Protecting Children Online: Combining the Rationale and Rules of Personal Data Protection Law and Consumer Protection Law

Abstract

The newly adopted EU General Data Protection Regulation 2016/679 (GDPR) has explicitly recognised that children deserve more protection than adults, especially online. Yet, as the GDPR's child-specific protection regime is new and without precedent in Europe, both its underlying logic and its practical implementation remain unclear. The chapter explores the extent to which EU consumer law, which has already taken account of children as a particularly vulnerable group of consumers, can inform the newly adopted General Data Protection Regulation. The analysis focuses on the reasons justifying the child-specific protection regime, principles (fairness, transparency) in relation to children and conceptual questions (definition of an average child and services directed to children).