The Law Library recently published a new report on the protection of children online. The report, titled Children’s Online Privacy and Data Protection, surveys ten jurisdictions on the special measures they have put in place to protect children online. The jurisdictions are the European Union (EU) member states of Denmark, France, Germany, Greece, Portugal, Spain, Sweden and Romania, the non-EU member United Kingdom (UK), and the EU itself.
On May 25, 2018, the General Data Protection Regulation (GDPR) took effect in all EU member states. It is also still in force in the UK following Brexit, as it is part of the “retained EU legislation” that still applies as domestic law there. The GDPR allows for the processing of personal data in a number of cases, including through consent (GDPR art. 6). While the GDPR sets the age of consent for minors at 16, i.e., the age for when parental consent to the processing is not needed, member states may elect to lower the age of consent to as low as 13. In the surveyed jurisdictions the age of consent for data processing of personal information is 13 in Denmark, Sweden, Portugal, and the UK, 14 in Spain, 15 in France and Greece, and 16 in Germany and Romania.
In 2020, the UK issued a compliance code specifically designed to protect children online: Age Appropriate Design: A Code of Practice for Online Services. Introduced in September 2020, it will enter into force in September 2021, after a 12-month transition period. To date, it is the only country to have issued such a code. As described in the report:
“The Code aims to put children’s interests first and protect them from within the digital world. It is comprised of 15 design standards, firmly placing responsibility on information society services to “take responsibility for ensuring that the way their services use personal data is appropriate to the child’s age, takes account of their best interests, and respects their rights.”
The other countries surveyed have issued limited guidance pertaining to the protection of children, but these documents are not as comprehensive as the UK code.
The law on the protection of children online continues to be a developing area, and the EU is planning on adopting additional protections targeting the sexual abuse of children online, and has called for proposals for a pilot project for a specific children’s rights mechanism based on the GDPR.
The Law Library’s full report is available in PDF here.
Additional reports published by the Law Library are available online here. For an overview of the GDPR, see Jenny’s blog post from 2018 Personal Data Protection and the EU GDPR.