<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Login
    Find a course

    GDPR – Age of Consent – No Longer Child’s Play

    Published on 11 Apr 2018 by Martin Schofield

    GDPR brought with it new rules to better protect personal data. Not only to protect adults privacy, but also to guard children against exploitation. So what is the age of consent?

    As adults we can of course make informed decisions about how our own data is collected or processed. But what about children? At what age are they expected to be able to make their own decisions? And is this reasonable or realistic?

    What's the age of consent in relation to GDPR?

    Under GDPR Article 8, the age of consent, i.e. when a child is required or able to give their consent for the processing of the own data, is 16. However, member states are allowed to allocate their own age of consent, with a cap at 13 years of age.

    In the UK, the age of consent is 13, so the lowest age that the GDPR will allow.

    Is that low enough? Or too high?

    The purpose of consent is to draw a line in the sand showing from which age onwards children can provide their own consent for the processing of their personal data. We tend to generally think about children’s data being used for social media purposes, such as Instagram, which is aimed at users who are at least 13 years of age, and even has an online form to enable the reporting of account users who are younger than that.

    Are children unwittingly putting their online security at risk?

    Despite the regulations, the UK's Children's Commissioner say that children are unwittingly giving away rights to their private data and putting their online security at risk.

    A survey undertaken by the Commissioner’s Growing Up Digital taskforce revealed that nearly 50% of 8 to 11 year olds agreed to vague terms and conditions offered by social media firms.

    None of the children surveyed fully understood the terms and conditions of Instagram, which is used by more than half of 12 to 15 years and 48% of 8 to 11 year olds. Only half of these 8 to 11 year olds are even able to read the terms, which run into more than 5,000 words over 17 pages of text. However, Instagram is aimed at ages 13+ and has a reporting facility for younger users.

    Blog: 5 steps to staying compliant when sharing data under GDPR

    According to Ofcom, 12 to 15 year olds spend more than 20 hours a week online and 70% of them have a social media profile. Interestingly, Ofcom also report that even 3 and 4 year olds spend 8 ¼ hours a week online - that's quite a crazy thought!

    As with most adults, if I want to know anything about social media, I’ll ask a child in my family or circle of friends. There are no greater experts in the use of social media sites than children – but experts in compliance, we can tell from these statistics alone, they are not.

    Can we really expect children to make informed choices about their personal data rights?

    Having said that, common sense should tell us that children, even at the age of 13, cannot reasonably be expected to make informed choices about their rights relating to personal data.

    The world of data protection is a minefield and filled with legal and compliance professionals who can debate the topics and intricacies of such for hours on end. Yet under GDPR, we are allowing children as young as 13 to make decisions regarding their own data protection.

    The need for parental intervention

    Clearly there is a need for parental intervention still, and for parents to at least provide guidance to their children in this topic. Interestingly enough, I am sure that the parents do so when it comes to financial matters, like choosing choosing whether to provide or withhold their consent on child bank accounts and trust funds.

    Similarly, it will be interesting to see the direction in which financial services firms move when it comes to consenting children, who consent to receive marketing and promotional material, or who seek to restrict or withdraw consent, perhaps without any real understanding of the impact and consequences of such instructions.

    Download your free GDPR Training Presentation

    Want to know more about GDPR?

    As well as 30+ free compliance training aids, we regularly publish informative GDPR blogs. And, if you're looking for a training solution, why not visit our GDPR course library.

    If you've any further questions or concerns about GDPR, just leave us a comment below this blog. We are happy to help!

    Leave a comment

    Tick

    Free Trial: Compliance Essentials

    Skillcast Essentials is our best-selling library and there's a reason for that. It provides 30 in-depth courses covering the key compliance / conduct issues that companies in the UK face today.

    Request now

    8 Tips to Protect Your Employees From Email Phishing

    Criminals often take advantage of a crisis by using phishing emails that appear to come reputable and familiar organisations. We've got some tips to keep your team safe. Email phishing is a technique ...

    Read More
    Working Safely with Display Screen Equipment

    Office work comes risk-free, right?...Wrong! Whether you are in an office or remote-working you need to know how to stay safe when using display screen equipment (DSE). Do you know the risks ...

    Read More
    Compliance Continuity Management (CCM)

    How do you ensure legal and regulatory compliance during times of disruption? We asked our panel of experts for their advice on how to react to the coronavirus pandemic. Disruptive events like this ...

    Read More
    Data Protection Compliance in Times of Disruption

    GDPR compliance becomes more challenging than ever during times of disruption. To maintain data protection compliance you will need to focus and prioritise. In response to the COVID-19 pandemic, the ...

    Read More