Minors – a topic that is a perennial favorite in civil law exams during legal studies. At the time, the regulations protecting minors in legal. Transactions were affectionately referred to at university as “the sacred cow of civil law in data protection law.”
Clear rules for minors when using online services in data protection law
There are only clear regulations regarding the use of information society services by minors: According to Art. 8 (1) (2) GDPR, the consent of the parent or guardian or at least their consent to the consent of the minor is required if the minor is under 16 years of age.
What information society services are in detail can be derived from the definition in Article 4(25) GDPR. They are services provided electronically, ireland business fax list at a distance and at the individual request of a recipient, as a rule for a fee – this includes services such as online information services or advertising. Tools for searching for information, video on demand or sending advertising by email (see point 1.2 of.
Ability to consent to other data processing
For data processing outside the scope of Art. 8 GDPR, however, the individual capacity of the minor concerned continues to be taken into account. If “the child himself is capable […] of giving voluntary, informed consent,” the consent of the parent or guardian is not required (Specht/Mantz, Handbook of European and German Data Protection Law, Section 24 Data Protection in Schools and School Administration, marginal no. 48, beck-online).
In addition, the legal situation prior to the GDPR is often still used as a reference for the legal assessment of minors’ capacity to consent: At that time, “the supervisory authorities had agreed on an age limit of 14 years as a general presumption,” above. Which minors were deem to have sufficient capacity to consent (Gola/Heckmann/Schulz, start with a greeting 3rd ed. 2022, GDPR Art. 8 para. 10). Some even go so far as to assume that “the legal situation regarding children’s capacity to consent, as previously applicable under the GDPR and the old version of the Federal Data Protection Act (BDSG), will continue to apply” (Taeger/Gabel/Taeger, 4th ed. 2022, GDPR Art. 7 para. 117).
Data processing of minors based on legitimate interests
Even if the legal basis for the planned data processing is not consent, but rather based on the legitimate interests of the controller pursuant to Art. 6 (1) (f) GDPR, special circumstances arise if the data subjects are minors: The balancing of interests required under Art. 6 (1) (f) GDPR will normally come to the conclusion that persons who still lack the ability to understand data protection law are particularly worthy of protection and whose interests therefore regularly outweigh those of the controller.
Recital 38 of the GDPR makes it clear: ” Children deserve special protection with regard to their personal dat. As children may be less aware of the risks, albania business directory consequences and safeguards involved, as well as their rights. When personal data is processed. Such special protection should, in particular. Concern the use of children’s personal data for advertising purposes or for. Personality or user profiling, and the collection of children’s personal data.When using services directly offered to children.”
A look into practice
At this point, let’s briefly compare this with the reality of underage media users: Services like TikTok, Instagram. And Snapchat are largely used by children and young people, many of whom are certainly under 16. You can evaluate this from an educational perspective however you like . But the idea that written consent from both parents with parental authority would be verified before every flower-filtered selfie or dance video is published seems somewhat absurd.