Online Child Data Protection in Spain 2026: LOPDGDD and GDPR Obligations
Compliance guide on child data protection in digital environments: age of consent (14 in Spain), parental verification, GDPR and LOPDGDD-compliant design and sanctions.
# Online Child Data Protection in Spain 2026
LOPDGDD (Organic Law 3/2018) and the GDPR establish a special regime for processing personal data of minors. In 2026, with the rise of social media, educational platforms and online gaming, this is one of the most active enforcement areas for Spain's AEPD.
Age of consent for data processing
Spain's Art. 7 LOPDGDD sets the digital consent age at 14 years. Minors under 14 require parental consent for any consent-based processing. Those 14 and over may consent themselves with age-appropriate information.
The AEPD has clarified that a checkbox stating "I am over 14" is not sufficient. Reasonable technical measures to verify age are required: identity document verification (with subsequent anonymisation), verifiable parental declaration, or third-party age verification.
Privacy by design for minors (Art. 25 GDPR)
Services accessible to minors must apply more restrictive defaults: private profiles, no behavioural advertising, geolocation disabled, and direct messaging limited by default.
Information must be adapted to the child's comprehension level: simple language, visual elements, layered notices.
Key AEPD sanctions 2024-2025
Several major fines for lack of effective age verification mechanisms, public profiles for minors by default, and behavioural advertising directed at minors.
Compliance checklist
- Determine if your service can be accessed by minors
- Implement age verification (not just self-declaration)
- Ensure under-14s cannot consent without parental validation
- Apply most restrictive defaults for minor users
- Adapt privacy notices to children's comprehension level
Try Lexiel free · 28 days
Use code LEX-BLOG for double the standard trial period. Cancel anytime, no commitment.