on whether their custodians are entitled to represent them in all matters involving the processing of personal data or whether there are circumstances in which the disclosure of certain personal data to their parent should be refused.
Legislation does not specify any specific age at which a child is sufficiently mature to make decisions alone on the processing of their personal data. Evidently, once a child reaches adulthood at the age of 18, their parents no longer have access to their information without a special reason. Such special reasons could include the child’s consent or the appointment of a guardian.
Minors themselves still have the right to exercise the rights of the data subject under the GDPR with regard to their own data. In other words, they can request access to their own data or the rectification or erasure of that data.
