The European General Data Protection Regulation (GDPR) protects children’s personal data online through various measures, many still being debated. But since being approved by the EU Parliament in April 2016, it has emerged that the GDPR was formulated without consulting children or their representatives, including parents, or any evidence about children’s understanding of the commercial uses of personal data online.

Crucially, the GDPR assumes that, until they are 16 (unless member […]