Legal

Children's Privacy

Special data protection rules that apply when processing personal data of children — GDPR sets the baseline at age 16.

Children's privacy refers to the enhanced protections that data protection laws require when processing personal data of minors.

GDPR Rules

  • Consent for information society services (e.g. social media, apps) requires the child to be at least 16 years old (member states may lower this to 13)
  • Below that age, consent must be given or authorised by the holder of parental responsibility
  • Privacy notices directed at children must use clear, plain language

COPPA (US)

The Children's Online Privacy Protection Act (COPPA) in the United States requires parental consent before collecting personal information from children under 13.

GDPR Article 8. US: COPPA (15 U.S.C. §§ 6501–6506).

Related Terms

Personal DataPrivacy

Any information that can identify a living individual, directly or indirectly.

ConsentPrivacy

A freely given, specific, informed, and unambiguous indication of agreement to data processing.

GDPRLegal

The General Data Protection Regulation — the EU's comprehensive data protection law, effective since May 2018.

Privacy NoticeLegal

A document informing individuals about how their personal data is collected, used, and protected — often used interchangeably with privacy policy.

CPRAConsent