This gets me thinking. From a legal perspective, does a parent's consent to tracking pass over to their children even after reaching adulthood? (say for GDPR etc.)
I think (and this is probably why this is part of the general tech conversation now) that we're on the verge of a massive legal shift with data ownership.
A child born since Facebook's inception will be approaching 18 soon, and might have had parents who posted the child's entire life on Facebook from the ultrasound all the way to (maybe?) high school graduation.
When that child turns 18 and the child does not consent to tracking, what happens to all those photos, behavior, and YouTube videos that kid has watched? Maybe the kid starts as a clean slate since they've reached an age of majority, but how can you technically even keep track of that?
The person who took the photo owns the photo in most of the world. You don't need the permission of everyone you take a picture of to upload it to facebook
Whilst that is technically correct, you do need the consent of the subject of the photo to share it, in most of the world, except for in a narrow set of circumstances. (Public good, expectation of privacy).
In most legal circumstances consent can be withdrawn at a later date. That generally can only not be done if something is permanent. Requiring the photo to be "de-published" is something that publications have done for some time.
This is not true in most of the world. Unless you are using their likeness to advertise a commercial product, you don't need the subjects permission to publish it on the internet, sell the photo, upload it etc.
And the parents do consent when the photos are taken.
> This is not true in most of the world. Unless you are using their likeness to advertise a commercial product, you don't need the subjects permission to publish it on the internet, sell the photo, upload it etc.
Lets take a run at this one. I did specifically mention a couple exemptions above, which include expectation of privacy - a crowd in a public space don't have an expectation of privacy.
(In the US this goes further, where you can photograph anyone in public, with or without their consent, so long as it is within the nebulous "community standards" - but the US is not the norm.)
However, that's not the case for a wide variety of other photographs.
For example under the Australian Privacy Act:
> Images of individuals in photographs or video (images) are treated as personal information under the Privacy Act 1988 (Privacy Act) where the person’s identity is clear or can reasonably be worked out from that image. [0]
Similarly, in the EU, photographs or video of someone who can be reasonably identified within that work, is to be treated as Personally Identifiable Information under the GDPR, and thus requires consent. GDPR also requires you notify anyone in a public space ahead of time that you may be filming or photographing in the area.
I think it's fair to say that it is _not_ normal in most of the world to require no consent if you're not doing something commercial. Consent is the norm.
It probably does not need any specific consideration, as consent can be freely withdrawn at any time (GDPR Art 7.3), so the consent not passing over is equivalent to consent passing over but the child deciding to withdraw it the moment they are legally able to - in any case, legal consent persists only if the legal decisionmaker actually consents.
And it's worth noting that this is not about collection of data but use of data - if the legal basis of the processing was consent (perhaps there was a different legal basis, then consent isn't relevant) then withdrawing the consent does not make the earlier processing illegal, but it does require the controller to stop processing (using) the data they collected while they had consent and ensure that any processors to whom they delegated data processing do so as well.
OK, but withdrawing requires a process on the part of the child, what I'm referring to is even without a process of withdrawing consent. Since the child has never consented to begin with, shouldn't it automatically be illegal to continue?
Additionally, the child will usually not know every site their parent has consented to tracking use.
