The GDPR has set the age of consent at 16, meaning users 15 years and younger need parent consent where applicable. However, member states can choose a younger age down to 13.
Developers will need to prove that consent is valid, that it is informed and granular and that they have methods in place to allow parents to exercise their rights in relation to children. This may require parent dashboards or a parent portal to allow for the management of consent and revocation.
- Belgium: The DPA and Secretary of State for Privacy suggested 13. The draft Bill is still in Parliament.
- Czech Republic: They revised their draft law, raising the age from 13 to 16.
- Finland: The draft implementation act has opted for 13.
- France: Discussions are still taking place, but it is likely to be 15 or 16.
- Greece: Their draft law sets the age at 15.
*EU member states in grey are not listed yet as age of consent has not been confirmed.
Want to learn how to comply with the GDPR and how it relates to minors?