Where We Work
Central and Eastern Europe
Russia and the CIS
Southeast Europe and Turkey
Switzerland and Austria
Czech Republic & Slovakia
United Arab Emirates
Banking & Finance
Competition & EU Law
International HR Services
Privacy and Data Protection
Public Projects and Procurement
Regulatory and Administrative
Restructuring and Insolvency
Trade and Customs
Aerospace, Defence & Security
Energy & Utilities
Life Sciences and Healthcare
Media, Entertainment and Sport
Retail and Consumer
Technology & Communications
News & Events
Bird & Bird
General Data Protection Regulation
As regards child's consent in relation to information society services, Sec 4 (4) ADPA lowers the minimum age to 14 years.
Section 7 sets the age of consent for children in relation to offering of information society services at 15 years of age.
§ 6(3) lowers the age of consent to 13.
According to the proposed Data Protection Act, the age limit for consent is 13 years. Both options, the age limits of 13 and 15 years, were considered, but in the end the decision was based on the comments received during the consultation phase as well as on the decisions made by other Nordic countries.
In relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 15 year old. Where the child is below the age of 15 year old, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental authority. However, this provision may change depending on the ruling of the Constitutional court as the Senate wanted to set the age of majority to 16 year old.
Under section 31 of the Act, the age at which a child may consent on their own behalf to processing in relation to information society services is 16 years of age. Within three years of the Act coming in to operation, the Minister for Justice and Equality must commence a review of the age of digital consent.
Pursuant to Section 2-quinques of the IDCA, as amended by means of the Scheme, in relation to the information society services, the consent is valid and lawful whether it has been provided by a minor at least of the age 16 years. (= no deviation from GDPR benchmark).
Furthermore, pursuant to the aforementioned Section, under the age of 16 years the consent still has to be given by the holder of parental responsibility but it's been removed the possibility to give an authorization referred to in Section 8, 1) GDPR.
16. No derogation The Dutch legislator has chosen to uphold the age of consent for children at 16 years.
Expect new legislation to decrease to 13.
Draft Bill lowers to 13 years old. Article 7 of the Spanish Data Protection Draft Bill states that minors above 13 years old can effectively give their consent for the processing of their personal data. The processing of personal data from children under 13 requires the consent from parents or guardians.
Article 8(1) of the GDPR states that where the offer of “information society services” is made directly to a child, and the legal basis for the processing of that child’s data is consent per Article 6(1)(a) of the GDPR, the processing will only be lawful where the child is at least 16 years old.
Article 8(1) further provides that:
• Where the child is below 16 years of age, the processing will only be lawful if consent is given or authorised by a person with parental responsibility over the child; and
• Member States may provide for a lower age of consent in the context of processing for information society services, provided that this is not lower than 13 years of age.
The Data Protection Act
Section 9 of the Act deals with child consent in relation to information society services. It provides that, in the UK, children of 13 years or age or older can give their consent to such processing. Children under the age of 13 will require the consent of a parent or guardian for the processing – provided that consent is relied upon as the legal basis..
Notably, section 9 makes clear that the reference to “information society services” does not include preventative or counselling services – that is, children under 13 years of age will be able to give their consent to processing for those services.
Section 123(1) of the Act states that the Information Commissioner must prepare a code of practice on standards of age-appropriate design of relevant information society services which are likely to be accessed by children.