A child can give their own consent for data processing starting generally at age 16 under the EU's GDPR, but this age can be lowered to as young as 13 by individual EU member states. For children under this age threshold, valid consent must be obtained from a parent or guardian. In the US, under COPPA, the age of consent is 13, meaning children under 13 cannot legally provide consent themselves for data processing, and parental consent is required instead. This age of consent varies worldwide but generally ranges between 13 and 16 years, depending on the jurisdiction and specific laws applied.

European Union (GDPR)

• Default digital age of consent is 16 years.
• Member states may lower this to between 13 and 16 years but not below 13.
• For children younger than the consent age, parental consent is required.
• The data controller must verify that consent is given or authorized by a parent/guardian.

United States (COPPA)

• Age of consent is 13 years.
• Parental consent required for children under 13.

General Points

• Children under the age of consent cannot give valid consent themselves.
• Consent for children’s data processing must be clear and in understandable language.
• Special protections exist for children as they are considered less capable of assessing risks.

This means that to process a child’s data legally, age and local law must be checked: if below the set consent age, parental permission must be confirmed before data processing can occur.