1. Home
  2. Legislation
  3. EU Legislation
  4. General Data Protection Regulation
  5. CHAPTER II – Principles
  6. Article 8 – Conditions applicable to child’s consent in relation to information society services
Searching...
EDPB - EDPB-EDPS Joint Opinion 03/2022 on the Proposal for a Regulation on the European Health Data Space
12 Jul. 2022
EDPB-EDPS Joint Opinion 03/2022
Download document
EDPB - Statement 02/2022 on personal data transfers to the Russian Federation
12 Jul. 2022
Statement 02/2022
Download document
EDPB - CSC Work Programme 2022-2024
6 Jul. 2022
CSC Work program 2022-2024
Download document
EDPB - Opinion 11/2022 on the draft decision of the competent supervisory authority of Poland regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR)
4 Jul. 2022
Opinion 11/2022
Download document
EDPB - Opinion 12/2022 on the draft decision of the competent supervisory authority of France regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR)
4 Jul. 2022
Opinion 12/2022
Download document
EDPB - Opinion 13/2022 on the draft decision of the competent supervisory authority of Bulgaria regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR)
4 Jul. 2022
Opinion 13/2022
Download document
EDPB - Opinion 14/2022 on the draft decision of the competent supervisory authority of Bulgaria regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR
4 Jul. 2022
Opinion 14/2022
Download document
EDPB - Opinion 15/2022 on the draft decision of the competent supervisory authority of Luxembourg regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR
4 Jul. 2022
Opinion 15/2022
Download document
EDPB - Opinion 16/2022 on the draft decision of the competent supervisory authority of Slovenia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR
4 Jul. 2022
Opinion 16/2022
Download document
CJEU – Ligue des droits humains v Conseil des ministres – C-817/19
21 Jun. 2022
Ligue des droits humains
EDPB - Response to EDRi regarding the structural and procedural enforcement of the GDPR and its work to promote and safeguard data protection
14 Jun. 2022
EDPB GDPR Enforcement Letter
Download document
EDPB - Response of the EDPB to the European Commission's targeted consultation on a digital euro
14 Jun. 2022
EDPB Digital Euro Letter
Download document
EDPB - Guidelines 07/2022 on certification as a tool for transfers - Version 1.0
14 Jun. 2022
Guidelines 07/2022
Download document
EDPB - EDPB response to the joint payments industry regarding the Guidelines on the interplay of Second Payment Services Directive (PSD2) and GDPR
12 May. 2022
EDPB Guidelines PSD2 and GDPR Letter
Download document
EDPB - Guidelines 06/2022 on the practical implementation of amicable settlements - Version 2.0
12 May. 2022
Guidelines 06/2022
Download document

Article 8 – Conditions applicable to child’s consent in relation to information society services

Paragraph 1

Where point (a) of Article 6(1) applies, in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child. Member States may provide by law for a lower age for those purposes provided that such lower age is not below 13 years.

Paragraph 2

The controller shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology.

Paragraph 3

Paragraph 1 shall not affect the general contract law of Member States such as the rules on the validity, formation or effect of a contract in relation to a child.

References

  • GDPR references
  • Fines
  • Recitals
  • Directive 95/46/EC
  • SA
  • Case-law

Infringements regarding the obligations of the controller and the processor pursuant to this article shall, in accordance with Article 83(2), be subject to administrative fines up to 10 000 000 EUR, or in the case of an undertaking, up to 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.

(38) Children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data. Such specific protection should, in particular, apply to the use of personal data of children for the purposes of marketing or creating personality or user profiles and the collection of personal data with regard to children when using services offered directly to a child. The consent of the holder of parental responsibility should not be necessary in the context of preventive or counselling services offered directly to a child.
(58) The principle of transparency requires that any information addressed to the public or to the data subject be concise, easily accessible and easy to understand, and that clear and plain language and, additionally, where appropriate, visualisation be used. Such information could be provided in electronic form, for example, when addressed to the public, through a website. This is of particular relevance in situations where the proliferation of actors and the technological complexity of practice make it difficult for the data subject to know and understand whether, by whom and for what purpose personal data relating to him or her are being collected, such as in the case of online advertising. Given that children merit specific protection, any information and communication, where processing is addressed to a child, should be in such a clear and plain language that the child can easily understand.

No Directive 95/46/EC equivalent available for this article.