Table of Contents
Understanding Article 8 of GDPR
Article 8 of GDPR relates to the conditions applicable to a child’s consent in relation to information society services.
Consent of a child of at least 16 years of age (Article 8(1) GDPR)
When the processing of personal data is based on consent in regards to the offer of information society services, a child who is of 16 years of age or more can give lawful consent.
If the child is below the age of 16, then the parents of the child or those who have the legal responsibility of the child should give their consent for the child.
GDPR authorizes each European country to legislate with respect to the proper age of a child’s consent provided that at no point in time the set the bar below the age of 13.
Controller’s responsibility to verify consent (Article 8(2) GDPR)
In consideration of the available technology and based on reasonable efforts, the data controller should verify that consent is given by the proper person on behalf of the child.
Contract law application (Article 8(3) GDPR)
The third paragraph of Article of GDPR outlines that the general contract law of each country member of the EU should not be affected by Article 8(1) as it relates to the validity, formation and consequences of contracting with a child.
Recitals applicable to Article 8 of GDPR
Relevant Recitals: 38
GDPR Regulation article-by-article overview
Read our comprehensive overview of the GDPR Regulation, article by article, where we summarize each of the 99 articles contained in GDPR to give you a complete understanding of its content.
Cited Legislation
None
GDPR Text: Article 8 of GDPR and Relevant Recitals
GDPR Text Source: EUR-Lex
Official GDPR Text: General Data Protection Regulation
Official GDPR Title: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), corrected by Corrigendum, OJL 127, 23.5.2018, p. 2 ((EU) 2016/679)