The EU General Data Protection Regulation (GDPR) passed and looks like COPPA isn’t going to be the toughest rule to deal with anymore. The EU is taking it up a notch causing a good bit of alarm for companies that target or attract minors under the age of 16.
Organizations need to become familiar with the provisions of this regulation and start to plan necessary changes by the time the GDPR goes into force on May 25, 2018.
The GDPR has set the age of consent at 16, so users 15 years and younger need parent consent where applicable. However, member states can choose a younger age down to 13.
Developers will need to prove that where they gain consent is valid, that it is informed and granular and that they have methods in place to allow parents to exercise their rights in relation to their children. This may require parent dashboards or a parent portal to allow for the management of consent and revocation.