The research project “A children’s rights perspective on privacy and data protection in the digital age: a critical and forward-looking analysis of the General Data Protection Regulation and its implementation with respect to children and youth” is funded by the Special Research Fund Ghent University and runs from 2017 to 2021. The research essentially aims to examine whether and how the right to privacy and data protection for children and youth in the digital age should be re-thought.
The project focuses on a critical analysis of the child’s right to privacy and data protection and investigates whether there is a need for a re-conceptualisation of those rights in the light of recent legal, technological and social developments. To achieve this aim, human rights documents (European Convention on Human Rights and the Charter of Fundamental Rights of the European Union) as well as specific data protection instruments (the Council of Europe Modernised Convention 108 and the EU General Data Protection Regulation) are scrutinised through the lens of children’s rights. Specific children’s rights documents, such as the Council of Europe Recommendation on Guidelines to respect, protect and fulfil the rights of the child in the digital environment which have been adopted more recently are also evaluated in this context. At the EU level, the project will monitor the implementation of the GDPR in relation to children (‘s rights). In particular, it focuses on mapping the relevant provisions of the GDPR and closely monitors the process of and reasoning behind their implementation in the Member States of the European Union.
One aspect of the current research focuses on Article 8 of the General Data Protection Regulation (GDPR) which contains specific requirements regarding consent for the processing of personal data of children. The general rule provides for a parental consent requirement for all youth under 16 years old in situations where information society services are offered directly to them, and consent is the lawful ground on the basis of which the data is processed. However, Member States may choose to deviate and decide to lower the age threshold to 15, 14, or 13 years. Our research into different national approaches, based on official and public documents, shows that the implementation of article 8 GDPR is not only fragmented across the EU (see figure on the rights), but also that certain governments changed their minds along the way.
Current indications of age of consent across the EU