Consent For Processing Children's Personal Data In General Data Protection Regulation Of EU

Children are actively present on the Internet from a younger age.According to statistics,one-third of Internet users worldwide are under the age of 18.On the Internet,children not only enjoy the opportunities to play,learn,express themselves and social interaction,but also disclose more and more personal data.The widespread use of data for all content increases online privacy risks,such as personal data abuse,profiling,identity theft,and reputational damage.Because children are still immature in terms of capacity of judgment,resolution,and self-protection,they lack sufficient knowledge of the consequences of online behaviors.They may be misled and commercially exploited because they cannot correctly assess risks.Online privacy risks constitute a major concern for children in Europe.Adults widely support the introduction of special data protection measures for children,and policy makers and scholars are increasingly calling for better protection of children's rights based on the UN Convention on the Rights of the Child in the digital age.The “Data Protection Directive”(Directive 95/46/EC)implemented by the European Union in 1995 does not distinguish between adults and children in the protection of personal data.However,the “General Data Protection Regulation”(hereinafter referred to as GDPR)officially implemented in May 2018 significantly changed the status quo,explicitly recognizing that children need more protection than adults,introducing special provisions on children,such as the “parental consent”clause,child-appropriate information,and stricter right to be forgotten.The mostcontroversial one among them is the Article 8 “Parental Consent” clause of GDPR.As a new clause,its specific requirements still have some ambiguities and face many practical application challenges.However,since 1998,the United States has provided detailed rules for online service providers directed to children when processing children's personal data in its Children's Online Privacy Protection Act(COPPA).GDPR can draw on relevant US experience to improve the “parental consent” clause.Therefore,the aim of this paper is to critically evaluate the consent for processing children's personal data in GDPR,and to conduct comparative analysis with the relevant provisions of COPPA then to discuss the shortcomings of GDPR and how to learn the experience of COPPA.The paper is divided into four chapters.The first chapter outlines the background of GDPR related to the processing of children's personal data,including the inconsistencies in the relevant concepts in different EU member states and the different models they adopted.The second chapter discusses the concept of general consent rules in the EU data protection law and the elements and specific conditions that must be met for valid consent.The third chapter studies the legislative development and practical application of the Article 8 “Parental Consent” clause of GDPR.In the fourth chapter,after comparing with COPPA,it discusses the limitations of the GDPR “parental consent” clause and the challenges that may be faced in the implementation.Then,combined with the experience of the United States,it proposes several suggestions to improve the clause.