Children online: consent ages and the special protections
For online services, children below the “digital age of consent” need a parent’s yes — and that age is 13 in some countries, 16 in others. Around it: a thickening wall of child-specific rules.
The mechanism (Art. 8): where an online service relies on consent, a child below the national threshold needs parental authorisation. The GDPR default is 16, but member states may lower it to 13 — and they scattered: some chose 13 (Denmark, Sweden, Belgium, Portugal among them), some 14 (Italy, Spain, Austria among them), some 15, and a substantial group kept 16 (Germany, the Netherlands, Ireland among them). Platforms’ minimum-age settings track these lines, which is why sign-up ages differ per country. Check your DPA’s children page for your national number. Beyond consent age, children get structural protection: transparency addressed to a child must be child-comprehensible; the by-default rules hit hardest here (child accounts public-by-default drew the record Instagram fine); the DSA bans targeted advertising to minors outright; and erasure of data collected in childhood gets explicit priority (Recital 65) — the adult right to delete the teenage internet self. Where it’s heading: age verification is the political battlefield — Parliament has pushed an EU-wide 16+ social-media line and the EU age-verification app is in rollout; the moving parts live on What’s changing. For parents now: the practical levers are the platform family tools plus the school and tracking rules — and teaching the ask-before-posting norm early, in both directions.
Verified against the sources above on 18 July 2026. Information, not legal advice.