top of page

Explicit Consent for Children's Personal Data According to the GDPR

Updated: Aug 26, 2021

Children's most used devices, such as computers, smartphones, and gaming consoles, have become their best mates. The procession of personal data in such tools begins as soon as the app is opened. Data such as location, age, and how the user children feel can be processed easily. Children, who are more fragile and vulnerable than adults, need special protection in this situation.

Turkey's personal data protection law (“KVKK”), includes provisions that do not differentiate between adults and minors, but simply states that only real persons are the data subjects. But, When European and American laws are taken into consideration, the child has power of appointment over his or her personal data.

GDPR adopted more comprehensive legislation in the area of data protection law, and Article 6 regulates the processing of personal data pertaining to children solely. The child must be at least 16 years old in order for his or her personal data to be processed. Under the age of 16 permission of the parent or legally appointed guardian is compulsory. In this context, Article 6 regulates children explicit consent in relation to “information society services” (“ISS”).

According to the British Data Protection Authority (“ICO”) information society services are, any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services. Most online services, including search engines, social media networks, online messaging or internet-based voice telephony services, online marketplaces, video streaming services, online games, news or educational websites, and other websites providing other products or services to users over the internet, are all ISS. So, The vast majority of online services used by children are covered thus explicit consent from parents or guardians, is required.

Consequently, technology develops and changes almost everyday. Therefore, data protection and privacy regulations have to catch up with the developments in order to protect valuable information and data from persons especially from minors. As a result, data security and privacy regulations must keep pace with technological developments in order to protect valuable information and data from individuals, especially minors. Both international law systems and Turkish law are expected to establish more comprehensive regulations and verdicts in this context.



Bilgi Teknolojileri Ekibi


bottom of page