ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

Experts warn that GDPR will harm privacy of children and young adults

Europe’s new GDPR regulations are being hailed as a win for privacy - and a step in the right direction. However, many experts are now warning that the regulations could have unintended consequences. 

Concern is growing that certain demographics could actually suffer as a result of the new regulations. Ida Tin, founder, and CEO of Cluebelieves there is a chance that young people’s privacy, for example, could be negatively affected by GDPR. 

Clue is an app that lets girls track their period. Tin is concerned that insisting children under the age of 16 seek parental consent to use the app could stop some young women from benefiting from it. 

You can imagine being a young woman getting your first period maybe at age 13, 14, or even younger, and then having to ask your parents to use this app to explain what’s going on in your body is a really hard thing to do. I think for a lot of people that will basically mean that they won’t get access to the educational information that someone like Clue provides.

Ida Tin

Some digital privacy necessary

Although Clue is a highly specific example, the new legislation has shined a spotlight on the issue of privacy for children.

Dr. Sheri Jacobson from Harley Therapy in London says that she understands why GDPR has set these strict rules, and she is generally in favor of setting boundaries that clearly protect children's data. Jacobson told that "its a jungle online and parents are worried," adding that GDPR is "a way of taking control," however she did express concerns about how consent could negatively affect kids that are seeking help:

We receive a lot of comments on blog posts from young people. We know there are youngsters who are reaching out and if they needed consent to leave a comment those numbers might go down. This could mean kids are having to bottle it up inside. In the past, we have had children message us saying that they have spoken to their parents about how they are feeling and that they have been told to just shake it off and not think about it. Unfortunately, parents can be quite dismissive and often don’t want their kids to talk about the issues they are having in case it reflects badly on them.

Dr. Sheri Jacobson

Wendy Rice, Psy.D, a licensed psychologist and founder of Rice Psychology Group, believes it is important to give young people a certain amount of digital privacy - particularly once they are of upper middle school age.

shutterstock 189816743

Rice says that as a general rule, by the time young people are in their teens, the time for spying on them is largely over and trust must be established instead. 

Too much red tape?

Requiring parental consent under the age of 16 is already resulting in the loss of some services for young people. Since GDPR came into effect, many apps, including Whatsapp, have decided to update the minimum age requirement for Europeans. Prior to the new regulation taking effect, children as young as 13 could use Whatsapp (in the US this remains true). 

Lie to me!

The CEO of Clue has admitted that “if there’s a 12-year-old who says that she’s 13, we cannot check that.” 

So the question becomes, how many young people are going to be forced into lying about their age due to GDPR? Backing children into a corner and forcing them to lie about their age can hardly be considered a favorable habit. 

Ida Tin believes that this is one of the most critical drawbacks created by GDPR. Tin is concerned that her firm - and many others that gather stats about young people’s health - are suddenly going to have a lot more “16-year-olds” using their services. Tin believes it is going to adversely affect the data driving the business.

Fundamentally we have to trust the data people give us, but it’s not a great solution to pretend we think everyone just suddenly turned 16. That’s really sub-optimal.

Ida Tin

Already existing problem

A study conducted last year by Ofcom in the UK revealed that 46% of 11-year-olds, 51% of 12-year-olds, and 28% of 10-year-olds, now have a social media profile. This is despite the fact that the minimum age requirement for services like Facebook and Instagram is 13. 

The report also discovered that parents are woefully unknowledgeable about the age restrictions for those services. According to Ofcom, eight out of ten parents didn’t realize their kids shouldn’t be using them.

What's more, according to the report, parents are actually helping their kids to break the rules. Four out of ten parents actually admitted that they would permit their child to use social media before reaching the minimum age requirement. 

With that in mind, it seems clear that children are going to be signing up for services and handing over personal data to firms despite GDPR. Anybody interested in digital privacy for children is advised to look at Privacy for Children Guide.

For more information about GDPR and what VPN providers have complied, take a look at our GDPR industry report.

Image credits: BoBaa22/, WEB-DESIGN/, estherpoon/

Written by: Ray Walsh

Digital privacy expert with 5 years experience testing and reviewing VPNs. He's been quoted in The Express, The Times, The Washington Post, The Register, CNET & many more. 


There are no comments yet.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service