Abstract

With the recent adoption of the General Data Protection Regulation (GDPR), the European Union (EU) assigned a prominent role to parental consent in order to protect the personal data of minors online. For the first time, the GDPR requires parental consent before information society service providers can process the personal data of children under 16 years of age. This provision is new for Europe and faces many interpretation and implementation challenges, but not for the US, which adopted detailed rules for the operators that collect personal information from children under the Children’s Online Privacy Protection Act (COPPA) almost two decades ago. The article critically assesses the provisions of the GDPR related to the consent of minors, and makes a comparative analysis with the requirements stipulated in the COPPA in order to identify pitfalls and lessons to be learnt before the new rules in the EU become applicable.