11 PROTECTION OF CHILDREN’S PERSONAL DATA IN THE DIGITAL WORLD BASED ON NATIONAL AND INTERNATIONAL LEGAL FRAMEWORK Bismo Jiwo Agung Eko Supriadi and Partners Law Firm, Indonesia, Email: bismojiwoagung05@gmail.com Submitted: January 14, 2019; Reviewed: February 25, 2019; Accepted: March 4, 2019 Article Info Abstract Keywords: Protection, Personal Data, Term, International, National. DOI: 10.25041/lajil.v1i1.2020 The crime of children’s data in the digital world is one of the causes of the rampant crime of bullying, fraud, theft, sexual harassment, exploitation and abduction which leads to the trafficking of people who make children victims. The method used in this paper is a juridical-normative comparative legal research method. The result shows that the Convention on the Rights of Child Convention 1989 (CORC) does not regulate the personal data in the digital world comprehensively. So far, countries in the world, including Indonesia, have only relied on the international legal framework. It is recommended, including international guidelines issued by several international organizations such as the Organization for Economic Co-operation and Development (OECD), Asia Pacific Economic Cooperation (APEC), and the International Telecommunication Union regarding the guidelines for parents and children in 2016. Indonesia already has a set of legal rules that are used as a basis for protecting children’s rights in the digital world. Based on these rules, the protection of children’s data in the digital world is included in the private and criminal domain. These Legal Frameworks show that the government is passive in protecting children’s data in the digital world because the responsibility of child safety and security when online is still focused on the parents or guardians of the child. A. Introduction Information technology is all things related to the process, use, as a tool, manipulation, and management of information. At the same time, communication technology is all things related to the use of tools to process and transfer data from one device to another.1 At present, the technology can be used by adults and children not only for means of entertainment or communication but also used as a forum for expressing opinions, inspiration and online learning media. In addition to offering many benefits, technology also harms children. Children are a group that must be considered by the 1 Bayu Sujadmiko, Pengantar Hukum Tekanologi Informasi Internasional (Bandar Lampung: Zam-zam Tower, 2017), 4- 5. Volume 1 Issue 1, 2019: pp. 11-18. Department of International Law, Faculty of Law, Universitas Lampung, Bandar Lampung, Indonesia. p-ISSN: 2656-5186 E-ISSN: 2723-2603 http://jurnal.fh.unila.ac.id/index.php/lajil mailto:bismojiwoagung05@gmail.com https://doi.org/10.25041/lajil.v1i1.2020 Protection of Children's Personal Data in the Digital World Based on National.... Bismo Jiwo Agung 12 State and the surrounding community.2 Based on Law No. 35 of 2015 concerning Child Protection and The Convention on Rights of Child 1989, is meant by children is every person under the age of 18. In the past ten years, crimes against children committed using the internet have increased, every one of these crimes can occur in homes, schools, orphanages, public facilities, roads, workplaces, even in prisons.3 Based on reports from UNICEF in 2017, there were 5 (five) million profiles and children’s accounts stolen using internet-based theft. According to Javelin Strategy & Research in 2017, more than one million children in the United States who were victims of identity theft caused losses of $ 2.6 billion (two billion six hundred million dollars).4 European countries also experienced losses due to personal data stolen or misused by other parties in 2017 which reached 1.37 billion data lost or stolen.5 The increase in the number of crimes against children is closely related to the high use of gadgets connected to the internet by children. Table 1. Use of Gadgets by Children Source: Ofcom Children Media Use and Attitudes Report 2017 The data in Table 1 shows that currently, children aged 5 (five) to 18 (eighteen) years are used to gadgets and the internet. Therefore, parents and the government must be more careful in safeguarding the safety and security of children. Currently, children use technology in the form of applications to connect, play, and as a learning tool. It also shows that children are more active using digital device lately. At present, the personal data of children in the digital world is very vulnerable to abuse. For some parties, children’s data is more valuable than adult data. Child identity can be used by “anonymous”6 for various kinds of things. One of them is used to create an identity or fake credit card account.7 When there are parties who use fake credit card accounts in the name of children, automatically the child or parent or guardian will be forced to pay fake credit bills on behalf of the child even though the credit is used by someone else. As for other consequences, when adults grow up, children cannot use their identity to create a credit card account because the child’s data has been blocked or has a poor track record. The occurrence of fraud and extortion on behalf of the child occurred in 2018 in the United States, which caused a total loss of $ 540,000,000 (five hundred forty million dollars).8 The protection of personal data and children’s privacy actually has been affirmed at the 1989 Convention on Rights of the Child which is a follow-up to the Universal Declaration of Human Rights which has proclaimed and agreed that everyone has the right to all rights and freedoms expressed 2 Marojahan Hutabarat, “ANALISIS PERBANDINGAN PUTUSAN HAKIM ATAS TINDAK PIDANA PERSETUBUHAN DAN TINDAK PIDANA PERCABULAN TERHADAP ANAK,” Cepalo 2, no. 2 (2019): 93–102, 94, DOI: 10.25041/cepalo.v2no2.1766. 3 United Nation Children’s Fund, Child Protection Information Sheet (New York: The Child Protection Section Programme Division UNICEF, 2006), 5. 4 http://fortune.com/2018/04/24/stolen-identity-theft-children-kids/, Accessed on June, 26 2018. 5 https://www.itgovernance.eu/blog/en/more-data-lost-or-stolen-in-2017-than-all-of-2016-but-europe-bucks-the-trend, Accessed on 28 Juli 2018 6 Anonymous is someone who can not be identified because it uses a name that is not his real name. 7 Hemu Niggam. (2015). http://fortune.com/2015/11/30/vtech-hacking-children-data/, Accessed on June, 26 2018. 8 http://fortune.com/2018/04/24/stolen-identity-theft-children-kids/, Accessed on June 26, 2018. Gaming Youtube Social media Online 23% 3% age 12-15 Age 5-7 Age 8-11 81% 90% 71% 81% 77% 66% 74% 99% 94% 79% 120% 100% 80% 60% 40% 20% 0% http://fortune.com/2018/04/24/stolen-identity- http://www.itgovernance.eu/blog/en/more-data-lost-or-stolen-in-2017-than-all-of-2016-but- http://fortune.com/2015/11/30/vtech-hacking-children-data/ http://fortune.com/2018/04/24/stolen-identity-theft- Lampung Journal of International Law (LaJIL) P-ISSN: 2656-6532 Volume 1 Issue 1, 2019 E-ISSN: 2723-2603 13 therein, without discrimination, based on race, skin colour, gender, language, religion, political views or other opinions, national and social origin, wealth, birth or different position. In addition to child conventions, international organizations have also made guidelines regarding the protection of children’s data in the digital world such as the Organization for Economic Co-operation and Development (OECD) Council Recommendation on the Protection of Children Online 2012, APEC Privacy Framework 2015, International Telecommunication Union Guidelines for Children on Child Online Protection 2016 and the International Telecommunication Union Guidelines for Parents, Guardians and Educators on Child Online Protection 2016. The Indonesian government has enforced Law Number 23 of 2002 concerning Child Protection which has been updated with Law Number 35 of 2014 concerning Amendment to Law Number 23 of 2002 concerning Child Protection as an effort to provide legal certainty and its commitment to safeguarding children’s rights as nation’s next generation. Furthermore, the Indonesian Government has also ratified and enforced Law Number 11 of 2008 concerning Information and Electronic Transaction and Law Number 19 of 2016 concerning amendments to Law Number 11 of 2008 concerning Information and Electronic Transaction as an effort to protect the citizen from all crimes electronic. The Ministry of Communication and Information has also issued Ministerial Regulation Number 20 of 2016 concerning The Protection of Personal Data in Electronic Systems as a preventive measure for the occurrence of personal data crimes in Indonesia. Furthermore, as a follow up to Law Number 23 of 2002 concerning Child Protection which has been updated with Law Number 35 of 2014 concerning Amendment to Law Number 23 of 2002 concerning Child Protection, the government has ratified Government Regulation Number 43 of 2017 concerning The implementation of Restitution for Children Who Become Victims of Crime as a repressive effort and also as a rehabilitation effort for children who have been victims of crimes of sexual or economic exploitation, pornography, kidnapping, sales, and/or trafficking, physical violence and sexual crimes. The use of technology that is universal and borderless can make the crime of child personal data in the digital world into a crime across national borders where perpetrators and victims of crime are under the jurisdiction of different countries. Moreover, currently, the problem of misuse of personal data and violations of children’s privacy in the digital world has become a global problem experienced by countries in the world, including Indonesia. Therefore harmonization between International and National legal framework is needed to strengthen the protection of children personal data in the digital world to prevent and also react to children’s personal data crimes in Indonesia. Considering the impact and the nature of personal data crime which stated above, the authors are interested in discussing: How is the protection of children’s data in the digital world based on International law? And how is the protection of children’s personal data in the digital world based on National law? This type of research used in writing this research is juridical- normative-comparative, which is legal research literature that examines a problem based on legal norms contained in international regulations and legislation and comparing between two groups or more than a certain variable to produce a conclusion. The method in data collection used library study technique method, namely by studying the provisions of the legislation, international guidelines, books, documentation, journals, and accessing data on the internet related to issues within the scope of international law and the scope of national law. Data analysis was carried out by outlining and giving the meaning of each data obtained into sentences that are detailed, orderly, effective, logical and not overlapping to facilitate the author in interpreting and analyzing the data which then concludes response to the problems contained in this paper. B. Discussion 1. Child Protection Term Relating to Children’s Personal Data in the Digital World According to International and National Legal Framework. The protection of personal data and privacy of children according to international law has been limited to the Convention on Rights of the Child 1989, which is a follow-up to the Universal Declaration of Human Rights which has proclaimed and agreed that everyone has the right to all the rights and freedoms stated therein. Without discrimination, based on race, colour, gender, language, religion, political views or other opinions, national and social origin, wealth, birth or other position. Protection of Children's Personal Data in the Digital World Based on National.... Bismo Jiwo Agung 14 In addition to child conventions, international organizations have also made guidelines regarding the protection of children’s data in the digital world such as the Organization for Economic Co-operation and Development (OECD) Council Recommendation on Protection of Children Online 2012, APEC Privacy Framework 2015 International Telecommunication Union Guidelines for Children on Child Online Protection 2016 and the International Telecommunication Union Guidelines for Parents, Guardians and Educators on Child Online Protection 2016. The reason the author chose and discussed the international guidelines Convention in this paper was due to the link between Indonesia and these international Legal Frameworks. The connection began with the enactment of the Convention on Rights of the Child in 1989 through Presidential Decree No. 36 of 1990 concerning the Enactment of the Convention on Rights of the Child 1989. Furthermore, Indonesia has also become a member of the OECD based on Presidential Decree Number 1 of 2012 concerning Determination of Indonesian Membership in the Development Center- Organization for Economic Co-operation and Development. In addition, Indonesia has been a member of APEC since 1989 but has not been recorded in the Laws and regulations of Setkab. Even though it is not listed in the statutory record, Indonesia remains a member state in APEC. Furthermore, Indonesia has also ratified Law Number 10 of 1969 concerning the Convention on International Telecommunication Union in Montreux 1965 as the legal basis for Indonesian membership in the ITU. As a consequence of the enactment of the regulation, Indonesia must consider every recommendation given by ITU to build a good telecommunications system. a. Protection of Children’s Personal Data in the Digital World According to International Legal Frameworks To make it easier for readers to know the focus of the discussion of each international guideline, the authors will describe the differences in the scope and substance of each international guidelines and international conventions using matrix one on page 7. Matrix 1. explains the focus and substance of each international term has a different focus and substance but has the same goal of creating a child-friendly system in the form of ensuring the security and integrity of children’s personal data in the digital world. These Legal Frameworks do not discuss technically and deeply about the implementation of procedures that must be taken by each country. According to the author, the reason is the difference in culture and interests of each country. So that international Legal Framework often only regulate the outline. As for the technical implementation, it is returned to each country. International Telecommunication Union Guidelines for Children on Child Online Protection 2016. International Telecommunication Union Guidelines for Parents, Guardians, and Educators on Child Online Protection 2016. APEC Privacy Framework 2015 OECD The Protection of Children Online 2012 Convention on Rights of the Child 1989 International Provisions Guide children in protecting themselves from the negative effects of the internet such as cyberbullying, identity theft and online harassment while browsing the internet. This guideline was formed to provide preventive solutions in the form of educating educators, parents, and guardians in maintaining children’s privacy in the digital world. The purpose of this guideline is to protect privacy in business activities so that it is possible to send personal data that will benefit consumers, businesses and governments between countries. Providing recommendations to the Government and stakeholders in making rules for the protection of children online by applying the principles of empowerment, proportionality, and flexibility by adjusting their national legal systems with technological  Protect the honour and inherent rights of children in general without discriminatio n  Recommend to member countries to create a child protection system in each country Aim Lampung Journal of International Law (LaJIL) P-ISSN: 2656-6532 Volume 1 Issue 1, 2019 E-ISSN: 2723-2603 15 Specifically discussed topics are pointed out for children always to be careful and behave well when online. The scope of this rule educates educators, parents, and guardians regarding the protection of children’s data in the digital world. The scope of this framework applies to people as humans or organizations in public and private fields who control the collection, storage, processing, use, delivery or dissemination of personal information  Discuss the risks and urgency of establishing a child protection system when online  Discuss intergovernme ntal strategies in the field of child protection when online  Discuss protection of every right held by children from birth to adulthood; Scope  This guideline discusses strategies specifically given to children to be more easily understood and implemented by children.  This guideline discusses child protection strategies aimed at parents or guardians and teachers.  This guideline discusses the principles of protecting children’s data in the digital world that must be the basis or consideration of the state in establishing and implementing its legal system in the field of child protection when online.  These guidelines discuss more the strategies that must be taken by the government in creating a child protection system in the digital world between countries. ;  This Convention does not mention the protection of personal data. However, it still guarantees its protection as part of the privacy of children. Analysis b. Protection of Children’s Personal Data in the Digital World Based on National Law The protection of children’s data in the digital world in Indonesia is realized through the enactment of Law Number 23 of 2002 concerning Child Protection which is updated by Law No. 35 of 2014 concerning Amendment to Law Number 23 of 2002 concerning Child Protection. In addition to protecting children’s rights in cyberspace, the government issued Law number 11 of 2008 concerning Information and Technology which was updated by Law number 19 of 2016 concerning Amendment to Law No. 11 of 2008 concerning Information and Technology. Furthermore, to protect personal data related to child privacy, the government has issued Regulation of the Minister of Communication and Information Number 20 of 2016. As an implementing rule of Law Number 23 of 2002 concerning Child Protection which is updated by Law No. 35 of 2014 concerning Amendment to Law No. 23 of 2002 concerning Child Protection, the government has enforced Government Regulation Number 43 of 2017 concerning the Implementation of Restitution for Children Becoming Victims of Crime as one of the rehabilitation efforts aimed at children. In order to make it easier for readers to identify and understand the substance and scope of each rule, the author will explain the differences in the scope and substance of each national rule in the following matrix 2. Based on matrix 2. it is clear even though the two laws have different scope and substance, but both have connections in maintaining children’s data in the digital world. Law No. 23 of 2002 concerning the Protection of Children that Has Been Refurbished by Law Number 35 of 2014 concerning Child Protection does not mention the protection of children’s data. Therefore, in protecting children’s data in the digital world, this law must be accompanied by Law Number 11 of 2008 concerning Information and Electronic Transaction that have been Updated by Law Number 19 of 2016 concerning Amendments to Law Number 11 Of 2008 concerning Information and Electronic Transaction whose scope and substance governs the protection of rights in electronic systems. Furthermore, the regulation of personal data is further regulated in the Minister of Communication and Information Regulation Number 20 of 2016 concerning The Protection of Personal Data in Electronic Systems which adopts the protection principles contained in the OECD guidelines, APEC Privacy Framework and ITU Guidelines. However, this regulation still does not categorize crimes that include data crimes. For children who are victims of personal data crimes that Protection of Children's Personal Data in the Digital World Based on National.... Bismo Jiwo Agung 16 end up being victims of crime: 1) Sexual or economic exploitation; 2) Pornography; 3) Abduction, sale, and/or trade; 4) Physical violence. Can submit a request for restitution as regulated in Government Regulation Number 43 of 2017 concerning the Implementation of Restitution for Children Who Become Victims of Crime as an effort to return the rights of children who have become victims of crime, because restitution is not automatically given to children who are victims of the intended crime in Government Regulation Number 43 of 2017 concerning the Implementation of Restitution for Children Who Become Victims of Crime. 2. Comparison Between International and National Legal Framework Concerning The Protection of Children’s Personal Data in the Digital World Child protection is an act of prevention and prevention of acts of violence, exploitation, and abuse of children.9 The purpose of child protection is to ensure the fulfilment of children’s rights, to be able to live, grow, develop and participate optimally by human nature and dignity, and get protection from violence and discrimination for the realization of quality, noble and prosperous Indonesian children.10 This goal cannot be realized without cooperation between parents or guardians, the government and the organizers of electronic systems in maintaining the safety of children when online. One of the preventive measures that can be taken by the government is by making a set of rules relating to child protection by combining and harmonizing national Legal Framework with the International Guidelines issued by international organizations. The need to combine national and international Legal Framework is due to the current national Legal Framework that is still weak in terms of regulating the protection of children’s personal data in the digital world when compared to the International guidelines previously described. If we compare the existing International Guidelines in the protection of children’s personal data in the digital world, the protection of personal data of children referring to international guidelines is mostly in the hands of the Government. The government should be active in protecting children’s personal data in the digital world by collaborating between countries and managing electronic systems. The government is also required to monitor and ensure that providers of electronic systems to carry out their activities in accordance with applicable regulations such as: a. Protection of children aged less than 18 years; b. Protection of children’s personal data in the digital world; c. Data Category Included As Child’s Personal Data; d. Types of Child Personal Data Crimes in the digital world; e. Efforts to rehabilitate and fulfil the rights of child victims of child personal data crime in the digital world; f. Prohibition and/or sanction of crimes against children’s personal data in the digital world. In Indonesia, based on Article 26 of Law Number 11 of 2008 concerning Information and Electronic Transaction that has been Updated by Law Number 19 of 2016 concerning Amendments to Law Number 11 Of 2008, the state is passive because it cannot immediately conduct an investigation or investigation of the case. After all, the state does not have an obligation to do so if there are no reports or complaints from people who feel disadvantaged.11 Other evidence that shows that the state is passive in protecting child victims of personal data crime which leads to criminal acts of exploitation, pornography, physical violence, and psychology lies in the efforts of restitution given to children who are victims. According to Article 4 of Government Regulation Number 43 of 2017 concerning the Implementation of Restitution for Children Who Become Victims of Criminal Acts stating that the victim submits restitution efforts to investigators and public prosecutors before the court issues the decision. Furthermore, the request for restitution can also be rejected and returned to the applicant if 9 United Nation Children’s Fund, Op.Cit., 1. 10 Prints, Darwan, Hukum Anak Indonesia (Bandung: Citra Aditya Bakti, 2003), 146. 11 Andi Sofyan dan Nur Azisa, Hukum Pidana (Makassar: Pustaka Pena Press, 2016), 108. Lampung Journal of International Law (LaJIL) P-ISSN: 2656-6532 Volume 1 Issue 1, 2019 E-ISSN: 2723-2603 17 the investigator or prosecutor feels that the file still needs to be completed. This indicates that restitution efforts can occur only if the victim submits a request for restitution to investigators and prosecutors. Because in the Child Protection Law and ITE, sanctions given to perpetrators of crime are criminal sanctions and fines. Unlike restitution, the amount of money paid to fulfil a penalty will go to the state treasury rather than be paid to the victim.12 Based on these provisions, then if there is no application for restitution submitted by the victim, the state may provide or not provide restitution to the victim. Furthermore, in Law Number 23 of 2002 concerning Child Protection that Has Been Updated by Law Number 35 of 2014 concerning Child Protection and Law Number 11 of 2008 concerning Information and Electronic Transactions that have been Updated by Law Number 19 of 2016, does not specify data categories that are included as children’s personal data that must be protected. Although the Minister of Communication and Information Technology Regulation Number 20 of 2016 concerning The Protection of Personal Data in Electronic Systems has determined the definition of personal data, this rule only determines the definition of personal data broadly and does not specify the type of personal data that may and may not be collected, stored and processed by other parties. C. Conclusion Based on the results of the research, the author has described in the previous chapter. The conclusions of this paper are the protection of children’s data based on the international legal framework is constituted in Convention on The Rights of The Child 1989. It mandates participating countries to play an active role in respecting and fulfilling children’s rights by creating a child protection system that is adjusted to the state of culture and politics in each country. OECD Council Recommendation on The Protection of Children Online 2012 recommends that all stakeholders have an awareness to protect children when online. Coordination between stakeholders is also needed in accordance with their respective roles. The government must also carry out international cooperation in a provision, and implementation is very important in the success of protecting children when online and minimizing the risks that exist. The APEC Privacy Framework also recommends cooperation between countries in terms of protecting children’s personal data from the start of sending to managing the data. When protection in terms of technical delivery and management has been carried out, parents, guardians, teaching staff and children must understand the roles and functions of the technology they use every day. ITU has also provided guidance to children, parents, guardians and teaching staff related to the protection of children’s personal data in the digital world through the ITU Guidelines for Parents, Guardians, and Educators on Child Online and the ITU Guidelines for Children on Child Online. Indonesia has a set of legal rules which are used as a basis in protecting children’s rights in the digital world, including Law Number 23 of 2002 concerning Child Protection which has been renewed by Law Number 35 of 2014 concerning Amendment to Law No. 23 of 2002 concerning Child Protection, Law Number 11 of 2008 concerning Information and Electronic Transactions that have been updated with Law Number 19 of 2016 concerning Amendments to Law Number 11 of 2008 concerning Electronic Information and Transactions, Minister of Communication and Information Regulation Number 20 of 2016 concerning the Protection of Personal Data, and Government Regulation Number 43 of 2017 concerning the Implementation of Restitution for Children Who Become Victims of Crime. Based on these rules, the protection of children’s personal data in the digital world is included in the private and criminal domain. Furthermore, children who have become victims of the crime of child personal data in the digital world that lead to exploitation, and crimes intended in Government Regulation Number 43 of 2017 concerning the Implementation of Restitution for Children Who Become Victims of Crime, are not automatically given restitution in an effort rehabilitation to children. These provisions indicate that the government is passive in protecting children’s personal data in the digital world because the responsibility of child safety and security when online is still focused on the parents or guardians of the child. 12 Fitriani Mahmud Mulyadi, M Ekaputra, and Chairul Bariah, “TINDAK PIDANA PENELANTARAN RUMAH TANGGA MENURUT UNDANG-UNDANG NOMOR 23 TAHUN 2004 TENTANG PENGHAPUSAN KEKERASAN DALAM RUMAH TANGGA (STUDI PUTUSAN MAHKAMAH AGUNG NOMOR 467K/PID.SUS/2013),” USU Law Journal 3, no. 28, (2015): 28-39, 38. Protection of Children's Personal Data in the Digital World Based on National.... Bismo Jiwo Agung 18 References A. Journal Mulyadi, Fitriani Mahmud., Ekaputra, M., Bariah, Chairul. “TINDAK PIDANA PENELANTARAN RUMAH TANGGA MENURUT UNDANG-UNDANG NOMOR 23 TAHUN 2004 TENTANG PENGHAPUSAN KEKERASAN DALAM RUMAH TANGGA (STUDI PUTUSAN MAHKAMAH AGUNG NOMOR 467K/PID.SUS/2013),” USU Law Journal 3, no. 28, 2015: 28-39. Hutabarat, Marojahan “ANALISIS PERBANDINGAN PUTUSAN HAKIM ATAS TINDAK PIDANA PERSETUBUHAN DAN TINDAK PIDANA PERCABULAN TERHADAP ANAK,” Cepalo 2, no. 2, 2019: 93–102, DOI: 10.25041/cepalo.v2no2.1766. B. Book Prints, Darwan. Hukum Anak Indonesia. Bandung: Citra Aditya Bakti, 2003. Sofyan, Andi et.al. Hukum Pidana. Makassar: Pustaka Pena Press, 2016. Sujadmiko, Bayu. Pengantar Hukum Teknologi Informasi Internasional. Bandar Lampung: Zam- zam Tower, 2017. United Nation Children’s Fund. Child Protection Information Sheet. New York: The Child Protection Section Programme Division UNICEF, 2006. C. Regulation APEC Privacy Framework 2015. Government Regulation Number 43 Year 2017 concerning Implementation of Restitution for Children Who Become Victims of Criminal Acts. Law Number 11 Year 2008 concerning Updated Information and Electronic Transactions Law Number 19 Year 2016 concerning Amendments to the Law Law Number 23 Year 2002 concerning Child Protection which has been updated with Law Number 35 Year 2014 concerning Amendments to Law Number 23 Year 2002 concerning Child Protection OECD The Protection of Children Online 2012. Convention on Rights of the Child 1989. Regulation of the Minister of Communication and Information Number 20 Year 2016 concerning Protection of Personal Data in Electronic Systems. International Telecommunication Union Guidelines for Children on Child Online Protection 2016. International Telecommunication Union Guidelines for Parents, Guardians and Educators on Child Online Protection 2016. D. Internet http://fortune.com/2015/11/30/vtech-hacking-children-data/, accessed on June 26, 2018. http://fortune.com/2018/04/24/stolen-identity-theft-children-kids/, accessed on June 26, 2018. https://www.itgovernance.eu/blog/en/more-data-lost-or-stolen-in-2017-than-all-of-2016-but- europe-bucks-the-trend, accessed on June 26, 2018. http://fortune.com/2015/11/30/vtech-hacking-children-data/ http://fortune.com/2018/04/24/stolen-identity-theft-children-kids/ http://www.itgovernance.eu/blog/en/more-data-lost-or-stolen-in-