Which topic would you like to know more about?
What is the legal age of adulthood/ majority in your jurisdiction? Are all persons below this age considered a child/ minor?
Under Article 6 of the Family Code, a child is a person who has not yet reached the age of 18, unless they have previously acquired legal capacity.
Has the UNCRC been directly incorporated into national law in your jurisdiction?
No.
The UNCRC has not been directly incorporated into national law in Slovenia. However, Slovenia has ratified UNCRC, which means it is committed to implementing the principles and rights outlined in the convention through its national legislation.
Is there an ombudsperson/ commissioner for children in your jurisdiction?
No.
There is no specific ombudsman for children in Slovenia, however, the (general) Ombudsman has been addressing children's rights since it began operating in 1995 and has led special projects and organisational units in this respect.
If there is an ombudsperson/ commissioner for children in your jurisdiction, do they have any responsibility for upholding children’s rights in the digital world or does the relevant regulator have sole competence?
N/A.
N/A.
Is there any standalone requirement to collect the consent of one or both parents when processing a child’s personal data (irrespective of any other obligations, e.g. the requirement to have a legal basis for processing)?
No.
There are no national-specific laws in this regard; see more information on the GDPR-level requirements here. The requirement to collect parental consent under Article 8(1) of the GDPR only applies where the service provider is relying on consent as the legal basis under the GDPR for processing a child’s personal data. If another legal basis is relied on for processing, there is no requirement to collect parental consent for processing the child’s data.
Entirely separate to the requirement to collect parental consent under Article 8(1) is that a digital service provider (controller) may decide to seek parental permissions for a child to access different setting/ features/ functionalities etc. as part of the measures it implements under Articles 24 and 25 of the GDPR to ensure a high level of protection for child users.
At what age can children legally consent to the processing of their own personal data, such that parental permission/ consent is not required?
Article 8(1) of the GDPR provides that the age of digital consent may be anywhere between 13 and 16 years of age, depending on what age the EU Member State in question has adopted. In Slovenia, this is 15 years of age.
In accordance with the local Personal Data Protection Act, where the general terms and conditions of the provider provide for a higher age limit, then that higher age limit shall apply.
Are there specific requirements in relation to collection and/or verification of parental consent/ permission concerning the processing of a child’s personal data?
Yes.
In addition to the general requirements of Article 8(2) of the GDPR, the local Personal Data Protection Act provides that the consent of a child should not be conditioned with excessive conditions of the data controller so that the child would need to provide more personal data than required for the purposes of such activity.
No special guidance has been issued by the local data protection authority, i.e. the Information Commissioner of the Republic of Slovenia.
See more information on the GDPR-level requirements here.
Are there any particular information or transparency requirements concerning the processing of children’s personal data?
Yes.
There are no national-specific laws in this regard; see more information on the GDPR-level requirements here.
Article 12(1) of the GDPR emphasises the particular importance of the requirement for clear and plain language when providing information to children.
The Information Commissioner of the Republic of Slovenia has not issued any guidance specifically on the processing of personal data of children, however, would likely follow the decisions of the Irish Data Protection Commission.
Can children directly exercise their rights in relation to their personal data without the involvement of their parents?
Yes and no.
There are no national-specific laws which specify the age at which children have the legal right to exercise their data subject rights under the GDPR.
The Information Commissioner of the Republic of Slovenia has not published any guidelines in this respect, so it is likely that general rules on legal capacity would apply. A child obtains a legal capacity to conclude a legal transaction (and to communicate in relation to it) at the age of 15, unless such transaction would have a significant impact on the child’s life before or after becoming of age. Children under the age of 15 cannot conclude any transactions without the consent of their parents. It is therefore likely that such children would also need to exercise their rights through or with the consent of their parents.
Children over the age of 15 would be able to exercise them directly, if the above conditions are met. Their capacity to do so would therefore be assessed on a case-by-case basis.
Additionally, Article 20 of the Personal Data Protection Act ZVOP-2 provides that the controller may exceptionally refuse a request from an individual referred to in Articles 15 to 22 of the GDPR made through his or her legal representative, if there are specific and objective circumstances which lead to the reasonable conclusion that the disclosure of certain personal data would directly or indirectly prejudice the best interests, rights or legitimate interests of minors or persons under their guardianship or of other persons for whom the law so provides, and where those rights and interests outweigh the interests of the legal representative in obtaining such disclosure. In this case, the grounds for refusal must be accessible to the supervisory authority, the Ombudsman, and the “conflict guardian” (note that this is a Slovenian term meaning the person/ institution representing a child in cases where the interest of the child and the interest of its legal guardian are in conflict, (»kolizijski skrbnik«). No case law yet exists on this, however, in our opinion, either (i) children should in this case have the right to exercise their rights directly or (ii) the competent authorities should step in to assist in protecting their rights.
Can children make complaints on their own behalf directly to your national data protection/ privacy regulator(s)?
Yes and no.
In proceedings before the Information Commissioner of the Republic of Slovenia, in terms of procedure, unless otherwise prescribed by Personal Data Protection Act, the General Administrative Procedure Act (the ZUP) applies. According to ZUP, a minor, who has not yet obtained full legal capacity, has the capacity to litigate (sl. Procesna sposobnost) within the scope of their legal capacity. If the complaint would fall within their legal capacity, they would be able to file it themselves, otherwise, they would need to be represented by their parents.
Are there any particular requirements/ prohibitions related to:
a. processing specific types of children’s personal data;
b. carrying out specific processing activities involving children’s personal data; and/ or
c. using children’s personal data for specific purposes.
Yes.
While no specific local law regulations exist in this respect in relation to personal data protection, the local Information Commissioner of the Republic of Slovenia would likely follow the recent decisions of Irish Data Protection Commission. See further information on the EU-level requirements here.
Has there been any enforcement action by your national data protection/ privacy regulator(s) concerning the processing of children’s personal data? In your answer, please include information on the volume, nature and severity of sanctions.
No.
To our knowledge there has been no such enforcement in Slovenia. Note, however, that the case law of the Information Commissioner of the Republic of Slovenia is not publicly available (apart from anonymized and aggregated yearly reports) so it is possible that such case law exists but was not published and/or reported on in the media.
Are there specific rules concerning electronic direct marketing to children?
Yes.
While there are no specific national laws addressing electronic direct marketing to children, there are laws regulating electronic direct marketing in general, which would apply to direct marketing to children as well, and laws that refer to children’s rights in relation to consumer protection.
The regulation of electronic direct marketing to individuals via electronic communications (such as unsolicited emails, phone calls, and SMS messages) is governed by Article 226 of the Electronic Communications Act. The sending of unsolicited messages through electronic communications is permitted only if the recipient has given prior consent, or if they have purchased a product or service from the sender and provided their email address (and have not at any point opted out of such communications).
According to Article 21 of the GDPR, an individual has the right to object at any time to the processing of their personal data for direct marketing purposes, including profiling to the extent that it is related to such marketing. The controller must inform the individual of this right at the latest upon the first communication with them.
Article 6 of the Electronic Commerce Market Act provides that a service provider may send commercial communications, which are part of information society services, only if the recipient has given prior consent. Additionally, commercial communications must be clearly identifiable as such, with the sender's identity and the terms of special offers clearly stated.
As none of the above-listed legislation provides guidance on the age of children to provide such consent, it is likely that the age of digital consent, per Article 8 GDPR, applies, i.e. 15 years of age (per the Personal Data Protection Act).
Any such marketing communication should be in line with the provisions of consumer protection legislation, which expressly protects children. For further information, see this section.
Are there specific rules concerning the use of adtech tracking technologies, profiling and/or online targeted advertising to children?
Yes.
There are no national-specific laws in this regard; see more information on the GDPR-level requirements here.
Are there specific rules concerning online contextual advertising to children?
Yes.
There are no specific rules solely dedicated to online contextual advertising to children. However, some general rules apply to ensure that children are protected in the advertising context.
Although contextual advertising generally relies on the content of the webpage or the keywords searched by the user, rather than personal data, any related activities that might involve data processing would be covered by GDPR and Personal Data Protection Act.
Children should not be able to access websites where they could be exposed to contents, not appropriate to children (for example alcohol, gambling, etc.), and for this reason should also not be able to be subject to contextual advertising on such pages.
See more information on the EU-level requirements here.
Has there been any regulatory enforcement action concerning advertising to children? In your answer, please include information on the volume, nature and severity of sanctions.
No.
To our knowledge there has been no such enforcement specifically concerning advertising to children in Slovenia. Note that case law of the competent authorities is not publicly available.
At what age does a person acquire contractual capacity to enter into an agreement to use digital services?
The legislator has set the age of 18 as the threshold for acquiring (full) contractual capacity.
From the ages of 15 to 18, a child has limited contractual capacity, which means they can generally enter legal transactions independently, except for those transactions that significantly affect their life before or after reaching the age of majority. It is therefore possible that certain agreements on the use of digital services could be entered into by children aged 15 and over.
Before the age of 15, a person lacks contractual capacity and cannot independently enter valid legal transactions, and therefore must be represented by a legal guardian in legal matters.
Do consumer protection rules apply to children?
Yes.
Under the Consumer Protection Act (ZVPot-1), a consumer is a natural person who acquires or uses goods, services, and digital content for purposes outside their professional or commercial activity. This means that consumer protection rules do apply to children, as they are considered consumers when they engage in such transactions.
The ZVPot-1 itself does not specifically distinguish between adult and child consumers in terms of applicability but focuses on protecting the weaker party in a transaction, which in many cases would include children due to their lack of experience and understanding.
See more information on the EU-level requirements here.
Are there any consumer protection rules which are specific to children only?
Yes.
Articles 40 and 54 of the Consumer Protection Act (ZVPot-1) safeguards children as a vulnerable group of consumers.
The ZVPot-1 includes provisions concerning children. Article 40 of the ZVPot-1 prohibits advertising that causes or could cause physical, mental, or other harm to children, or that exploits or could exploit their trust or lack of experience. Article 54(5) of the ZVPot-1 defines aggressive commercial practices that are considered unfair in all circumstances. One of these practices includes directly encouraging children to purchase advertised products or persuading parents or other adults to buy the advertised product for children.
The Slovene Advertising Code, established under the auspices of the Slovenian Advertising Chamber, addresses advertising to children and adolescents in Article 18. This Code represents advertising standards, rules, and best practice principles to which the advertising industry voluntarily commits. Often, these provisions cover areas that legislation, due to its fragmented nature, cannot adequately regulate. The Code emphasizes that children lack the knowledge, experience, and mature judgment of adults, and that advertising must take into account the particularities of children. The compliance of advertisements with the Code is assessed by the Advertising Tribunal.
Furthermore, children should not be targeted with specific ads, such as for example for gambling, alcohol, etc. According to the Mass Media Act (Zakon o medijih; Official Gazette of the Republic of Slovenia, no. 110/06 as amended) advertisements that predominantly target children or in which children appear may not contain scenes of violence, pornography or other content that could harm their health and mental and physical development or otherwise adversely influence susceptibility of children.
See more information on the EU-level requirements here.
Has there been any regulatory enforcement action concerning consumer protection requirements and children’s use of digital services? In your answer, please include information on the volume, nature and severity of sanctions.
No.
To our knowledge there has been no enforcement specifically concerning consumer protection requirements and children’s use of digital services in Slovenia. Note, however, that the case law of competent authorities is not publicly available.
Are there any age-related restrictions on when children can legally access online/ digital services?
Yes.
There are national-specific laws in Slovenia that implement age-related restrictions on the ages at which children can legally access specific goods and services. The following is a non-exhaustive list of goods and services to which such restrictions apply:
- Gambling: Article 3.a of the Gambling Act (ZIS) stipulates that participation in online gambling is permitted only for individuals aged 18 years or older. While the ZIS does not expressly mention advertising, we are of the opinion that this prohibition extends to advertising as well.
- Pornography: Article 176(1) of the Penal Code states that anyone who sells, displays, or otherwise allows access to pornographic material to a person under the age of 15 shall be punished with a fine or imprisonment for up to two years. Thus, access to pornography is restricted to individuals aged 15 and above.
- Alcohol: In accordance with Article 15 of the Act Regulating the Sanitary Suitability of Foodstuff, Products and Materials Coming into Contact with Foodstuffs advertising of alcoholic beverages with more than 15% ABV (alcohol by volume) is prohibited in general. For beverages with less than 15% ABV, advertising is permitted; however, not to children.
To the extent that such goods and services are accessed online by minors, these restrictions will generally also apply.
In addition, if online digital services involve the processing of personal data, they must comply with the GDPR and the Personal Data Protection Act.
Are there any specific requirements relating to online/ digital safety for children?
Yes.
There are currently no national-specific laws or requirements relating to online or digital safety in Slovenia. See more information on the EU-level requirements here.
However, Slovenia is committed to ensuring that children are educated about online safety and are equipped to protect themselves from the risks associated with the digital world. Through various programs and projects, the country actively promotes digital safety for children.
The ongoing Programme for Children 2019-2024, prepared by the Ministry of Labour, Family, Social Affairs and Equal Opportunities in cooperation with all relevant ministries, primarily focuses on the online safety of children.
Data indicates that the majority of children in Slovenia, including those in their adolescent years, have unrestricted access to the internet and new online technologies; however, many are not fully aware of the risks that the digital world and new technologies present.
As examples of good practices in the fields of online safety and digital addiction, we would also like to highlight two ongoing Slovenian projects that target children:
- The 'Click-Off' Project: This initiative addresses cyber violence and harassment as forms of violence against women and girls, reflecting historically unequal power relations. It primarily focuses on awareness-raising and prevention activities. The project's aim is to enhance the knowledge of children and youth, parents, and bystanders on how to prevent and respond to online violence. To engage the largest number of children and youth, activities are conducted in schools across Slovenia. The 'Logout' Centre: This centre provides psychological counselling for children, young people, and adults dealing with digital addiction, excessive use of technology, and online abuse. It also runs preventive programmes for families, as well as support groups for parents, partners, children, and young people.
Are there specific age verification/ age assurance requirements concerning access to online/ digital services?
Yes.
There are no national-specific laws in this regard. Children should, however, be prohibited from accessing content (i.e. through age verification) which they should not be exposed to in accordance with the local law (for further information, see the response to this question).
If online digital services involve the processing of personal data, they must comply with the GDPR and the Personal Data Protection Act, which in its Article 8(1) stipulates that a child's consent for using information society services offered directly to children, or which can reasonably be assumed will be used by children, is valid if the child is aged 15 years or older. If the child is under 15, consent is valid only if given or approved by a parent, guardian, or another person designated with parental responsibility.
Many social media platforms have their own age restrictions, typically requiring users to be at least 13 years old to create an account. They often implement age assurance methods, such as asking for birthdates during account creation, and may employ additional measures like requiring parental consent for younger users.
See more information on the EU-level requirements here.
Are there requirements to implement parental controls and/or facilitate parental involvement in children’s use of digital services?
Yes.
There are no national-specific laws in this regard. See more information on the EU-level requirements here.
Use of stand-alone parental control software that can allow time limits, control of activities and the flow of sensitive data, as well as accessibility of content is, however, encouraged by the authorities.
If online digital services involve the processing of personal data, they must comply with the GDPR and the Personal Data Protection Act, which in its Article 8(1) stipulates that a child's consent for using information society services offered directly to children, or which can reasonably be assumed will be used by children, is valid if the child is aged 15 years or older. If the child is under 15, consent is valid only if given or approved by a parent, guardian, or another person designated with parental responsibility.
See more information on the EU-level requirements here.
Has there been any regulatory enforcement action concerning online/ digital safety? In your answer, please include information on the volume, nature and severity of sanctions.
No.
To our knowledge there has been no enforcement action concerning online/digital safety in Slovenia. Note that case law of the competent authorities is not publicly available.
Are there any existing requirements relating to children and AI in your jurisdiction?
Yes.
There are no national-specific laws in this regard; the AI Act (Regulation 2024/1689) applies in this context. See EU-level response here.
Are there any upcoming requirements relating to children and AI in your jurisdiction?
Yes.
See EU-level response here.
Note that the current draft of the Slovenia law transposing the AI Act at national level does not stipulate any additional obligations relating to children and AI.
Has there been any other regulatory enforcement activity to date relevant to children’s use of digital services? In your answer, please include information on the volume, nature and severity of sanctions.
Yes.
Note that case law of the competent authorities is not publicly available. It could only be known to the public if it was reported on in the mass media.
While not directly linked to children’s use of digital services, we would point out the following case which involved portraying a child in the digital world.
At the end of 2022, the Labour Inspectorate issued a fine of EUR 1,500 for failing to obtain prior permission from the Inspectorate to employ children under the age of 15. The law stipulates that, as an exception, a child under the age of 15 may be employed, for remuneration, in the production of films, and in the preparation and performance of artistic, stage, and other works in the fields of culture, arts, sports, and advertising, for no more than 2 hours per day and 12 hours per week. However, such employment requires prior approval from the Labour Inspectorate, based on a request submitted by the child’s legal representative. Another condition for granting permission is that the work to be performed must not jeopardise the child’s safety, health, morals, education, or development.
In this case, the violation involved a family using their children in promotional videos for a specific product without obtaining the necessary work permits. This amounted to the exploitation of child labour by influencer parents, highlighting yet another area in the modern digital world where children's rights need to be protected. The parent was fined with a fine of EUR 1,500.
Are there any other existing or upcoming requirements relevant to children’s use of digital services?
Yes.
There are no other national existing or upcoming requirements relevant to children’s use of digital services. See more information on the upcoming EU-level requirements here.
Contributors
Eva Gostiša
Jadek & Pensa
Urša Horvat Kous
Jadek & Pensa
