Navegaci贸n
RGPD > Art铆culo聽8. Condiciones aplicables al consentimiento del ni帽o en relaci贸n con los servicios de la sociedad de la informaci贸n
Descargar PDF

Art铆culo聽8 RGPD. Condiciones aplicables al consentimiento del ni帽o en relaci贸n con los servicios de la sociedad de la informaci贸n

Article 8 GDPR. Conditions applicable to child's consent in relation to information society services

1. Cuando se aplique el art铆culo聽6, apartado聽1, letra聽a), en relaci贸n con la oferta directa a ni帽os de servicios de la sociedad de la informaci贸n, el tratamiento de los datos personales de un ni帽o se considerar谩 l铆cito cuando tenga como m铆nimo 16聽a帽os. Si el ni帽o es menor de聽16聽a帽os, tal tratamiento 煤nicamente se considerar谩 l铆cito si el consentimiento lo dio o autoriz贸 el titular de la patria potestad o tutela sobre el ni帽o, y solo en la medida en que se dio o autoriz贸.

1. Where point (a) of Article 6(1) applies, in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.

Ley de Directrices y caso Textos enlazados

Los Estados miembros podr谩n establecer por ley una edad inferior a tales fines, siempre que esta no sea inferior a聽13聽a帽os.

Member聽States may provide by law for a lower age for those purposes provided that such lower age is not below 13 years.

2. El responsable del tratamiento har谩 esfuerzos razonables para verificar en tales casos que el consentimiento fue dado o autorizado por el titular de la patria potestad o tutela sobre el ni帽o, teniendo en cuenta la tecnolog铆a disponible.

2. The controller shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology.

Comentario de expertos
Ley de Directrices y caso

3. El apartado聽1 no afectar谩 a las disposiciones generales del Derecho contractual de los Estados miembros, como las normas relativas a la validez, formaci贸n o efectos de los contratos en relaci贸n con un ni帽o.

3. Paragraph 1 shall not affect the general contract law of Member States such as the rules on the validity, formation or effect of a contract in relation to a child.

ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.

Here is the relevant paragraph to article 8(3) GDPR:

7.2.2 Identify lawful basis

Control

The organization should determine, document and comply with the relevant lawful basis for the processing of PII for the identified purposes.

Implementation guidance

Some jurisdictions require the organization to be able to demonstrate that the lawfulness of processing was duly established before the processing.

The legal basis for the processing of PII can include:


para acceder al texto completo

Comentario de expertos ISO 27701 Considerandos Ley de Directrices y caso Deja un comentario
Comentario de expertos

(EN) Children enjoy special protection under the General Data Protection Regulation as they are considered vulnerable (Guidelines on Consent). They did not indeed achieve physical and psychological maturity yet (Opinion 2/2009 on the Protection of Children’s Personal Data), so they may be less aware than adults of the risks and consequences of sharing their personal information when registering for online services or using connected platforms (recital 38).


para acceder al texto completo

(EN) Author
Louis-Philippe Gratton
(EN) Louis-Philippe Gratton PhD, LLM
(EN) Privacy Expert
ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.

Here is the relevant paragraph to articles 8(1) and 8(2) GDPR:

7.2.3 Determine when and how consent is to be obtained

Control

The organization should determine and document a process by which it can demonstrate if, when and how consent for the processing of PII was obtained from PII principals.

Implementation guidance

Consent can be required for processing of PII unless other lawful grounds apply. The organization should clearly document when consent needs to be obtained and the requirements for obtaining consent.


para acceder al texto completo

Considerandos

(38) Los ni帽os merecen una protecci贸n espec铆fica de sus datos personales, ya que pueden ser menos conscientes de los riesgos, consecuencias, garant铆as y derechos concernientes al tratamiento de datos personales. Dicha protecci贸n espec铆fica debe aplicarse en particular, a la utilizaci贸n de datos personales de ni帽os con fines de mercadotecnia o elaboraci贸n de perfiles de personalidad o de usuario, y a la obtenci贸n de datos personales relativos a ni帽os cuando se utilicen servicios ofrecidos directamente a un ni帽o. El consentimiento del titular de la patria potestad o tutela no debe ser necesario en el contexto de los servicios preventivos o de asesoramiento ofrecidos directamente a los ni帽os.

(38) Children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data. Such specific protection should, in particular, apply to the use of personal data of children for the purposes of marketing or creating personality or user profiles and the collection of personal data with regard to children when using services offered directly to a child. The consent of the holder of parental responsibility should not be necessary in the context of preventive or counselling services offered directly to a child.

Ley de Directrices y caso Deja un comentario
[js-disqus]