Additional protection is granted to this type of personal data since children are less aware of the risks and consequences of sharing data and of their rights. Any information addressed specifically to a child should be adapted to be easily accessible, using clear and plain language.
For most online services the consent of the parent or guardian is required in order to process a child’s personal data on the grounds of consent up to a certain age. This applies to social networking sites as well as to platforms for downloading music and buying online games.
The age threshold for obtaining parental consent is established by each EU Member State and can be between 13 and 16 years. Check with your National Data Protection Authority.
Companies have to make reasonable efforts, taking into consideration available technology, to check that the consent given is truly in line with the law. This may involve implementing age-verification measures such as asking a question that an average child would not be able to answer or requesting that the minor provides his parents' email to enable written consent.
Preventive or counselling services offered directly to children are exempted from the requirement for parental consent as they seek to protect a child’s best interests.
Parental consent required
You have a 12-year-old daughter. She would like to join a popular social media network and is asked for consent to process information about her religion. You would need to give your consent in case you want her to join that social media network.
Parental consent not required
Your 17-year-old son is considering participating in an online survey about his clothes consumption patterns. The website requests consent to process his data. As he is over 16, he can give his consent without asking for yours.
- Article 8 and Recitals (38) and (58) of the GDPR