France: CNIL adopts standard on processing of children's data in health and social care sector
The French data protection authority ('CNIL') announced, on 17 February 2022, that it had adopted a standard on the protection of personal data of children and adults under the age of 21. In particular, the standard, intended for all private and public organisations which provide social care, healthcare, educational, or legal support for minors and adults under the age of 21, provides specific rules and guidance regarding the application of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') to common data processing operations in this field.
Notably, the standard replaces and updates the previous standards in this field, AU-49 and AU-28, which no longer have legal effect following the entry into force of the GDPR. Specifically, as compared to standards AU-49 and AU-28, the standard provides new information regarding the identified purposes for data processing, legal bases, the personal data collected, and retention periods.
You can read the press release here and the standard here, both only available in French.