Last week we talked about children’s position and their rights under the GDPR and we saw that the matter of concent is subjective.
The GDPR marks a radical departure from past practice with regard to children. The Commission’s original proposal, published in the draft consultation document issued in 2012 was to recognise and establish a single EU-wide age of consent for data in law and for this to be 13. Essentially this would have entrenched the de facto status quo, forcing Spain and Holland (not to mention the UK and possibly others also) to change their existing rules. However, the proposal was thrown out at the last minute. In its place, the final version of Article 8 gave Member States a power to choose any minimum age between 13 and 16. They would do this by way of a “derogation”. In absence of such a derogation, the age became 16 automatically in May, 2018 when the GDPR took effect.
Here’s an infographic we made to define the age at which children can provide consent for the use of their personal data in each country.