Mandatory health education supports the protection of privacy and fundamental rights
The introduction of mandatory health education addresses the real needs of young people and constitutes one of the key elements in protecting their health (physical, mental and social) as well as their privacy and fundamental rights.
The President of the Personal Data Protection Office (UODO), Mirosław Wróblewski, indicated in a letter to the Minister of National Education that information on personal data protection is already present in school subjects such as IT, ethics, civic education and health education. However, this subject matter needs to be further developed and given greater prominence, primarily due to the rapidly increasing number of threats in the digital world. It should also be recalled that the GDPR provisions emphasise the need to provide special legal protection to the youngest members of society.
· Children lack full awareness of digital threats and often, without much reflection, share sensitive information about themselves — for example in online games — click on suspicious links, install malicious applications, and share photos and personal data with strangers.
· Children's data is used to create fake profiles subsequently exploited for fraud, phishing, and cyberbullying, which can lead to legal and reputational consequences.
· Children are frequently targeted by phishing attacks. A child, unaware of the significance of the situation, may enter their login credentials on a fake website, lose access to their account, or inadvertently give a criminal access to their parent's payment card details.
· Children and young people sometimes struggle to distinguish advertisements from news, fiction from information, and often cannot properly evaluate content appearing on social media and digital platforms. This is compounded by deepfake technology, which enables the creation of false content (images, audio, video) that can negatively influence the behaviour of both individual users and social groups.
The case of schoolmates posting an AI-generated nude image of a female student online, or the posting of a nude image of a female teacher beneath her social media post — both of which were reported to the Public Prosecutor's Office by the President of the Personal Data Protection Office — are striking examples of how dangerous this technology can be in the wrong hands. This underscores the need for heightened attention to personal data protection.
· Another dangerous phenomenon is child identity theft — a growing and particularly serious type of crime. Children do not monitor their financial history or activity, meaning the crime can go undetected for many years. The consequences of child identity theft may include psychological stress and trauma, risk of further victimisation, reputational damage, and delayed financial problems that emerge once the child reaches adulthood.
1.4 million children online
The President of the Personal Data Protection Office cited data from a report on monitoring children's activity in the digital environment, presented at a session of the Parliamentary Committee on Children and Youth on 6 November 2025. The report, entitled "Children's Internet," recorded a concerning and persistent presence of children in the digital world — affecting 1.4 million children in Poland before they even reach the age of 13. Among the more than 2 million children aged 7–12 in Poland, nearly 800,000 use TikTok, over 500,000 use Facebook, 400,000 use Instagram, over 700,000 use Messenger, and the same number use WhatsApp. Also of concern — nearly one million of the children surveyed, aged 7–14, had visited a pornographic website at least once.
In light of the above, as the President of the Personal Data Protection Office emphasised, the introduction of mandatory health education as a school subject creates an opportunity to prominently feature content related to personal data protection and to establish it as a starting point for discussing other equally important issues. The lasting and systemic inclusion of personal data protection and the right to privacy in the educational process, in the context of children's and young people's mental wellbeing, is of the utmost importance. It should be regarded as an element of systemic prevention — aimed at preventing violations of children's rights before they occur, rather than merely responding to them after the fact.
Digital education around the world
Measures to improve the education of children and young people align with the objectives of Reform26. Tomorrow's Compass — prepared by the Ministry of National Education — which, in light of global trends, demonstrates that the right direction has been chosen for curriculum reform in Polish schools. It also strengthens the case for providing comprehensive mandatory education across all primary and secondary schools.
For example, in the United States, California introduced mandatory media literacy education into the California Education Code in 2023. The State of California is currently working on a bill concerning digital health and the expansion of digital wellbeing classes. Australia has developed a national framework for safe education. "Online safety" promotes a whole-school approach, where safe internet use and critical engagement with digital content are taught across various subjects.
In Ireland, an Online Safety and Media Regulation Act has been in force since 2022, which — together with the SPHE (Social, Personal and Health Education) curriculum and the Junior Cycle SPHE — places strong emphasis on educating children and young people on how to navigate the digital world safely. As in Australia, online safety is fully integrated into the school curriculum.
Portugal has ensured that students receive education on safe use of the internet and new media — from preschool through to secondary school — as part of media literacy and civic education. Media literacy in that country is an integral part of civic education, covering not only the technical skills of using digital tools, but above all the analysis, evaluation and creation of media messages, as well as resilience to disinformation.
Schools in the United Kingdom teach online safety under a 2023 act, delivered within the framework of health education, computing and citizenship education. In the UK, these three areas appear together in the context of modern curricula: health education refers to physical and mental wellbeing, computing covers the development of digital skills, programming and online safety, while citizenship education encompasses knowledge of rights and responsibilities and engagement in civic matters — including in the digital dimension.
Also noteworthy is the position of the UN Committee on the Rights of the Child, which monitors the implementation of the Convention on the Rights of the Child adopted by the UN General Assembly on 20 November 1989. In recommendations issued on 4 March 2025, the Committee called on Poland to strengthen the protection of children's rights in the digital environment. It recommended that digital skills be taught throughout the entire period of education — from preschool to its final stage — with emphasis on risks, content, and the responsible use of digital tools.
Health education is an important element in building students' resilience to digital threats. Its introduction as a mandatory school subject represents a significant step towards achieving the fundamental educational and upbringing goals of schools, and serves to protect the rights, safety and wellbeing of students in an environment where new technologies play an ever-increasing role.
DEI.730.1.2025