(Original post by ThomH97)
Should a guardian be permitted to the same GDPR rights as the children they are responsible for?
Under GDPR, businesses are required to do more to protect children. This goes both ways. On one hand, there are limits on what children can consent to. It's not an easy thing to verify of course. But default GDPR states 16 as the age of consent, although member states can adjust this as necessary. I don't remember what the UKs stance on this is, as I remember issues around grooming and sexual exploitation when the age is moved to 16. But in this scenario she was 14, so a parent/carer should be somewhat involved based on default GDPR.
The other side of this is that children's data needs to be well protected. GDPR states parental consent must be given under a certain age but doesn't necessarily say that parents are entitled to the data. Allowing someone to use Facebook and having direct access to everything they do are not the same thing. I certainly don't think a parent should have totally unrestricted access and it's not unreasonable that children want some privacy.
It's worth noting as well that this took place in 2017, when GDPR wasn't in force. No matter what happens, it isn't subject to new laws.
(Original post by ThomH97)
Should all devices and software have a 'secret' exploit for companies to use in the event of a death to get a user's data?
No, absolutely not. Being able to access the data should not be a result of a hidden exploit, but a perfectly legitimate and open method. The obvious caveat is that it reduces security. Apple are fundamentally doing the right thing here, as every iPhone should not be compromised in order to access the very small number that may be involved in terrorist activity or child deaths. It's also worth noting that this security is not impenetrable. The police/government no doubt regularly examine iPhones with methods that aren't available to the public (for good reason). The dispute in 2016 is another example of this. The main difference is justifying the cost involved with accessing the device. The 2016 case involved terrorism, whereas this was a child suicide. I'm not saying one isn't important, but the terrorist incident is clearly far more time restricted and justifies the extreme cost that may be necessary to access the device.
However this is a good example of taking security too far at the expense of usability. I'm not going to say that Apple is wrong, but their behavior results in devices that are not accessible when they really need to be. There comes a point where security starts encroaching on functionality and Apple is walking that line. Security needs to be balanced, not blindly implemented with no thought for the repercussions.