Mastodon Kuan0: June 2020

Monday 29 June 2020

Children’s consent GDPR Art.8 - Member State differences

Table showing the age below which parental consent is needed (and above which the child’s consent is acceptable) for the offer of information society services (i.e. online services) directly to a child, where the legal basis is consent:

Member State
 Belgium,  Denmark,  Estonia,  Finland,  Latvia,  Malta,  Portugal and  Sweden (and  UK, but we don’t count anymore )
     Austria,  Bulgaria,  Cyprus, 
 Lithuania,  Italy and Spain
 Czech Republic,  France and  Greece
 Croatia Germany Hungary, 
 Ireland,  Luxembourg,  the Netherlands, Poland,  Romania and  Slovakia

These differences are allowed by the GDPR, but the Commission’s Staff Working Document, accompanying its 2-year evaluation ofthe GDPR, comments that “Such differences lead to situations where the Member State in which the controller is established provides for another age limit than the Member States where the data subjects are residing.” You can say that again!

Note: the table above is based on the helpful info provided in the SWD, p.17, and hasn’t been independently confirmed. No info on Iceland, Liechtenstein and Norway was provided in the SWD – presumably because they’re EEA, not EU.

Countries influenced by GDPR

According to the Commission's Staff Working Document accompanying its 2-year report on the GDPR, the GDPR has acted as "a catalyst" for many third countries around the world to consider introducing modern privacy rules":
Brazil, California, Chile, India, Indonesia, Japan, Kenya, South Korea, Taiwan, Tunisia

A map of those countries is below. Click on Larger for the larger version.

Also mentioned in the SWD for "promising developments" regarding privacy legislation, and therefore "third countries" that are possible candidates for future "adequacy" discussions with the Commission:
Malaysia, Sri Lanka, Thailand; Africa (e.g. Ethiopia, Kenya) and  the European Eastern and Southern neighbourhood (e.g. Georgia).