In the digital ecosystem, children are no longer viewed solely as individuals in need of protection; they have also become one of the central user segments within data-driven business models. Social media platforms, gaming applications, and video-sharing websites systematically process children’s behavioral data, interaction patterns, and content consumption habits. This reality has led to a transformation in the legal approach to children’s data protection, shifting from a traditional consent-based model toward a risk-based regulatory framework.
At the present stage, the debate is no longer limited to the question of whether children’s data may be collected. The core issues now concern whether profiling directed at children should be prohibited altogether; which age verification techniques can be considered legally legitimate, proportionate, and effective; whether platform design itself should become a direct subject of data protection scrutiny; and whether a “self-declared age” method based solely on user statements can be regarded as sufficient. In other words, regulators have moved beyond the traditional consent-centered framework toward a structural assessment that places children’s rights at the center - at the level of design, algorithms, and business models. Recent global developments further confirm this transformation.
Authors:
Begüm Yavuzdoğan Okumuş, Partner
Seda Takmaz, Senior Associate