GDPR: The question of minimum age on social networks after May 2018

  • Awareness
  • 03/04/2018
  • Austrian Safer Internet Centre

As of May 2018, with the entry into force of the General Data Protection Regulation (GDPR), stronger rules will apply on data protection. The Austrian Safer Internet Centre (SIC) has looked at the measures taken by the largest social networks such as Facebook, Instagram, WhatsApp, YouTube and regarding the minimum age guidelines for their usage. 

Social networking sites have adapted their terms of use and their privacy policies. Users need to agree to the following changes to continue using these services.

  • Facebook – The minimum age to open an account is still 13. The exception: sensitive data such as religious beliefs, sexual orientation or political opinions are considered especially sensitive. Children under 16 need a parental approval to release this information. Also, parents need to approve if their child ought to receive personalised advertisement. How will this be applied in practice? This remains an open question.
  • Instagram – The terms of use still request a minimum age of 13. Lately, the app has begun to ask users for their age, if the Instagram account is not linked to Facebook. Moreover, users accept automatically the terms of use of Instagram while agreeing to the updated terms of Facebook if both accounts are linked.
  • WhatsApp – The messaging app has changed its minimum age in the terms of use to 16 for European users. For the rest of the world the minimum age remains 13. In the future, there may be an option for children in Europe between 13 and 16 to use WhatsApp with the agreement of their parents – the details are still unknown.
  • YouTube – The user terms state that users need to comply with the rules of their home country. For Austria, this implies a minimum age of 14. There is the option for parents to open an account on YouTube Kids for younger children.
  • Snapchat – The app requests a minimum age of 13 in its user terms.
  • – The music-video-network has more complex user terms, but it is unclear how this will be enforced. Users need to be at least 13 but need the approval of their parents if they are still under 18 years old.

How will social networking sites check the age of their users?

The GDPR states that the verification of age should not be disproportionate. Social networking sites are hence not obliged to check ID cards. Currently, the age of users is checked with request to independently state their birthday or to check a case ("Yes, I am over 13 years old"). This makes it easy to cheat. In many cases, it stays open how a well-functioning age verification will be implemented.

Find out more information about the work of the Austrian Safer Internet Centre (SIC) generally, including its awareness raising, helpline, hotline and youth participation services, or find similar information for Safer Internet Centres throughout Europe.

Related news

Greece – GDPR and protection of children's online privacy

  • Awareness
  • 27/11/2018
  • Greek Safer Internet Centre

The third meeting of the Greek Safer Internet Centre's (SIC) Advisory Board took place on Tuesday, 13 November 2018, gathering representatives of the state, industry, the academic community and child protection organisations. The discussions focused on the changes in the protection of children's online privacy that are still pending, even after the implementation of the General Data Protection Regulation (GDPR).

Children and the GDPR

There has been a great deal of discussion recently about the EU General Data Protection Regulation (GDPR) and particularly around the impact on children and young people. The Information Commissioner's Office in the UK has recently launched a consultation document which provides more detailed guidance for (UK) organisations who are processing personal data under the GDPR.