Children online

Overview

Country
Last reviewed
Children online

Austria 05.06.2018 As regards child's consent in relation to information society services, Sec 4 (4) ADPA lowers the minimum age to 14 years.
Belgium 17.05.2018 n/a
Czech Republic 16.05.2018 Section 7 sets the age of consent for children in relation to offering of information society services at 15 years of age.
Denmark 22.05.2018 § 6(3) lowers the age of consent to 13.
Finland 17.05.2018 According to the proposed Data Protection Act, the age limit for consent is 13 years. Both options, the age limits of 13 and 15 years, were considered, but in the end the decision was based on the comments received during the consultation phase as well as on the decisions made by other Nordic countries.
France 22.05.2018 In relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 15 year old. Where the child is below the age of 15 year old, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental authority. However, this provision may change depending on the ruling of the Constitutional court as the Senate wanted to set the age of majority to 16 year old.
Germany 23.05.2018 No
Hungary 17.05.2018 n/a
Ireland  7.06.2018  Under section 31 of the Act, the age at which a child may consent on their own behalf to processing in relation to information society services is 16 years of age. Within three years of the Act coming in to operation, the Minister for Justice and Equality must commence a review of the age of digital consent.
Italy 17.05.2018 Pursuant to Section 2-quinques of the IDCA, as amended by means of the Scheme, in relation to the information society services, the consent is valid and lawful whether it has been provided by a minor at least of the age 16 years. (= no deviation from GDPR benchmark).

Furthermore, pursuant to the aforementioned Section, under the age of 16 years the consent still has to be given by the holder of parental responsibility but it's been removed the possibility to give an authorization referred to in Section 8, 1) GDPR.
Netherlands 17.05.2018 16. No derogation The Dutch legislator has chosen to uphold the age of consent for children at 16 years.
Poland 16.05.2018 Expect new legislation to decrease to 13.
Spain 16.05.2018 Draft Bill lowers to 13 years old. Article 7 of the Spanish Data Protection Draft Bill states that minors above 13 years old can effectively give their consent for the processing of their personal data. The processing of personal data from children under 13 requires the consent from parents or guardians.
Sweden 22.05.2018 13 years.
UK 23.05.2018 Article 8(1) of the GDPR states that where the offer of “information society services” is made directly to a child, and the legal basis for the processing of that child’s data is consent per Article 6(1)(a) of the GDPR, the processing will only be lawful where the child is at least 16 years old.
Article 8(1) further provides that:
• Where the child is below 16 years of age, the processing will only be lawful if consent is given or authorised by a person with parental responsibility over the child; and
• Member States may provide for a lower age of consent in the context of processing for information society services, provided that this is not lower than 13 years of age.

The Data Protection Act
Section 9 of the Act deals with child consent in relation to information society services. It provides that, in the UK, children of 13 years or age or older can give their consent to such processing. Children under the age of 13 will require the consent of a parent or guardian for the processing – provided that consent is relied upon as the legal basis..
Notably, section 9 makes clear that the reference to “information society services” does not include preventative or counselling services – that is, children under 13 years of age will be able to give their consent to processing for those services.
Section 123(1) of the Act states that the Information Commissioner must prepare a code of practice on standards of age-appropriate design of relevant information society services which are likely to be accessed by children.