One of the most important issues regarding children’s online privacy is to determine how to comply with the relevant provisions in Article 8 GDPR on parental consent. In this context, when the child is below the age of digital consent, the personal data processing will be lawful only if the consent is given or authorised by the person holding the parental responsibility over the child. We can identify an increasing number of ways to prove the children’s age online, using different methods and technologies. However, there are many issues to consider regarding the reasonable efforts that any controller should make to verify the validity of a child’s digital consent. In addition, it is essential to identify the dimension of the scope of the mention made by the European legislator regarding the available technological solutions allowing the said verification to be carried out. In this panel we will focus on several issues that will help define the scope of the obligations that the GDPR establishes for the different Internet operators:
• How the principles of privacy by design, privacy by default and data minimisation will play a role to effectively protect children?
• How should the different Internet operators face the challenge of protecting the interests of minors on the Internet and comply with the obligations that the GDPR establishes in relation to digital consent?
• What factors should be assessed to identify the most appropriate age verification methods?
• How to evaluate the adequacy of the means to be used in each context to express digital consent?