European Union: European Commission adopted guidelines to enforce protection of minors online under Digital Services Act including data protection obligations

On 14 July 2025, the European Commission published guidelines under the Digital Services Act (DSA) aimed at strengthening the protection of minors online. These guidelines require online platforms to configure default settings that prioritise privacy for underage users. This includes restricting the visibility of minors’ profiles, limiting default data sharing, and preventing intrusive tracking or data collection by default. The guidance also addresses age assurance, stressing that even less accurate age estimation tools can significantly affect users’ rights, especially if they involve processing more personal data. Such tools may inadvertently block access for children who should be able to use a service. Platforms using age estimation must therefore implement strict data protection measures, particularly data minimisation, and ensure their effectiveness over time. Where age restrictions are used, providers should publish clear information about the methods adopted and their performance, including metrics such error rates and accuracy.