Establishes rules for processing personal data of children under the age of 16.
Definition
Excerpt
- Where point (a) of Article 6(1) applies, in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.
- Member States may provide by law for a lower age for those purposes provided that such lower age is not below 13 years.
- The controller shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology.
- Paragraph 1 shall not affect the general contract law of Member States such as the rules on the validity, formation or effect of a contract in relation to a child.
Related cases
The AEPD warned a website for failure to provide precise information about the data processing in its privacy policy.
Related deceptive patterns
The user is drawn into a transaction on false pretences, because pertinent information is hidden or delayed from being presented to them.