Instructions for the collection and processing of personal data of minors

Guardian’s consent for the collection and processing of personal data of children under 13

In the Finnish Red Cross’s volunteer activities, personal data of minors is collected for purposes such as events and activity groups. The Finnish Data Protection Act (1050/2018) sets the age limit for the provision of information society services at 13 years, which is why a guardian's consent must be requested when offering information society services, e.g., newsletters, directly to a child under 13. The same principle regarding guardian's consent is applied to the collection and processing of personal data of children under 13 in all our volunteer activities.

What does this mean in practice?

When personal data is collected from a child under 13 for purposes such as group activities or events, there must be written consent from the guardian for the collection and processing of the personal data. Additionally, the guardian must be informed about why and how the provided personal data will be processed.

• Only a guardian can provide the personal data of a child under 13 to the activity organizer. This should be communicated, for example, in the registration instructions for an event, where the guardian is instructed to fill in the personal data of the child under 13 on the event registration form.
• The activity organizer must be able to demonstrate the consent obtained from the guardian for processing the personal data of the child under 13. It is advisable to request consent in writing on the registration form, e.g., ”As a guardian, I approve the processing of my child’s personal data for the purposes of the event.”
• The activity organizer has an obligation to inform the guardian how the provided personal data will be processed. For this purpose, the Finnish Red Cross has privacy statements describing the information contained in various registers as well as matters related to the use of the data. The privacy statements can be found on this page. The activity organizer is responsible for ensuring that personal data is processed in the manner described in the selected notice.

We recommend that the activity organizer always collects the contact information of the guardians of all minor participants so that they can be reached during the activity. If participation in the activity requires staying overnight away from home, we recommend informing the guardians of all minor participants and, if necessary, also requesting consent for the minor’s participation in the activity.

Further information on data protection in our volunteer activities can be found here.