1. 第 6條第 1項第 a點適用於直接向兒童提供資訊社會服務之情況， 如兒童年滿 16 歲，兒童之個人資料處理應屬合法。如該兒童未滿 16 歲，僅限於其法定代理人授權或同意之範圍內，該等處理始為合法。
1. Where point (a) of Article 6(1) applies, in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.
會員國得以法律為該等目的規定較低年齡，惟不得低於 13 歲。
Member States may provide by law for a lower age for those purposes provided that such lower age is not below 13 years.
2. 在兒童之法定代理人授權或同意之情況，控管者應作出合理努力， 在考量現有科技之情況下，確認該法定代理人之同意或授權。
2. The controller shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology.
The latest consolidated version of the Regulation with corrections by Corrigendum, OJ L 127, 23.5.2018, p. 2 ((EU) 2016/679). Source: EUR-lex.
(38) Children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data. Such specific protection should, in particular, apply to the use of personal data of children for the purposes of marketing or creating personality or user profiles and the collection of personal data with regard to children when using services offered directly to a child. The consent of the holder of parental responsibility should not be necessary in the context of preventive or counselling services offered directly to a child.