Article 8 focuses on protecting children’s personal data, particularly when information society services are offered, such as social media, apps, websites, and online games. It sets rules about when a child can legally give consent for their personal data to be processed.
The article states that children aged 13 or over (in the UK) can give their own consent. If a child is under 13, consent must be given or authorised by a parent or guardian. This ensures that younger children are protected from making decisions they may not fully understand and helps prevent misuse of their personal information.
Overall, Article 8 aims to provide extra protection for children online, recognising that they may be more vulnerable and less aware of privacy risks. It encourages organisations to design their services in a way that is safe, transparent, and suitable for young users.
| Section / Point | Summary | Notes / Examples |
|---|---|---|
| Scope | Applies to **information society services** offered directly to children. | Apps, websites, social media platforms, online games targeting children. |
| Age threshold | Children aged **13 or older (UK)** can give their own consent. | Children under 13 require **parental or guardian consent**. |
| Parental responsibility | For younger children, consent must be **given or authorised by a parent/guardian**. | Parent approves registration for an online game or social media account. |
| Protection of children | Ensures children’s data is handled safely and with appropriate safeguards. | Design services with privacy-friendly defaults, clear language, and minimal data collection. |
| Relation to consent rules | Works alongside **Article 7** on valid consent; children have additional protections. | Consent must still be **freely given, specific, informed, and demonstrable**. |
Article 1 – Article 2, Article 3, Article 4, Article 5, Article 6, Article 7 , Article 8