key: cord-0739909-08van2sz
authors: Nevická, Denisa; Mesarčík, Matúš
title: Why are you offline? The issue of digital consent and discrimination of Roma communities during pandemic in Slovakia
date: 2022-04-24
journal: International Journal of Discrimination and the Law
DOI: 10.1177/13582291221096615
sha: 915d1c53ff8e9af47c3116ea4dcfa7f41a91b3bd
doc_id: 739909
cord_uid: 08van2sz

The article is focused on the issue of discrimination against Roma communities in the use of educational online platforms on account of failure to provide digital consent. The digital education model used during the COVID-19 pandemic in the Slovak Republic somehow forgot about Roma communities, thus preventing Roma students from accessing education through online platforms. This contribution is aimed to foster the discussion of discrimination against marginalized Roma communities in accessing education through online platforms and to point out the inadequacy of national legislation on the provision of digital consent.

Digitalization of services and society provides opportunities and solutions for several social issues on a huge scale. The spread of access to the Internet in connection with the 1 growth of digital literacy is without any doubt aiding with several issues including the provision of education in marginalized communities. However, as noted by Greco and Floridi, the benefits of digitalization may trigger more inequality due to insufficient literacy or weak access and understanding of the infosphere (Greco and Floridi, 2003) . This conclusion is also supported by Taylor highlighting possibilities of negative influence on marginalized communities as they are often subject to strict profiling due to biases in cases of credit loans or law enforcement. Taylor´s position stands on emphasizing "ethical paths through a datafying world "consisting of three pillars: visibility, engagement with technology, and non-discrimination (Taylor, 2017) . The key is to achieve fairness in the treatment of individuals concerning their digital data. Data injustice is one of the most visible issues connected to digitalization concerning marginalized communities (Taylor, 2017) . The Slovak Republic is not an exception.

Marginalized communities, especially the Roma community, are subject to the protection of the legal system, but the practical application of individual legal regulations is insufficient. The Slovak Republic regularly adopts a strategy for the inclusion of Roma communities and marginalized communities. One of the main goals in the inclusion strategy is access to education, which aims to eliminate the cyclicality of Roma issues and enable Roma children to enjoy decent living conditions. Despite these noble goals, which are in line with the principle of equal treatment, the practice is different. The COVID-19 pandemic has shown that Roma children are the first to have their right to education violated since they constitute the vast majority of poverty-stricken children. The right to education also acquires other rights like the right to work, or the right to a decent standard of living, which Roma children without education will find difficult to achieve in the future. We are of the opinion, that these children are being directly discriminated.

The authors' research aims to analyze the position of Roma pupils in marginalized communities during the COVID-19 pandemic in the Slovak Republic, concerning their right to education through digital platforms. It is Roma pupils in marginalized communities who do not have in most cases access to online education. Even if they have digital access, from the point of EU data protection law, there might be an issue of granting consent or obtaining the valid agreement of children's rightsholders to use most platforms and applications as these two legal grounds of processing are most widely used in connection with digital educational platforms. However, their parents come from an equally disadvantaged environment and may not understand the content of the consent, which may lead to its non-granting. The authors aim to point out the possible discrimination associated with the issue and to propose solutions to eliminate discrimination against Roma pupils. To our knowledge, similar research combining legal requirements in connection with digital literacy and the situation of the Roma community has not been conducted.

The research methodology used in the present article includes legal research of legislation, authoritative texts, case law, and doctrinal literature. Subsequently, the authors analyze topical norms and text connected to the position of Roma pupils in Slovakia, based on legal research. The analysis is followed by the comparison of results to European standards. Finally, the authors present suggestions on how to improve the law based on legal research, analysis, and comparison.

The right to education is one of the fundamental rights of the European Union (EU) citizens. Article 14 of the Charter of Fundamental Rights of the European Union explicitly enshrines everyone's right to education and access to vocational and continuing training, which includes the right to free compulsory education. In the Slovak Republic, the right to education is enshrined in Article 42 of the Constitution. Everyone has a guaranteed right to education in free primary and secondary schools, according to the abilities of the individual, possibly universities. The length of compulsory school attendance is 10 years and lasts until the end of the school year in which the pupil reaches the age of 16. It is necessary to state that the right to education in the standard sense was greatly affected by the onset of the COVID-19 pandemic. Schools and education were one of the first areas to move to online space and distance learning in early March 2020. We must state with regret that even in the first half of 2021, only some schools were properly open, and that education takes place mainly online. According to an OECD report, Slovakia is the country with the longest strike of closed schools during the COVID-19 pandemic in the European Union (OECD, 2021b).

Roma communities and Roma pupils were disadvantaged by difficult access to education even before the onset of the global pandemic. In the Slovak Republic, up to 28% of Roma children under the age of 4 do not attend pre-school facilities and 23% of schoolchildren do not attend schools despite compulsory school attendance (European Agency for Fundamental Rights, 2016) . This leads to more than 5% illiteracy of members of the Roma ethnic group in the Slovak Republic and their own perceived illiteracy to the level of 9% (European Agency for Fundamental Rights, 2016). In addition, pupils who attend schools are often placed in special schools for mentally handicapped children, mainly due to insufficient pre-school preparation and not due to a real mental disability (Euractiv, 2004) . Roma pupils leave compulsory school early in up to 8.6% of cases (European Parliament, 2020) . The COVID-19 pandemic has only made it more difficult for Roma children to access education. According to an OECD study considering only OECD members, children in the Slovak Republic are at one of the highest risks of poverty (OECD, 2021a) . In the Slovak Republic, 3.4% of all pupils, mostly from marginalized communities, do not have access to the Internet and thus also to online education. At the same time, according to The Ministry of Education, Science, Research, and Sport of the Slovak republic up to 40,000 pupils in primary schools come from socially disadvantaged backgrounds, of which the vast majority are Roma children (Office of the Plenipotentiary of the Government of the Slovak Republic for Roma communities). It should be emphasized that not only digitization but also the ownership of the computer, technical equipment, the number of people living in one household, language competencies, or educational assistance significantly disadvantage children from socially weaker backgrounds.

Teachers, teaching assistants, or non-profit organizations seek to contribute to education in marginalized communities by distributing assignments in printed form. In these communities, the virus spreads faster due to poor hygiene conditions, leading to a more extensive need for mandatory quarantine (The Public Health Authority of the Slovak republic, 2020). Even if some pupils have access to education in the form of worksheets delivered to their homes, their teachers have no way of accessing them during the quarantine of settlements. The most appropriate way of teaching can be considered fulltime teaching, but given the situation, distance e-learning would also contribute to maintaining the educational level of children from marginalized communities. As of September 2020, there are a total of 497,425 primary school pupils in the Slovak Republic, of which 3.4%, i.e., approximately 16,913 pupils, do not have access to online education at all (The Ministry of Education, Science, Research, and Sport of the Slovak republic, 2020b). However, there are almost 40,000 pupils from socially disadvantaged backgrounds, which means that the number of pupils who cannot learn online in real-time can be even higher.

European Union data protection law and processing of personal data of children

The emergence of the COVID-19 pandemic (temporarily) changed the provision of education in most of the affected states. The classic way of learning was replaced by distance learning-dependent on information technologies and digital applications. Video conferencing tools such as Skype, Teams by Microsoft, Zoom, or Webex by Cisco are cornerstones of distance learning as they aim to provide a class environment in the virtual space (Brankovičová and Lášticová, 2020) . However, it is necessary to point out that the aforementioned videoconferencing tools are useless without processing personal data. Subsequently, this fact triggers the application of data protection laws. On the level of the EU, primary law recognizes the right to protection of personal data as a fundamental human right in Article 8 of the Charter of the fundamental rights of the European Union. The general data protection regime is represented by EU General Data Protection Regulation (GDPR). Although this paper does not aim to provide a comprehensive analysis of the EU data protection framework, basic remarks shall be presented as a ground for understanding the issues connected to the digital consent of children.

GDPR applies to the processing of personal data via video conferencing applications used in distance learning in the territory of the EU. GDPR, in general, applies to (semi) automated and manual processing of personal data (GDPR, Article 2 [1] ) The legal notion of processing is broad and includes collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of persona data (GDPR, Article 4 [1] ). Personal data represent "any information relating to an identified or identifiable natural person." Article 4 (1) GDPR demonstratively enumerates the most common identifiers (Name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person) as a key to identifiability. The interpretation of identifiability is further provisioned in the Recital 26 GDPR and decisions of the European Court of Justice (ECJ) interpreting the definition of personal data extensively (European Court of Justice, 2016 . GDPR differs between intra-territorial scope and extraterritorial scope of application. The intra-territorial scope of GDPR means that the regulation applies "to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the EU, regardless of whether the processing takes place in the EU or not" (GDPR, Article 3 [1] ). On the other hand, GDPR applies also extra-territorially to subjects not established in the EU under two alternative conditions: processing of personal data for the purpose of the offering of goods or services to data subjects in the EU and/or processing personal data of data subjects in the EU for the monitoring of their behaviour as far as their behaviour takes place within the EU (GDPR, Article 3 [2]). The responsibility and liability of processing personal data primarily lie on controllers of personal data. Controllers are defined as "natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data" (GDPR, Article 4 [7]). Specific obligations are also attributed to processors being "a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller" (GDPR, Article 4 [8]).

GDPR is founded on respecting basic principles of processing of personal enshrined in Article 5. The principle of lawfulness shall be described as the landmark principle constituting an obligation to process personal data based on one of the six legal grounds provisioned in the Article 6 GDPR. Legal grounds may be characterized as legal basis for the processing of personal data therefore the processing operation shall be based on consent, the performance of the contract, legal obligation, vital interest, public interest, or legitimate interest. Every legal ground shall be closely tied with the purpose (reason) of the processing (GDPR, Article 5 (1) [b]). Determination of purposes and relevant legal grounds is alfa and omega of processing of personal data. Additionally, GDPR obliges controllers and processors with the requirements related to providing information to data subjects (transparency), data minimization, data quality, storage limitation, security, and accountability (see Hofnagle et al., 2019) .

International legal instruments recognize the protection of children's privacy. United Nations Convention on the Rights of the Child Article 16 reads: "No child shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence, nor to unlawful attacks on his or her honour and reputation." The article shall be interpreted in compliance with the "best interest of the child." At the same time, it may be concluded that the right to data protection as an integral part of the EU law shall apply to all data subjects including children.

Although GDPR represents technologically neutral regulation in terms of technologies used for processing personal data or different data subjects, specific attention is paid to children. During the drafting of the final text of GDPR, the legislator explicitly called for the special protection of children as data subjects. Reasons for the approach were strengthened by a recent survey regarding activities of children on social media (European Commission, 2019) or inadequate assessment of the dangers of providing personal data to third parties by children (European Commission, 2010) . Children are therefore protected as vulnerable data subjects deserving special attention during the processing operations in GDPR. The latter is explicitly provisioned in the Recital 38 GDPR (emphasis added): "Children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data. Such specific protection should, in particular, apply to the use of personal data of children for the purposes of marketing or creating personality or user profiles and the collection of personal data with regard to children when using services offered directly to a child. The consent of the holder of parental responsibility should not be necessary in the context of preventive or counselling services offered directly to a child." Although the aforementioned recital expressly calls for specific protection of children concerning direct marketing or profiling, the protection as such is not limited to these purposes (Article 29 Data Protection Party, 2017a). Protection of personal data of children shall be perceived and interpreted in compliance with the best interest of the child (Charter of the fundamental rights of the European Union, n.d., Article 24). On the one hand, it should be noted that the better the protection of the child in terms of his or her privacy, the better the reflection of the best interests of the child. On the other hand, there may also be situations where the protection of privacy must give way to the principle of the best interests of the child, e.g., when providing data on health status during a medical examination (Article 29 Data Protection Working Party, 2009).

GDPR contains provisions related to the specific protection of children as vulnerable data subjects directly or indirectly. Direct protection is provided by the provisions of the GDPR, which explicitly concern the protection of children and directly mention this category of data subjects. Use of a legal ground of legitimate interest (GDPR, Article 5 (1) [f]) serves as an example of such provision. Another example is represented by specific requirements for the so-called digital consent of a child in Article 8 that is examined in the following section. Further illustrations include obligations related to the provision of information regarding personal data (GDPR, Article 12 [1] ) or the right to erasure (GDPR, Article 17 (1) 

Indirect protection is provided by the provisions of the GDPR, which, although not directly related to the processing of children's personal data, their interpretation or the application in practice considers their status as vulnerable data subjects. This is true e.g. in the case of processing sensitive personal data in the United Kingdom where the British data protection authority requires careful assessment of necessity when sensitive personal data of children are processed (Information Commissioner Officer, 2018) . The same shall be towards the mechanism of data protection impact assessment (GDPR, Article 35) where the processing of personal data about vulnerable data subjects represents a criterion of high risk (Article 29 Data Protection Working Party, 2017b; GDPR, Recital 75). Another option of indirect protection of children is the possibility for EU Member states to seize the open clause related to provisions concerning data protection officers according to Article 37 GDPR. Member states may require obligatory designation of data protection officer when personal data of children is processed or if processed by organizations responsible for agenda related to children e.g., special ombudsman for children or public authorities with agenda of social issues or education.

The provision of digital consent by children is one of the most discussed issues within GDPR. The provision also represents one of the open clauses left to the discretion of Member states to regulate in line with national data protection culture and protection of children. Article 8 (1) GDPR reads: "Where point (a) of Article 6(1) applies [legal ground of consent for processing personal data], in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old."

Article 8 does not cover the consent of children in general. Instead, it applies in very limited circumstances. Firstly, the consent of a child shall be given in connection with the provision of information society services. The applicable definition of information society services is provided in Article 1 (1) (b) of the EU Single Market Transparency Directive 2015/1535: "any Information Society service, that is to say, any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services. For the purposes of this definition: (1) 'at a distance' means that the service is provided without the parties being simultaneously present; (2) 'by electronic means' means that the service is sent initially and received at its destination by means of electronic equipment for the processing (including digital compression) and storage of data, and entirely transmitted, conveyed and received by wire, by radio, by optical means or by other electromagnetic means; (3) 'at the individual request of a recipient of services' means that the service is provided through the transmission of data on individual request." The definition typically covers the use of social media, mobile applications, or cloud computing services. Although educational platforms and video-conferencing tools are often provided without remuneration, they fall under the definition of the information society services because the requirement of the remuneration shall not be interpreted strictly. Remuneration may be represented by income from advertising or personal data analysis (European Court of Justice, 2014) . This in practice means that even in cases where users do not directly pay for using a service, it still may fall under the notion of information society service within the meaning of the EU law.

Secondly, Article 8 GDPR requires that the information society service is offered directly to the child. This condition shall not be read in a manner that only specific services for children are covered. On the contrary, if the service is provided to adults and children as well, Article 8 applies. This is especially true in terms of social media or videoconferencing platforms used for educational purposes.

The criteria for legal consent under GDPR apply similarly to the digital consent of children. Based on article 4 (11) GDPR, the consent with processing of personal data shall be "freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her." These requirements in practice mean that the data subject shall be informed about the processing of personal data in advance and there shall be no imbalance between the controller and a data subject. Furthermore, there should be a clear indication of the consent given and consent shall be given for the specific purpose of the processing of personal data (Article 29 Data Protection Working Party, 2017b).

The same provision further stipulates that in cases where the child is below the age of 16, the lawfulness of processing is ensured only when the consent is given or authorized by the holder of parental responsibility for the child. Specific exceptions apply to the context of preventive or counselling services offered directly to a child (GDPR, Recital 38). In that case, consent of the holder of parental responsibility is not necessary.

As mentioned earlier, Member states might opt to lower the threshold for digital consent to 13 years. However, not all Member States have set the child's digital consent threshold as high as possible (Table 1 ). If we look at the comparison below, most EU Member States have set this threshold lower:

• 9 countries have set a limit at the age of 13; • 6 countries have set a limit at the age of 14; • 4 countries set a limit at the age of 15; • 9 countries have set a limit at the age of 16.

What about cases, where the user of information society service is below the threshold set out by national law? In this case, the controller is obliged to make reasonable efforts to verify in such cases that consent is given or authorized by the holder of parental responsibility for the child, taking into consideration available technology (GDPR, Article 8 [2]). This means that the provider of the educational applications (or educational institution) shall verify the reliability of the consent and parental rights in case of digital consent of children. An interesting case emerged in the Netherlands where pictures of a grandchild were published on the social network without the consent of the rightsholders (parents) by the grandmother of the child. The Dutch court ordered the photo of the child to be removed due to consent issues and prohibited the grandmother from publishing other pictures of the child (Rb. Gelderland, 2020) . The provision in question has been the subject of critical debate (see the discussion below).

Lastly, Article 8 GDPR is without prejudice to the national contract law such as the rules on the validity, formation, or effect of a contract concerning a child (GDPR, Article 8 [2]). Rules for digital consent may be different from prerequisites for the formation of a In practice, situations may arise when a child provides digital consent in connection with the use of information society service, but consenting is not sufficient as special requirements for the formation of the contract (accepting terms and conditions) of the service applies. The conclusion of the contract shall be invalid due to national rules. This is relevant in cases where the core purpose of digital applications (using a service) is based on the legal ground of the performance of the contract.

All forms of discrimination in access to education are prohibited under the Slovak Education Act (School Act, 2018). The Slovak Education Act also refers to a special regulation, namely the Anti-Discrimination Act (Act on Equal Treatment, 2004), which regulates the principle of equal treatment in the field of education. Pursuant to the Anti-Discrimination Act, all persons have the right to protection against discrimination for demonstrative reasons, including ethnicity, language, or social origin. There is no legal definition of these discriminatory grounds in the Slovak legal system. It is, therefore, necessary to proceed primarily from a grammatical interpretation and to interpret those terms as broadly as possible in order to extensively protect discriminated subjects. We consider the most problematic discriminatory ground to be the social origin, as it is a relatively comprehensive concept, which includes, in particular, the insufficient economic conditions of origin i.e., the poverty of the subject. However, this does not manifest itself only on a material level but has far-reaching consequences for the development of the individual and his integration into society. It affects one's health, social habits, and education.

The discriminatory grounds of language and ethnicity are given relatively wide scope in the case-law of the European Court of Justice as well as the European Court of Human Rights (e.g., Gaygusuz v Austria, Birk-Lévy v. France, Glimmerveen and Hagenbeek v the Netherlands) while discrimination on the grounds of social origin is almost non-existent in court decisions (Sabján, 2020). The decision of the European Court of Human Rights in the case of D. H and others v. The Czech Republic can be considered ground-breaking (Sabján, 2020). The Court found that the difference in treatment between Roma children and non-Roma children was not objectively and reasonably justified, the discrimination ground being ethnicity. In the decision in question, the court recognized the social origin of Roma children, who were systematically placed in special schools, as only one of the reasons contributing to such discrimination due to ethnicity in access to education. However, the court did not define social origin as a discriminatory ground any further. We believe that the absence of a definition of discriminatory grounds is not a burden, but rather contributes to a more extensive possibility of protection, because, as we have stated, poverty has far-reaching consequences that go beyond the material level. However, we are convinced that a greater number of court decisions and established European case law in this area would help the uniform decision-making of national courts and contribute to legal certainty.

There is no doubt that the access of Roma children to education is marked by their social background, which results in insufficient technical equipment as well as an unsuitable environment and resources for education. During the COVID-19 pandemic, the negative effects have deepened and the years that students lose in the absence of proper teaching will be reflected in their economic situation in adulthood (The Ministry of Education, Science, Research, and Sport of the Slovak republic, 2020a). In this respect, not all primary school pupils are equal, but more than 40,000 (majority of them being of Roma origin) of them suffer from indications of their social origins in education as well. Education is guaranteed by the constitution, hence the state should also provide pupils from socially disadvantaged backgrounds with access to education during a pandemic. It is not possible to rely on the support of the parents of these pupils, many of whom are illiterate, do not have basic digital habits, and do not know how to work with computers or other technology. From the author's point of view there is thus direct discrimination against predominantly Roma children on the grounds of social origin in access to education, which is secondarily reflected in their adulthood when excluded in professional or social life.

As analyzed above, GDPR makes the processing of personal data of a user of digital platforms including video conferencing tools conditional on consent or agreement with the contract. In Slovakia, consent cannot be given by a person under the age of 16 on their own but must be given by their parent or legal guardian. Consent also applies to many digital platforms that students use in online learning. As statistics show that a significant percentage of adult Roma citizens are illiterate or digitally uneducated, it cannot be ruled out that they will refuse to give consent on behalf of their children. Thus, Roma pupils can be divided into three categories, namely:

-pupils who have access to online education and can use it with the consent of the legal representative; -pupils who could have access to online education but do not have the consent of a legal representative; -pupils without access to online education.

In the case of the third category of Roma pupils without access to online education, we consider that to be discrimination on the grounds of social origin. According to Amnesty International, there is no doubt that ethnicity plays a significant factor in the conditions in which Roma children live, but from our point of view, it is not the primary reason for direct discrimination in access to education concerning the availability of technical equipment and internet connection (Amnesty International, 2007) . We are convinced that it is poverty and the consequences associated with generational poverty that prevent Roma pupils from fully participating in the online educational process, which in our opinion should be compensated by the state. It should be recalled that in 2015, the European Commission filed a lawsuit against the Slovak Republic for violation of the prohibition of discrimination in access to education for Roma children (European Parliament, 2020) . The remedy arranged by the Slovak Republic concerned the primary change in legislation and methodology in the area of inclusion of Roma children in special schools.

The second category is Roma pupils who, although they have access to online education to a certain extent, do not have the consent of a legal representative to use applications or technical equipment as such. The Slovak Republic does not collect data on the presented problem; therefore, it is not possible to unambiguously determine how many Roma pupils have been denied access to online education by legal representatives. We are of the opinion that these pupils are also exposed to discrimination, namely on the grounds of their parents' education and social background. The following decisions of the European Court of Justice demonstrate the significance of discrimination by association. The European Court of Justice ruled in the judgment C-303/06 S. Coleman v Attridge Law and Steve Law that Mrs Coleman was directly discriminated against because of her son's disability. It was therefore not a question of the discriminatory ground existence directly in Mrs Coleman but her son. Discrimination by association was further confirmed by the European Court of Justice in the judgment C-83/14 CHEZ Razpredeleine Bulgaria AD v Commission for alleged discrimination. Mrs Nikolova was discriminated against on the grounds of ethnicism, although she was not a member of the ethnic Roma minority, her business was in a locality inhabited by the Roma minority (European Court of Justice, 2015) The European Court of Justice has unequivocally stated in the judgment C-83/14 CHEZ Razpredeleine Bulgaria AD v Commission that belonging to the Roma ethnic group also clearly falls under the discriminatory ground of ethnicity. At the same time, the court stated that the discriminated person does not need to be the holder of the discriminatory ground himself, but it is sufficient if he is affected by the discriminatory ground (European Court of Justice, 2015) . It is, therefore, possible to state that Roma children who have no access to technical equipment and internet needed for online education are victims of discrimination by association due to insufficient education resulting from their parent's social origin. We believe that ethnicity itself does not constitute the primary reason for discrimination, as the ethnicity of Roma pupils is not a key determinant in refusing informed consent. It is precisely the lack of awareness of parents linked to generational poverty, which has its roots in social origin.

The COVID-19 pandemic has shown the insufficient application of state guidelines by individual regions. Despite the fact that the Ministry of Education of the Slovak Republic issued a clear recommendation for the education of pupils to be provided primarily digitally and for those pupils who do not have access to digital education, learning should be provided through worksheets, a high percentage of pupils from marginalized communities did not have access to education at all. While in western Slovakia and parts of central Slovakia, on average 10% of pupils did not have access to education through digital technologies, in eastern Slovakia, where the vast majority of marginalized communities are located, almost 40% of pupils did not have access to online education (Spolu, 2021) . We consider it to be discrimination against students who could not receive digital education. Their classmates with access to computers and the internet were able to be educated during the pandemic and remain at least in partial social contact with their peers. We are convinced that schools that did not educate pupils without internet access are responsible for their discrimination, comparable group being classmates of these pupils.

As the Government Office of the Slovak republic states, a year lasting formal education will raise the living standards of children and increase their income by 7.5%-10% in their adulthood (Government Office of the Slovak Republic, 2021). Even before the pandemic, pupils from marginalized communities had difficulties in their professional life. The absence of education, which lasted more than a year in the Slovak Republic, dramatically reduces their chances for a better future and condemns them to generational poverty and discrimination on the grounds of social origin (Figures 1 and 2) .

The issue with digital services provided for educational purposes to children from marginalized communities has several layers of potential obstacles from the point of data protection law. Firstly, it shall be noted that processing of personal data within educational applications may be conducted on several legal grounds as foreseen by Article 6 GDPR. For the sole purpose of using digital applications, the performance of a contract is a usual legal ground seized. This is because the user agrees with the terms and conditions of the digital service de facto forming a valid contract (European Data Protection Board, 2019). Secondly, related processing operations may be based on the consent of the data subject. Processing of personal data based on consent usually involves purposes like direct marketing or forms of behavioral targeting (Article 29 Data Protection Working Party, 2017a).

Specifically, in the context of children, when the processing is based on a contract, two aspects shall be emphasized. On one hand, the age of valid agreement of a child for the formation of a contract is a matter of national laws. In the absence of the child´s legal subjectivity for the formation of a contract, the consent of the rightsholder is required to form a valid contract. In the case of educational digital services, this may pose a serious threat to children from marginalized communities, especially Roma. This is mainly due to a lack of intellectual maturity as prescribed by law for concluding contracts. On the other hand, the digital literacy of the rightsholders in case of lack of intellectual maturity is the matter as well because of insufficient education or marginalization. The result is that children from marginalized communities may be deprived of using digital educational applications due to the issues mentioned above.

Secondly, if the processing is based on consent as a legal ground, practical issues are similar to cases of processing of personal data based on the contract. When the child is not old enough to legally provide consent (the age varies from country to country), the consent of the right holder is required. For the controller, the requirement of various ages for consent represents the obstacle as it has to assess different legal regimes for fulfilling legal requirements for obtaining consent (Buitelaar, 2018) . However, as some other Member States including Belgium have pointed out in implementing the opening clause, setting an age limit too high can affect children's access to digital services and their personal and intellectual development (Macenaite and Kosta, 2017) . Similar considerations were also reflected by the legislator in the Czech Republic. It can be emphasized that "parental control" of consent to digital services can weaken the rights of the child and limit his or her development. This conclusion is based mainly on two factors being the insufficient digital literacy of parents and the practical impossibility of verifying parental consent from the perspective of controllers (McCullagh, 2017) . At the same time, it is emphasized in the literature that the EU Member States should carry out an impact assessment when determining the age, as determining too young age may reduce child protection. On the contrary, determining too old age may create conflicts of interest between parental rights holders and adolescents especially in cases of overly invasive parental interference with adolescent privacy during puberty (McCullagh, 2017) .

As mentioned above, the consent shall be used for different processing operations than "pure" use of the digital service. Consent is usually required for direct marketing and related purposes. From this point of view, children not consenting for such a purpose due to insufficient age may be deprived of the offer of other educational applications that may stimulate their growth. The same conclusion applies in the case of rightsholders not providing consent.

However, the use of legal grounds of consent and performance of the contract is often incorrectly used as many providers of digital services use them vice-versa. Even guidelines from European Data Protection Board provide an example of a gaming platform asking for the child´s consent based on the article 8 GDPR (instead of the performance of the contract) to ensure the use of the service by adult users (Article 29 Data Protection Working Party, 2017a). Furthermore, the issue is more complex when it comes to the responsible entity for requiring consent. Although the determination of specific roles according to GDPR shall be attributed due to factual circumstances, providers of digital educational applications position themselves to the role of the processor. If this is the case, it is the responsibility of the educational organization (school) to obtain valid consent for processing (see for example Microsoft, 2018) . This may represent another specific burden in the case of marginalized communities.

The doctrine provides several recommendations in connection with the issues discussed above. The most natural option seems to be represented by setting the uniform threshold for digital consent in GDPR and harmonization of the age of children for the formation of contracts across the EU. However, this approach would clash with respective national legal cultures and different perceptions of child´s subjectivity across the EU. The latter was visible during the negotiations of the exact threshold in article 8 GDPR (Macenaite and Kosta, 2017) . Furthermore, the issue of insufficient intellectual maturity may still present an obstacle in some member states regarding marginalized communities. Other options range from technological solutions for consent verification to putting more emphasis on controllers in terms of authorization of consent of children or parental holders (Macenaite and Kosta, 2017) . Indeed, these solutions would alter the situation with digital consent in general. On the other hand, it does not deal with specifics of educational applications in the environment of marginalized communities. From this point of view, a more specific approach is needed. As Slovak antidiscrimination legislation is based primarily on European Union law, our proposal concerns changes at the European level. To restrict the obstacle of digital consent or insufficient maturity in the case of distance education, two inter-connected suggestions shall be made.

Firstly, the regime for using digital educational applications shall be similar to preventive or counselling services offered directly to a child where consent of the rights holder is not necessary. The legislative approach may use a specific open clause for EU member states to provision the use of digital educational apps under the obligation of allowance of the "consent or agreement free" use. Another possibility is to explicitly mention the specific regime in the text of GDPR. This approach would restrict the burden of digital consent or consent of the rights holders in the case of digital educational applications and allow children from marginalized communities to access the educational services from the data protection view. Secondly, the digital literacy of the marginalized communities shall be revalued and strengthened.

Presented statements are also supported by the Digital Education Action Plan for 2021-2027/hereinafter referred to as "DEAP"/adopted by the European Commission. Studies on DEAP have shown that in less developed areas of the European Union, up to 26% of households do not have access to digital technologies. At the same time, these studies have confirmed that the socio-economic situation of parents plays an important role in the digital education of their children (European Union, 2020). Parents with a university degree had a better ability to help their children during online education and they can provide them with the needed resources. Under the DEAP, teachers and schools should implement digital education fairly and effectively, without any discrimination or differential treatment. The main goal of DEAP is to strengthen digital skills, implement digital education as an integral part of the educational process and ensure access to digital education for all (European Union, 2020) . DEAP unequivocally confirms the authors' thesis that students from weaker socio-economic backgrounds living in marginalized communities have difficult or impossible access to digital education, which puts them at a comparative disadvantage to peers. We, therefore, consider it crucial that the countries of the European Union adopt a strategically uniform approach and ensure access to education, including digital education, for all pupils with compulsory schooling. We consider education to be the only way to suppress the adverse consequences of living in marginalized communities and to prevent a cycle of recurring generational poverty.

The article focuses on the issue of the provision of digital education in marginalized communities, especially Roma during the COVID-19 pandemic in Slovakia. As official numbers from public authorities show, the right to education may be an illusion in the case of children from marginalized communities. This conclusion was only highlighted during the first wave of coronavirus and the provision of distance education that was not accessible for children from marginalized communities.

What is more, the provision of digital education is directly dependent on the processing of the personal data of children. This dependency means that EU data protection law represented by General Data Protection Regulation applies. Specific rules on agreement with a contract and digital consent are applicable triggering further requirements for using digital educational applications. However, these obligations require a certain level of digital literacy that is a complicated factor within marginalized communities opening the option for creating another level of obstacles in the access to education. As discussed, the issue with the age threshold for valid formation of the contract or provision of digital consent may result in discrimination based on the origin following the rationale of the decisions of the European Court of Justice. This is especially visible in the case of Roma children who have no access to technical equipment and internet needed for online education as they might be victims of discrimination by association due to insufficient education resulting from their parent's social origin.

Our recommendations are presented in three areas. Firstly, the generation poverty shall be fiercely tackled by public authorities as practice with digital education during the COVID-19 pandemic shows the insufficient application of official guidelines. Secondly, the approach to the use of digital educational applications shall be more specific or exclude these applications from specific rules on digital consent or formation of the contract. Thirdly, the strategic approach to education and digital literacy shall be one of the priorities of the state to combat the issue of generational poverty in the case of marginalized communities.

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/ or publication of this article.

The author(s) received no financial support for the research, authorship, and/or publication of this article.

Matúš Mesarčík  https://orcid.org/0000-0003-3311-5333

Note

on the Protection of Individuals with Regard to the Processing of Personal Data

Act on the Implementation of the General Data Protection Regulation

Providing for the Protection of Natural Persons with Regard to the Processing of Personal Data and for the Free Movement of Such Data

502 of 23 May 2018 on Supplementary Provisions to the Regulation of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data

Personal Data Protection Act

78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties

Federal Data Protection Act

PDF; Hungary, Information Self-Determination and Freedom of Information Act

Irish Data Protection Law

9042678; Latvia, Personal Data Protection Law of 21

on the organisation of the National Commission for Data Protection and implementation of Regulation (EU) 2016/679 of the European Parliament

on the protection of individuals with regard to the processing of personal data and on the free movement of such data

Act of 10 May 2018 on the Protection of Personal Data

Coll. on the protection of personal data and on amendments to certain acts

94/07 on Protection of Personal Data

Spanish Data Protection and Digital Rights Act 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights

218) with supplementary provisions to the GDPR

The Act No

Opinion 2/2009 on the protection of children's personal data (General guidelines and the special case of schools)

Article 29 Data Protection Working Party (2017a) Guidelines on Consent Under Regulation

Guidelines on Data Protection Impact Assessment (DPIA) and Determining Whether the Processing is

Slovensko: Nerovný prístup rómskych detí k vzdelaniu

Dištančné vzdelávaniežiakov zo sociálne znevýhodneného prostredia počas prvej vlny pandémie koronavírusu na Slovensku

Child's best interest and informational self-determination: what the GDPR can learn from children's rights

Judgement of the European Court of Justice in Case C-291/13 of 11 September 2014 Sotiris Papasavvas v O Fileleftheros Dimosia Etaireia Ltd and Others

Judgement of the European Court of Justice in Case C-83/14 CHEZ Razpredelenie Bulgaria AD V Komisia Za Zashtita ot Diskriminatsia

Judgment of the Court in Case C-582

Judgment of the Court in Case C-434/16 of

Diskriminácia Rómov v prístupe k vzdelávaniu

Vzdelávanie: situácia Rómov v 11členskýcȟ státoch EÚ. Prieskum zameraný na Rómov -kľúčovéúdaje

Towards a Safer Use of the Internet for Children in the EU -A Parents

Communication From the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of The Regions. A Comprehensive Approach on Personal Data Protection in the European Union

Guidelines 2/2019 on the Processing of Personal Data under Article 6(1)(b) GDPR in the Context of the Provision of online Services to Data Subjects. Version 2.0

The social and employment situation of Roman communities in Slovakia

European Union (2020) Digital Education Action Plan

Consent to use data on children

Government Office of the Slovak republic (2021) Obmedzenáškola, obmedzená budúcnso

The tragedy of the digital commons

The European Union General Data Protection Regulation: What it is and what it Means

Available at: https://ico.org.uk/ for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulationgdpr/children-and-the-uk-gdpr

Consent for processing children´s personal data in the EU: following in US footsteps? Information &

The general data protection regulation: a partial success for children on social network sites

The GDPR, our children, and our schools

OECD (2021a) Poverty rate. Available at

The State of School Education One Year into the COVID Pandemic

Summary and translation of the decision

Sabján N (2020) Interpretácia pojmu "sociálny pôvod" v kontexte antidiskriminačného práva. Bratislava: COMENIUSčasopis, 3/2020

Education, Audiovisual and Culture Executive Agency

Slovensko je rozdelené na dvečasti a vláda jednu z nich hádže cez palubu

What is data justice? The case for connecting digital rights and freedoms globally

The Ministry of Education, Science, Research, and Sport of the Slovak republic (2020a) Možnosti dištančného vzdelávania

Research, and Sport of the Slovak republic (2020b) Dǒ skolských lavíc zasadne 692 950žiakov

The Public Health Authority of the Slovak republic (2020) Plán riešenia ochorenia Covid-19 v marginalizovaných rómských komunitách