Which topic would you like to know more about?
What is the legal age of adulthood/ majority in your jurisdiction? Are all persons below this age considered a child/ minor?
Pursuant to the Civil Code (Article 2.5.1), all persons who are under 18 years of age are considered minors and have limited active legal capacity.
Prior to 18, the active civil capacity differs for minors under the age of 14, and minors aged 14-17.
Transactions on behalf of minors under the age of 14 shall be concluded by their parents or guardians, although they have the right to independently enter into transactions to meet their ordinary and usual needs, conclude transactions aimed at gratuitous personal gain, as well as transactions related to the use of their own earnings or funds provided by their legal representatives or other persons where the said transactions are not subject to a prescribed notarial or any other specific form.
Minors aged 14-17 enter into transactions upon the consent of parents or guardians, but have the right to independently dispose of their income and property acquired for that income, exercise copyright to their works, inventions and industrial design as well as to enter into transactions to meet their ordinary and usual needs.
Has the UNCRC been directly incorporated into national law in your jurisdiction?
No.
There is no direct incorporation of the UNCRC as a whole into Lithuanian domestic law. Lithuania acceded to the United Nations Convention on the Rights of the Child on 1992 and ratified it in 1995. The Lithuanian Child Protection Act (i.e. the Law on Fundamentals of Protection of the Rights of the Child) has been adopted in conformity with the UNCRC. Pursuant to the Act, ensuring the rights and well-being of children shall be done in accordance with the UNCRC’s principles.
Every child has the inherent right to life, survival, development, equal treatment without any discrimination; in all action concerning children, the best interests of the child shall be a primary consideration; every child has the right to independent opinion in all matters affecting the child and the right to express his or her views.
Is there an ombudsperson/ commissioner for children in your jurisdiction?
Yes.
Lithuania has an Ombudsperson for Child's Rights, who, in accordance with the law, oversees and monitors the rights of the child and the protection of the child's legitimate interests, investigates violations of the child's rights and legitimate interests, and seeks to improve the protection of children's rights in Lithuania.
If there is an ombudsperson/ commissioner for children in your jurisdiction, do they have any responsibility for upholding children’s rights in the digital world or does the relevant regulator have sole competence?
Yes.
The Ombudsman for Child’s Rights is not limited to investigating the activities of state and municipal officials, as the Ombudsman for Child’s Rights is also empowered to inspect the activities of private companies, non-state institutions and organisations, and even of private individuals, as a consequence of which a child's rights or legitimate interests may be, or are being, infringed. The Ombudsman for Child’s Rights protects children’s rights together with other regulators.
Is there any standalone requirement to collect the consent of one or both parents when processing a child’s personal data (irrespective of any other obligations, e.g. the requirement to have a legal basis for processing)?
No.
There are no national-specific laws in this regard; see more information on the GDPR-level requirements here. The requirement to collect parental consent under Article 8(1) of the GDPR only applies where the service provider is relying on consent as the legal basis under the GDPR for processing a child’s personal data. If another legal basis is relied on for processing, there is no requirement to collect parental consent for processing the child’s data.
Entirely separate to the requirement to collect parental consent under Article 8(1) is that a digital service provider (controller) may decide to seek parental permissions for a child to access different setting/ features/ functionalities etc. as part of the measures it implements under Articles 24 and 25 of the GDPR to ensure a high level of protection for child users.
At what age can children legally consent to the processing of their own personal data, such that parental permission/ consent is not required?
The Law on Legal Protection of Personal Data specifies that when information society services are offered directly to a child, the processing of the child's personal data is lawful if the consent is given by a child aged 14 years or older in accordance with Article 6(1)(a) of the GDPR.
For situations beyond processing of personal data in the context of provision of information society services, 14 is a good starting point to consider a child’s consent valid, but note that there may be certain processing activities where parental consent is required for minors aged 14-17.
Are there specific requirements in relation to collection and/or verification of parental consent/ permission concerning the processing of a child’s personal data?
Yes.
There are no national-specific laws in this regard; see more information on the GDPR-level requirements here. While Article 8(2) of the GDPR does not set out an approved method for the collection of parental consent, it does require organisations to “make reasonable efforts” to verify such consent by a holder of parental responsibility over a child taking into account available technology. No such methods are expressly approved by law or regulation and nor has the State Data Protection Inspectorate outlined any recommended methods
Are there any particular information or transparency requirements concerning the processing of children’s personal data?
Yes.
There are no national-specific laws in this regard; see more information on the GDPR-level requirements here.
Can children directly exercise their rights in relation to their personal data without the involvement of their parents?
Yes.
There are no national-specific laws which specify the age at which children have the legal right to exercise their data subject rights under the GDPR, but we consider that a child should be able to exercise the data subject's rights, as long as they have the capacity to do so and it is in their best interests. This is especially the case for minors who are 14 years old or older who can give valid consent for processing of personal data in the context of information society services.
Note that there is no local guidance on this topic, thus different interpretations are possible (depending on the specific case).
Can children make complaints on their own behalf directly to your national data protection/ privacy regulator(s)?
Yes.
There are no national-specific laws which specify the age at which children have the legal right to exercise their data subject rights under the GDPR, but we consider that a child should be able to exercise the data subject's rights, as long as they have the capacity to do so and it is in their best interests. This is especially the case for minors who are 14 years old or older who can give valid consent for processing of personal data in the context of information society services.
Note that there is no local guidance on this topic, thus different interpretations are possible (depending on the specific case).
Are there any particular requirements/ prohibitions related to:
a. processing specific types of children’s personal data;
b. carrying out specific processing activities involving children’s personal data; and/ or
c. using children’s personal data for specific purposes.
Yes.
There are no national-specific laws in this regard; see more information on the GDPR-level requirements here.
However, the following processing is subject to a mandatory requirement to carry out a data protection impact assessment:
- processing of children's personal data for direct marketing purposes, assessment of children's personal aspects, which is based on automated processing, including profiling, or when information society services are offered directly to children;
- the processing of personal data is carried out for the purposes of scientific or historical research.
Has there been any enforcement action by your national data protection/ privacy regulator(s) concerning the processing of children’s personal data? In your answer, please include information on the volume, nature and severity of sanctions.
No.
We are not aware of notable enforcement measures taken by the Data Protection Inspectorate in this context.
Are there specific rules concerning electronic direct marketing to children?
Yes.
Generally, direct marketing is regulated by the Law on Electronic Communications. However, the Law does not mention specific rules related to the direct marketing to children, nor does it stipulate a minimum age for direct marketing to children.
In addition, Article 8(4) of the Law on Protection of Minors from the Negative Effects of Public Information prohibits processing of personal data of minors collected or otherwise obtained by the producers and/or distributors of public information for direct marketing, profiling and advertising based on consumer behaviour, as well as for other commercial purposes.
Are there specific rules concerning the use of adtech tracking technologies, profiling and/or online targeted advertising to children?
Yes.
There are no national-specific laws In this regard; see more information on the GDPR-level requirements here.
Are there specific rules concerning online contextual advertising to children?
No.
There are no national-specific laws in this regard. However, to the extent applicable, Article 8(4) of the Law on Protection of Minors from the Negative Effects of Public Information prohibits processing of personal data of minors collected or otherwise obtained by the producers and/or distributors of public information for direct marketing, profiling and advertising based on consumer behaviour, as well as for other commercial purposes.
Additionally, see more information on the EU-level requirements here.
Has there been any regulatory enforcement action concerning advertising to children? In your answer, please include information on the volume, nature and severity of sanctions.
No.
We are not aware of notable enforcement measures in this context.
At what age does a person acquire contractual capacity to enter into an agreement to use digital services?
Pursuant to the Civil Code (Article 2.5.1), all persons who are under 18 years of age are considered minors and have limited active legal capacity.
Prior to 18, the active civil capacity differs for minors under the age of 14, and minors aged 14-17.
Transactions on behalf of minors under the age of 14 shall be concluded by their parents or guardians, although they have the right to independently enter into transactions to meet their ordinary and usual needs, conclude transactions aimed at gratuitous personal gain, as well as transactions related to the use of their own earnings or funds provided by their legal representatives or other persons where the said transactions are not subject to a prescribed notarial or any other specific form.
Minors aged 14-17 enter into transactions upon the consent of parents or guardians, but have the right to independently dispose of their income and property acquired for that income, exercise copyright to their works, inventions and industrial design as well as to enter into transactions to meet their ordinary and usual needs.
The specific applicable age should be determined taking into account the specific digital service agreement.
Do consumer protection rules apply to children?
Yes.
The Lithuanian Law on Consumer Rights Protection does not distinguish between the consumer protection rules for minors (children) and adults, but states in general terms that a consumer is a natural person who seeks to enter or enters into agreements that are not related to his or her economic or professional activity.
Therefore, any natural person who meets these criteria, including children, is considered a consumer and is subject to consumer protection rules.
The Lithuanian consumer protection rules are, in principle, in line with EU law.
See more information on the EU-level requirements here.
Are there any consumer protection rules which are specific to children only?
Yes.
Rather than related directly to “consumer protection rules”, there are certain specific obligations related to advertising and offering goods or services to children, which derive from the Lithuanian Law on Advertising (Article 7, Article 14) and the Lithuanian Law on the Protection of Minors against Detrimental Effect of Public Information (Article 8).
- Advertising is prohibited from having a harmful moral and physical effect on children: to abuse children's trust in parents, guardians (caregivers), teachers or other adults; forming the opinion of children that the use of certain goods or services will give them a physical, psychological or social advantage over their peers or other persons; or to unjustifiably show children in situations that threaten their health and life.
- It is prohibited to refer to energy drinks as sponsored products or otherwise promote them to children under the age of 18.
- In general, advertisements of goods and/or services intended for persons aged 18, 14 and 7, may not be broadcast together with information intended for audience which is younger than the consumers of the goods and/or services presented or advertised.
- Advertising must also meet the following requirements: not to directly encourage minors to buy or rent, or choose a product or service, taking advantage of minors' inexperience and gullibility;
- not to directly encourage minors to persuade their parents or other persons to buy advertised goods or services; and
- not to form the opinion of minors that the use of certain services or goods will give them a physical, psychological or social advantage over their peers.
Additionally, see more information on the EU-level requirements here.
Has there been any regulatory enforcement action concerning consumer protection requirements and children’s use of digital services? In your answer, please include information on the volume, nature and severity of sanctions.
No.
N/A
Are there any age-related restrictions on when children can legally access online/ digital services?
Yes.
In Lithuania, the following goods and services are restricted to certain ages:
- gambling
- alcohol, cigarettes, vaping;
- energy drinks; and
- pornography.
To the extent such goods and services are accessed online by children, restrictions apply.
Are there any specific requirements relating to online/ digital safety for children?
Yes.
Information that has a negative impact on minors is prohibited from being directly distributed to minors, i.e., offering, transferring or otherwise allowing them to use it personally. Such public information may only be disseminated in places inaccessible to minors and/or at such a time that minors could not use it, or when using technical means conditions are created to enable persons responsible for raising and supervising children to limit minors’ access to such information.
In general, the Law on Protection of Minors from the Negative Effects of Public Information establishes the following types of information as information that has a negative impact on minors:
- information of a violent nature, promoting aggressiveness and disrespect for life;
- when the destruction or damage of property is encouraged;
- when the body of a dead, dying or brutally injured person is shown in close-up, except for cases where such showing is necessary to identify the person;
- information of an erotic nature;
- information causing fear or terror;
- information encouraging gambling, encouraging, offering to participate in gambling and other games that give the impression of easy winning;
- information which favours dependence on narcotic, toxic, psychotropic substances, tobacco or alcohol, as well as on other substances that are or may be used for intoxicating purposes, and which promotes their use, production, distribution or acquisition;
- information promoting self-harm or suicide, detailing the means and circumstances of suicide;
- information which positively evaluates the criminal act or idealises criminals;
- information related to the modelling of a criminal act;
- information which encourages behaviour that degrades human dignity;
- information in which a person or a group of people is mocked or a person or a group of people is despised because of nationality, race, gender, origin, disability, sexual orientation, social status, language, faith, beliefs, views or other similar grounds;
- when staged paranormal phenomena are demonstrated, giving the impression of the reality of these phenomena;
- information which promotes sexual abuse of minors and their exploitation, sexual relations of minors;
- information which promotes sexual relations;
- information which creates contempt for the values of the family, promotes a different concept of marriage and family formation than the one enshrined in the Constitution of the Republic of Lithuania and the Civil Code of the Republic of Lithuania;
- when obscene expressions, words or obscene gestures are used;
- when advice is given on how to make, purchase or use explosives, narcotic or psychotropic substances, as well as other things dangerous to life or health;
- information which promotes bad habits of nutrition, hygiene and physical inactivity;
- when mass hypnosis sessions are demonstrated, the object of which is the audience of a public information medium; and
- related to the minor's personal data, information through which it is possible to determine his personal identity using public information.
However, there are naturally levels to this information (its severity, potential harm, etc.). What cannot be shown to a 7 year old could perhaps be shown to a 14 year old, or perhaps certain depictions of violence could be shown to everyone, regardless of age. Therefore, whether information can be shown to minors and at what minimum required age very much depends on the specific information in question.
Under this Law, producers of public information, broadcasters, and other persons responsible for the content of public information must determine themselves whether the intended dissemination of information can be attributed to the category of public information that has a negative impact on the development of minors. When determining whether the intended dissemination of information can be attributed to the category of public information that has a negative impact on the development of minors, its content, purpose, context, and impact are evaluated (the impact of the disseminated information depends on the detail of the depiction of the phenomena, the duration of the scenes, the frequency, the suggestiveness of the information etc.).
Additionally, see more information on the EU-level requirements here.
Are there specific age verification/ age assurance requirements concerning access to online/ digital services?
Yes.
Information that has a negative impact on minors may only be disseminated in places inaccessible to minors and/or at such a time that minors could not use it, or when using technical means (to verify the age of users; to control the negative impact on persons responsible for the upbringing and care of children; dissemination of information to minors; content filtering or other systems) conditions are created to enable persons responsible for raising and supervising children to limit minors’ access to such information.
However, there are no laws or publicly available guidance issued by Lithuanian authorities on the specific measures for online age verification and parental consent. We recommend following guidance of European supervisory authorities.
Additionally, see more information on the EU-level requirements here.
Are there requirements to implement parental controls and/or facilitate parental involvement in children’s use of digital services?
Yes.
To the extent that the use of digital services involves information that has a negative impact on minors, the digital services should provide for technical means for parents to limit children’s access to the digital services.
However, there are no laws or publicly available guidance issued by Lithuanian authorities on the specific measures. We recommend following guidance of European supervisory authorities. See more information on the EU-level requirements here.
Otherwise, to the extent that the use of digital services does not involve information that has a negative impact on minors, there are no specific requirements for parental controls.
Has there been any regulatory enforcement action concerning online/ digital safety? In your answer, please include information on the volume, nature and severity of sanctions.
No.
We are not aware of notable enforcement measures in this context.
Are there any existing requirements relating to children and AI in your jurisdiction?
Yes.
There are no national-specific laws in this regard; the AI Act (Regulation 2024/1689) applies in this context. See EU-level response here.
Are there any upcoming requirements relating to children and AI in your jurisdiction?
Yes.
There are no national-specific requirements in this regard; see EU-level response here.
Has there been any other regulatory enforcement activity to date relevant to children’s use of digital services? In your answer, please include information on the volume, nature and severity of sanctions.
No.
We are not aware of notable enforcement measures in this context.
Are there any other existing or upcoming requirements relevant to children’s use of digital services?
Yes.
There are no other national existing or upcoming requirements relevant to children’s use of digital services. See more information on the upcoming EU-level requirements here.
Contributors
Sidas Sokolovas
Sorainen
Raminta Matulytė
Sorainen
