at what age can a child give their consent for you to process their data?
A child’s exact age for giving valid consent to process their data depends on the law in the country or region, but it always falls in a set range and often still involves parents or guardians.
Very short answer
- Globally, the “digital consent” age usually sits between 13 and 18.
- Under many major privacy laws, children below that age need a parent or guardian to consent on their behalf.
Key ages in major privacy laws
General rule of thumb
Most modern privacy laws say that:
- A child can only personally consent to data processing once they reach a specified “age of consent” for data.
- Below that age , you must obtain verifiable parental or guardian consent before collecting or using their personal data.
European Union – GDPR
Under the EU General Data Protection Regulation (GDPR):
- The default age at which a child can directly consent is 16.
- EU member states can lower it to as low as 13 , and each country chooses its own exact age within 13–16.
- Below the chosen age, you need explicit consent from a parent or guardian to process the child’s data when relying on consent as the legal basis.
Example: The UK, when it applied GDPR-style rules, set the child’s digital consent age at 13 for online services.
United States – COPPA and CCPA/CPRA
- Under COPPA (Children’s Online Privacy Protection Act), a child cannot give valid consent themselves if they are under 13 ; you must get verifiable parental consent to collect personal information from them.
- Under California CCPA/CPRA , for selling or sharing personal data:
- Children 13–16 can opt in (give their own consent) to the sale or sharing of their personal information.
* For children **under 13** , you need **parental consent** for sale or sharing.
Brazil – LGPD
- Brazil’s LGPD ties the age of consent for data to the age of majority: 18.
- Below 18, a parent or legal guardian must consent for the child’s data to be processed, and child data is treated as especially sensitive.
China – PIPL
- China’s Personal Information Protection Law (PIPL) sets the child consent age at 14.
- For children under 14 , consent must be obtained from parents or other legal guardians , and there are extra safeguards and “special rules” required for handling minors’ data.
Practical takeaways if you handle children’s data
If you are running a website, app, or service and want to know “at what age can a child give their consent for you to process their data?” the realistic answer is:
- You must check the law of each country where your users live. Under EU rules, the required age can be anywhere between 13 and 16 , set by each state.
- In the US , a child generally cannot consent themselves if under 13 , and you must involve parents in many situations even beyond that when selling or sharing data.
- In Brazil , the child cannot personally consent until 18.
- In China , the switch from parental consent to self-consent is 14.
Because these thresholds differ and enforcement is getting stricter (especially since around 2018–2025), serious services increasingly:
- Build age-verification or age-assurance mechanisms (self-declaration, document checks, or other methods).
- Use child‑friendly privacy notices with simple language, icons, and visuals so children actually understand what they are agreeing to.
- Treat children’s data as high‑risk , applying extra security and limiting what is collected and shared.
Mini FAQ style recap
- Is there one universal age worldwide?
No. Laws set different ages, usually somewhere between 13 and 18 , and often require parental consent below that.
- If I’m unsure which age applies?
You should assume you need a parent or guardian’s consent whenever dealing with younger users, and then check the exact rules for your main user countries.
Bottom line: there is no single global age, but in many places a child can directly consent only from early to mid‑teens (13–16), and under that threshold you must rely on parental or guardian consent.
Meta description (SEO-friendly)
Find out at what age a child can give consent for you to process their data,
how this differs under GDPR, COPPA, CCPA, LGPD, and PIPL, and why 13–18 is the
typical range.
Information gathered from public forums or data available on the internet and portrayed here.