Abstract
The GDPR provides a high level of protection for children's personal data. This protection is reflected in various recitals and provisions in the GDPR and results in two practical challenges. First, the (implicit) need for age verification, or at least determining whether someone is not a child. This obligation would apply as soon as personal data are processed and there is no evidence to the contrary that the personal data of children are processed. Secondly, in the more specific case that consent is one of the lawful grounds, there is a need to verify that consent has been given by a parent (or guardian) when a data subject has not reached the age of digital consent. In our research, we studied whether apps popular among children have implemented adequate methods to meet both verification obligations by analysing the registration process of these apps. No apps that we investigated met the requirements of the GDPR at the time of our research. The level of assurance of age was too low or the method not privacy-friendly or inclusive. Parental consent mechanisms were generally lacking - while consent was a lawful ground in all apps we investigated. If a parent was involved in the registration process, the actual verification of that status was mostly missing. Keywords: Data Protection | Age Verification | Parental Consent
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
