UK GDPR: at what age can pupils give consent?

There's no statutory age at which pupils can give consent for data processing under the UK GDPR. Learn what age is usually appropriate, and how to manage issues around seeking pupils' consent.

Last reviewed on 30 May 2022
School types: All · School phases: All
Ref: 34892
  1. How to determine the age of consent
  2. What else to consider

How to determine the age of consent

You don't need to get consent for all data processing. Read our article on seeking consent for guidance on when it's appropriate to do so.

If you still need to get consent to process pupils' personal data, keep reading.

No statutory rules

The UK GDPR doesn't define the age at which children can provide consent for their own personal data to be processed.

The Information Commissioner's Office (ICO) also doesn't set an age, but it does say you need to consider the competence of the child – whether they have the capacity to understand the implications of the collection and processing of their personal data.

If you don't consider the child competent, you'll need to seek parental consent, unless it's evident that would be against