The English data protection supervisory authority ICO has published a guide on “Children and the GDPR. Interested parties can comment on this until the end of February.
The guide is quite general. Open questions are hardly clarified, e.g. the following:
- the specific manner in which the consent or assent of the parents (or “holders of parental responsibility”) is to be obtained (Art. 8 (1) and (2) GDPR; in most cases it will be a double opt-in procedure);
- When an IS service is made “direct” to a child.
However, the guide provides a good overview of the special rules of the GDPR for children.