Children’s Right To Privacy And Data Protection: Does the Article on Conditions Applicable to Child’s Consent Under the GDPR Tackle the Challenges of the Digital Era or Create Further Confusion?


  • Cansu Caglar Aston University, Birmingham


Technology and the Internet have become significant and irreversible elements of modern life. Young people are particularly active users of digital services. In recent years, the number of young Internet users has grown significantly. They tend to stay online for longer periods, and they are starting younger. While these technologies offer great opportunities and can improve daily life, every major beneficial development also has downsides. Many concerns have been raised over the emergence of internet-connected toys and wearables along with other smart devices and applications that were not necessarily developed for children’s use. Leaving aside the visible risks such as sexual abuse, insomnia, obesity, low self-esteem or addiction, there are other hidden risks such as privacy invasions and data protection violations. These occur because children using the Internet, in effect, data subjects whose information is shared collected and processed, without their knowledge of or any understanding of potential consequences. Parents may be equally unaware of the privacy and security compromises their children are making and of all the possible impacts of data processing, data linkage, and data aggregation that may affect their rights and freedoms.

Children are exposed to these privacy-invasive digital risks partly because of the increasingly commercialised nature of information society services and the age of Big Data. The European Union has given special attention to data protection concerns arising from digital services offered to children, incorporating specific provisions into the General Data Protection Regulation (GDPR). This article examines the newly incorporated requirements and concepts relating to child’s consent under the GDPR and analyses whether its protection is adequate or reflects the cognitive appraisal of a child compared to an adult.

In addition, it sets out the requirements for obtaining valid consent for data processing from the child or parent and then briefly addresses the challenges this process encounters in practice. Given the complexities in implementing and enforcing these provisions, the article asks whether these requirements are sufficient to ensure children’s rights and freedoms are protected. It evaluates whether the Regulation and its principles are failing to keep pace with the changing nature of technology.






Refereed Articles