Reforming Child Consent Under the GDPR: Towards a Harmonised, Risk-Aware and Child-Centred Framework

This article examines the current framework governing child consent under the European Union’s (EU) General Data Protection Regulation (GDPR). It identifies significant gaps that hinder effective protection of children’s personal data. Three principal shortcomings were found in the research: divergent national age thresholds for digital consent; unclear and inconsistently enforced parental consent verification obligations; and insufficient recognition of children’s evolving capacity.

Through a comprehensive analysis, the study proposes a reformed, child rights-based model that emphasises three core pillars: harmonised age thresholds, risk-calibrated parental consent verification and operationalising children’s growing decision-making capacities. The article advocates for clearer regulatory guidance, context-sensitive consent mechanisms and enhanced digital literacy initiatives to empower children and parents. It further advocates systematic integration of Child Rights Impact Assessments to complement Data Protection Impact Assessments in high-risk contexts. These measures aim to align legal obligations with technological realities, enhance transparency and foster participatory data governance that treats children as active rights-holders.

The proposed framework seeks to reconcile protective imperatives with empowerment objectives, delivering greater legal certainty for controllers while advancing fairness, proportionality and inclusivity in the European Union’s digital single market. This approach offers a principled pathway towards ensuring that children’s data rights are safeguarded not only through stronger protections but also by recognition of their agency within the contemporary digital ecosystem.