Germany: Conference of Independent Data Protection Supervisory Authorities of Federal and State Governments adopted resolution on amendments to General Data Protection Regulation focusing on child protection

On 20 November 2025, the Conference of Independent Data Protection Supervisory Authorities of the Federal and State Governments adopted a resolution calling for amendments to the General Data Protection Regulation to strengthen protections for children. The resolution applies to controllers and processors handling children’s personal data across the digital economy. It proposes new obligations, including compatibility tests for data processing, a ban on children’s consent for profiling and advertising, limits on children’s ability to consent to special-category data processing, and clearer rights for children to access counselling and medical services privately. It also focuses on a prohibition on children consenting to automated decisions, explicit child-centred duties in data protection by design and default, attention to children in breach notifications, and consideration of children’s risks in data protection impact assessments.