Article 31: Children or Persons Lacking the Legal Capacity to Consent

Article 31.01

Where a data subject is a child or a person lacking the legal capacity to consent, a data controller shall obtain the consent of the parent or legal guardian, as applicable, to rely on consent under this Act.

Article 31.02

A data controller shall apply appropriate mechanisms to verify age and consent, taking into consideration available technology.

Article 31.03

For the purposes of subsection (2), presentation of any government approved identification documents shall be an appropriate mechanism.

Article 31.04

Subsection (1) shall not apply, where the processing is — (a) necessary to protect the vital interests of the child or person lacking the legal capacity to consent; (b) carried out for purposes of education, medical, or social care, and undertaken b...

Article 31.05

Where the circumstance relates to the processing of personal data of a child of 13 years and above in relation to the provision of information and services by electronic means at the specific request of the child, the Commission shall make regulations...

Article 31.06

Nothing in this Act shall be construed as authorising data processing in respect of a child in a manner that is inconsistent with the provisions of the Child’s Right Act.