2.3. Consent from minors

The special status of minors must be taken into consideration when requesting consent from them. When requesting consent, the controller should consider whether the underage participant is capable of understanding the effects of the processing of their personal data. The controller should also take into account the vulnerable position of underage participants in relation to the controller. If consent is being requested from a child, special attention must be paid to clear and plain language.

In case of offering social media and other applications directly to children, the child must be at least 13 to consent to the processing of their personal data. If the child is under 13, the consent or authorisation of their custodian is required for the processing of their personal data. There are no other age limits for requesting consent from children. Rather, the party requesting the consent must evaluate the child’s capability to give their consent on a case-by-case basis in view of the purpose for which it is being requested.

If consent is requested directly from the child, it must be requested in a manner and in circumstances which permit the child to refuse without fear of consequences such as falling out of favour.

If the consent is being requested from the minor’s custodian, the controller must determine which of the child’s custodians is authorised to give their consent on the child’s behalf. As a rule, children are represented by their custodians. But a child’s parents are not always their custodians. If a child’s parent is not their custodian, the parent may not have the right to represent the child in all respects or even have the right to access the child’s information.