Which topic would you like to know more about?
What is the legal age of adulthood/ majority in your jurisdiction? Are all persons below this age considered a child/ minor?
As per Article 1:233 of the Dutch Civil Code (“DCC”), minors are those who have not reached the age of eighteen years and have also not been declared of age by virtue of Article 1:253ha DCC. Article 1:253ha DCC allows an underage woman who, as the person with custody, wishes to care for and bring up her child may, if she has reached the age of sixteen years, request the court to declare her an adult.
Has the UNCRC been directly incorporated into national law in your jurisdiction?
No.
The UNCRC was ratified by the Dutch government in 1992 and entered into force in the Netherlands as of 8 March 1995. Many of the provisions have a direct effect within the Netherlands, meaning that individuals can invoke these rights directly. In addition, national courts use the provisions of the UNCRC in their interpretation of children’s rights.
Is there an ombudsperson/ commissioner for children in your jurisdiction?
Yes.
In 2011, the ‘Kinderombudsman’ was established pursuant to Article 9 of the National Ombudsman Act.
If there is an ombudsperson/ commissioner for children in your jurisdiction, do they have any responsibility for upholding children’s rights in the digital world or does the relevant regulator have sole competence?
Yes.
As per Article 11b of the National Ombudsman Act, the Kinderombudsman is tasked with promoting respect for the rights of children by administrative bodies and private organisations that exercise a task (both statutory and non-statutory) regarding children (this may include schools, childcare, healthcare). This can also include the rights of children in a digital context.
Is there any standalone requirement to collect the consent of one or both parents when processing a child’s personal data (irrespective of any other obligations, e.g. the requirement to have a legal basis for processing)?
No.
The requirement to collect parental consent under the GDPR only applies where the service provider is relying on consent as the legal basis under the GDPR for processing a child’s personal data (i.e. if another legal basis is relied on for processing, there is no requirement to collect parental consent for processing the child’s data). Please see more information on the GDPR-level requirements here.
As per Article 5 of the GDPR Implementing Act, if a controller intends to process personal data of a minor below the age of 16 using consent as the legal basis, they must obtain consent from the minor's parent instead.
Entirely separate to the requirement to collect parental consent under Article 8(1) GDPR is that a digital service provider (controller) may decide to seek parental permissions for a child to access different settings/ features/ functionalities etc. as part of the measures it implements under Articles 24 and 25 of the GDPR to ensure a high level of protection for child users.
At what age can children legally consent to the processing of their own personal data, such that parental permission/ consent is not required?
Article 8(1) of the GDPR provides that the age of digital consent may be anywhere between 13 and 16 years of age, depending on what age the EU Member State in question has adopted. In the Netherlands, this is 16 years of age.
Are there specific requirements in relation to collection and/or verification of parental consent/ permission concerning the processing of a child’s personal data?
Yes.
There are no national-specific laws in this regard; the GDPR applies in this context. Please see more information on the GDPR-level requirements here.
Article 8(2) of the GDPR does not set out an approved method for the collection of parental consent; however, it does require organisations to “make reasonable efforts” to verify such consent by a holder of parental responsibility over a child taking into account available technology. The Dutch Data Protection Authority has not published any further guidance on this topic.
Are there any particular information or transparency requirements concerning the processing of children’s personal data?
Yes.
There are no national-specific laws in this regard; the GDPR applies in this context. Please see more information on the GDPR-level requirements here.
Article 12(1) of the GDPR emphasises the particular importance of the requirement for clear and plain language when providing information to children. The Dutch Data Protection Authority emphasizes that controllers must ensure that their choice of words, tone, and style of information is adjusted as needed, and that visual aids are used where appropriate. It is important to make it clear to children that the information is intended for them and that they can understand it.
Can children directly exercise their rights in relation to their personal data without the involvement of their parents?
No.
As per Article 5(4) GDPR Implementing Act, parents of children under 16 years of age shall exercise the rights of data subjects (as referred to in Chapter III of the GDPR) on behalf of their children. This does not apply to assistance and advisory services that are offered directly and free of charge to the child.
However, this is set to change with the upcoming Data Protection Collective Act, which will allow children from the age of 12 to withdraw their consent and exercise their data subject rights alongside their parent. The proposal of this Act was passed in the Dutch Parliament in May of 2025, and is currently under review in the Dutch Senate.
Can children make complaints on their own behalf directly to your national data protection/ privacy regulator(s)?
Yes.
Article 5(4) GDPR Implementing Act only applies to the rights of data subjects listed in Chapter III of the GDPR. As the right to lodge a complaint with the supervisory authority is listed in Chapter VIII, children are free to exercise this right on their own behalf.
Are there any particular requirements/ prohibitions related to:
a. processing specific types of children’s personal data;
b. carrying out specific processing activities involving children’s personal data; and/ or
c. using children’s personal data for specific purposes.
Yes.
There are no national-specific laws in this regard, but some requirements arise from guidance and decisions of the Dutch Data Protection Authority.
- N/A
- Pursuant to joint guidance by the Dutch Data Protection Authority and other regulators, children should not be profiled based on their personal data for marketing purposes, as further set out in section 14 below.
- Same as under b.
Please see more information on the GDPR-level requirements here.
Has there been any enforcement action by your national data protection/ privacy regulator(s) concerning the processing of children’s personal data? In your answer, please include information on the volume, nature and severity of sanctions.
Yes.
In July of 2021, the Dutch Data Protection Authority imposed a fine of EUR 750,000 on a social media company for violating the privacy of their juvenile users. According to this decision, the information that Dutch users - mostly young children - received from the company when installing and using the app was in English and therefore difficult to understand. By not offering the privacy statement in Dutch, the company did not adequately explain how the app collects, processes, and uses personal data.
Other parts of the investigation into the social media platform were handed over to the Irish Data Protection Commissioner as the competent authority, which eventually led to the fining decision of EUR 345 million. As the decision was based on a binding decision by the EDPB, it is important to consider the requirements that can be inferred from it when processing children's personal data in the Netherlands.
Are there specific rules concerning electronic direct marketing to children?
Yes.
Where unsolicited direct marketing to any person is carried out through the sending of electronic mail (i.e. any text, voice, sound or image message including SMS text message) the Dutch Telecommunications Act will apply to such communications.
This Act transposes the ePrivacy Directive into Dutch law. These Regulations are not specifically directed at communications made to children but regardless of whether the communication is sent to an adult or a child, the general rule is that the consent of the individual recipient is required (which must be GDPR-standard consent) although there are certain strictly applied exemptions which can be relied upon in limited circumstances. As set out above, for children under the age of 16, parental consent will be required.
Some additional rules apply to the contents of the direct marketing. Advertisements that directly encourage children to buy advertised products are prohibited by law. Additional regulatory guidance also applies. Together with the Authority for Consumer and Market, Authority for Financial Markets, and the Dutch Media Authority, the Dutch Data Protection Authority released a statement containing principles for advertising and marketing aimed at children online. Amongst others, the regulators state that advertising and marketing techniques should not influence children inappropriately and should not exploit the specific vulnerabilities of children. The regulators also emphasise that information about the commercial purpose of an advertisement, commercial aspects of a service, and sharing of personal data must be indicated in a way that is easily accessible, appropriate, and clear to children.
Are there specific rules concerning the use of adtech tracking technologies, profiling and/or online targeted advertising to children?
Yes.
There are no national-specific laws that apply specifically to children, but requirements arise from more generally applicable laws and the regulators’ joint principles (described here) for advertising and marketing aimed at children online.
In this document, the regulators explicitly state that online services must refrain from collecting children's personal data for the purpose of tailoring advertising and marketing to them through profiles based on children's behaviour, as children may not fully understand the reasons for this type of marketing and the potential consequences it may have for them.
Furthermore, the Authority for Consumer and Markets (“ACM”) independently published guidelines on the protection of online consumers. Although generally applicable to all consumers, the ACM emphasises that children’s vulnerability must be protected and cannot be abused for the purpose of selling products/services.
Please see more information on the EU-level requirements here.
Are there specific rules concerning online contextual advertising to children?
Yes.
The requirements and laws set out above apply to any type of advertising, including contextual advertising. Insofar as the advertising does not rely on the use of personal data, but rather delivers advertising based on on-screen context, the guidance related to personal data-based advertising does not apply. However, other rules, such as the prohibition on directly encouraging children to buy an advertised product, will apply regardless of the type of advertising.
Additionally, see information on the EU-level requirements here.
Has there been any regulatory enforcement action concerning advertising to children? In your answer, please include information on the volume, nature and severity of sanctions.
Yes.
There has been no enforcement specifically concerning advertising to children by the Dutch Data Protection Authority from a GDPR-perspective. However, the Dutch Authority for Consumer & Markets imposed a fine on a video game company for their advertisement practices targeted at children in one of their games. The ACM found that children who played the game could experience pressure in several ways to make purchases, for example by using ads which directly exhorted children to make purchases, and by using misleading countdown timers for items on offer. The ACM also found that, through various design choices for its offerings in its in-game shop, the company exploited the vulnerabilities of children. The ACM imposed a binding instruction as well as two fines, totalling EUR 1,125,000.
At what age does a person acquire contractual capacity to enter into an agreement to use digital services?
In accordance with Article 1:234 of the Dutch Civil Code, individuals under the age of 18 can only sign a contract with the approval of their parent. For age-appropriate purchases, it is assumed that the parent has given their consent
Do consumer protection rules apply to children?
Yes.
The Dutch Unfair Commercial Practices Act, as incorporated in the Dutch Civil Code (the “DCC'), prohibits misleading, aggressive, or otherwise unfair practices, which must be considered in the context of the ‘average consumer’ within the target or affected group.
When a practice is aimed at or largely affects children, the ‘average consumer’ for that practice is less ‘well-informed, circumspect, and observant’ than the typical adult consumer, according to the Dutch Authority for Consumers & Markets (“ACM”) Guidelines for the protection of the online consumer. The ACM urges traders to be mindful of vulnerable consumers, such as children. Because of the specific vulnerabilities of children, they are afforded extra protection. Practices that target or affect children will therefore be assessed more strictly by the ACM.
In addition, the DCC sets out the mandatory information duties that that traders must comply with when offering their products or services to consumers. The information must in any case be clear, comprehensible, and unambiguous, also bearing in mind the type of consumer the information is provided to. The ACM states that children value information differently than adults. If the information is provided to children, compliance with the information duties will naturally be reviewed more strictly.
Additionally, see information on the EU-level requirements here.
Are there any consumer protection rules which are specific to children only?
Yes.
Advertisements that directly encourage children to buy advertised products, are prohibited. Under all circumstances, such advertisements constitute an aggressive commercial practice pursuant to Article 6:193i (e) of the Dutch Civil Code.
Additionally, see information on the EU-level requirements here.
Has there been any regulatory enforcement action concerning consumer protection requirements and children’s use of digital services? In your answer, please include information on the volume, nature and severity of sanctions.
Yes.
Together with other European consumer protection authorities, in July 2014 the Authority for Consumers & Markets (“ACM”) took part in coordinated measures against inadvertent purchases made by children on device-based app distribution platforms. As a result, applications that offer in-app purchases, are no longer advertised as “free". More recently, the ACM imposed fines for a total of EUR 1,125,000 on a video game company for its alleged unfair commercial practice within its in-game shop of one of its popular games. One of the violations identified by the ACM concerned the prohibited direct exhortation of children to buy advertised products.
Are there any age-related restrictions on when children can legally access online/ digital services?
Yes.
It follows from Article 8(1) GDPR and Article 5(1) GDPR Implementing Act that children below 16 years of age may only create online/social media accounts (or interact in any other way with online/digital services that causes their personal data to be processed) with the consent of their parents (insofar the processing is based on consent as a legal basis).
While the use of social media and smartphones by children is not (yet) entirely prohibited, the government has been increasingly active in addressing the potential risks these technologies pose to young users. For example, as of 1 January 2024, the use of smartphones during class time in schools has been officially banned. More recently, in June of 2025, the government published a Guideline on Healthy Screen Use, which is non-binding, but is designed to support parents and guardians by offering practical advice on managing children's screen time . It recommends limiting smartphone use until the final year of primary school and suggests that access to social media platforms such as Instagram and TikTok be postponed until the age of 15.
Other than that, there is no age-related restriction on when children can legally access online/ digital services laid down in national law.
Are there any specific requirements relating to online/ digital safety for children?
Yes.
There are no formal or statutory meanings ascribed to the terms “digital safety” and “online safety” in the Netherlands. See information on the EU-level requirements here.
However, the Dutch Media Act (‘Mediawet’) stipulates that any digital content, both provided through traditional media as well as through online video platforms, cannot include material that could seriously harm the physical, mental or moral development of persons under 16.
Additionally, in 2021 the Code for Children’s Rights (‘Code Kinderrechten’) was drawn up on behalf of the Dutch government. The Code for Children’s Rights is meant to help developers and designers to focus on the rights of children when developing digital services. The Code consists of ten principles, presented on the basis of practical examples for implementation. The principles are not in themselves legally enforceable, but are based on law and regulations (such as the UNCRC) which are indeed legally binding. Some of the principles include:
- Avoid a harmful design for children at all times;
- Avoid the economic exploitation of children at all times;
- Make the best interests of the child the primary consideration when designing.
Some requirements arise from regulator guidance, such as the guidelines on the protection of online consumers from the Authority for Consumer and Markets (“ACM”). The ACM stresses that, due to their vulnerable status, children need extra protection. For instance, when targeting services and/or products towards children, traders must take into account the fact that children value information differently from adults, so they are protected from making purchases they otherwise would not make.
In addition, the Digital Services Act contains several provisions aimed at safeguarding children’s safety in the digital world (see in particular Article 28 DSA). Please see more information on the EU-level requirements here.
Are there specific age verification/ age assurance requirements concerning access to online/ digital services?
Yes.
There are no national-specific requirements in this regard that deviate from the requirements of the GDPR. See information on the EU-level requirements here.
However, the Dutch Government published a framework on online age verification in October of 2023 (‘Raamwerk Online Leeftijdsverificatie’), which is meant to help developers establish a proper form of age verification for their online product or service.
Are there requirements to implement parental controls and/or facilitate parental involvement in children’s use of digital services?
Yes.
There are no national-specific laws in this regard, but requirements arise from regulator guidance, such as the Authority for Consumer and Markets (“ACM”) guidelines on the protection of online consumers. The ACM gives several examples on how online traders should protect children. For instance, providers of games with in-app purchases that target children should design the payment procedure so that children cannot make purchases without parental supervision. This could, for instance, be established by requiring a password before each purchase is made. This stems from the rules surrounding the legal age from which individuals acquire contractual capacity to enter into an agreement to use digital services, as set out here.
See information on the EU-level requirements here.
Has there been any regulatory enforcement action concerning online/ digital safety? In your answer, please include information on the volume, nature and severity of sanctions.
No.
N/A
Are there any existing requirements relating to children and AI in your jurisdiction?
Yes.
There are no national-specific laws in this regard; the AI Act (Regulation 2024/1689) applies in this context. See EU-level response here.
Are there any upcoming requirements relating to children and AI in your jurisdiction?
Yes.
There are no national-specific requirements in this regard; see EU-level response here.
Has there been any other regulatory enforcement activity to date relevant to children’s use of digital services? In your answer, please include information on the volume, nature and severity of sanctions.
No.
N/A
Are there any other existing or upcoming requirements relevant to children’s use of digital services?
Yes.
There are no other national existing or upcoming requirements relevant to children’s use of digital services. See more information on the upcoming EU-level requirements here.
