Bizarre data protection news story of the week alert: a Dutch court has held that a grandmother was in breach of the General Data Protection Regulation (GDPR) for posting pictures of her grandchildren on social media platforms without their parents’ consent, and refusing to delete them after multiple requests.
Read my colleague Nadia's analysis of the judgment below.
On a personal level, it is obviously the polite thing to do to not post, or to delete if requested, pictures of other people if they (or their parents if they are minors) are not comfortable with it. However, to say that ‘consent’ is required under the GDPR has far-reaching consequences, not least because of the stringent requirements for consent to be valid – e.g. it has to be opt-in, clear, specific and informed.
/Passle/5db069e28cb62309f866c3ee/MediaLibrary/Images/2024-12-04-17-29-34-985-6750917e376ff9ba249f5aab.jpg)
/Passle/5db069e28cb62309f866c3ee/SearchServiceImages/2025-05-28-14-44-04-394-683721349d25f25791e9365e.jpg)
/Passle/5db069e28cb62309f866c3ee/SearchServiceImages/2025-05-23-20-07-38-111-6830d58a68653c5a1a0a4aa5.jpg)
/Passle/5db069e28cb62309f866c3ee/SearchServiceImages/2025-05-19-13-29-42-284-682b3246e134e77b9be8c2fd.jpg)
/Passle/5db069e28cb62309f866c3ee/SearchServiceImages/2025-05-20-10-23-50-411-682c5836975255c0971fba60.jpg)