Age of consent in the GDPR : updated mapping of recent national guidance and proposals

The general rule provides for a parental consent requirement for all youth under 16 years old in situations where information society services are o ered directly to them, and consent is the legitimation ground that is relied upon1. However, Member States may choose to deviate and decide to lower the age threshold to 15, 14, or 13 years. In preparation for the implementation of the GDPR, national (draft) implementation acts, national consultations or guidance by Data Protection Authorities (DPAs) have been published across the EU. Although in many countries no nal decisions have been taken, preliminary research into a selection of national approaches, based on o cial and public documents, shows that a fragmented landscape is gradually emerging.