Age of consent in the GDPR: updated mapping of recent national guidance

The general rule provides for a parental consent requirement for all youth under 16 years old in situations where information society services are offered directly to them, and consent is the legitimation ground that is relied upon. However, Member States may choose to deviate and decide to lower the age threshold to 15, 14, or 13 years. In preparation for the implementation of the GDPR, national (draft) implementation acts, national consultations or guidance by Data Protection Authorities (DPAs) have been published across the EU. Although in many countries no final decisions have been taken, preliminary research into a selection of national approaches, based on official and public documents, shows that a fragmented landscape is gradually emerging. The full and updated article is available here