As the end of the year approaches, the Christmas holiday period and the campaign of exaggerated consumerism that surrounds it, we tend to focus on childhood. The little ones are the target of many of these domestic or external actions, and for this reason it is always a good time to focus on less idle, but highly important issues that affect a vulnerable group that requires our utmost attention: minors. The recent Draft Organic Law for the Protection of Minors in Digital Environments (known as PLOPMED) brings us a substantial change that we must be aware of.
A key age change: from 14 to 16 years old
Until now, in our country, a minor under the age of 14 could give their consent for the processing of their data in most digital services. However, the new bill proposes raising this age to 16. What does this mean for a company, NGO or association? Basically, if your business or activity processes data from young people between 14 and 16 years old (for example, through an app, a web registration or a form), you will soon need the express permission of their parents or legal guardians, and not just that of the minor himself.
This measure is not a whim. It responds to a reality that a UNICEF Spain study already warned us about in 2021: practically all of our teenagers have a mobile phone before the age of 11 and are present on multiple social networks. The legislator understands that the digital maturity necessary to understand the risks of the internet requires additional protection up to the age of 16.
Although this harmonisation is mirrored in other countries of the European Union, it is not without debate. Experts point out that, in practice, we will encounter certain contradictions: a 16-year-old may consent to data processing, but may have already made decisions about their health or identity from an earlier age. This is because in our legal system there is no single age that determines the capacity to carry out acts with legal significance. In any case, for the case that concerns us professionally, the most important thing is clarity: we will need to review the data collection protocols to ensure that we are correctly verifying the age and the link with the guardians.
Faced with this new scenario, the best strategy is not fear of punishment, but the adoption of a privacy culture by design that places the dignity of the minor at the center of any technological project. Let's not forget that behind every piece of data there is a person in training, and our responsibility as professionals is to ensure that their entry into the digital world is safe, accompanied and respectful of their fundamental rights. The key to success for our organizations will be proactive adaptation and transparency in communication with families, ensuring that any processing of information is fully justified and protected under the new thresholds that the law establishes to protect our future: young people.
Jordi Ventura
