top of page
Search

Minors as a consumer of digital services and digital content – a legal capacity perspective


Introduction


Directive 2019/770, which addresses certain aspects concerning contracts for the supply of digital content and digital services, establishes the scope from which the definition of the contract governed by this Directive originates. Specifically, any contract in which a trader provides or agrees to provide digital content or a digital service to a consumer, and the consumer either pays or commits to pay a specified price, is considered a contract to which the provisions of this Directive apply. Consequently, a contract for the supply of digital services/content involves the provision of a digital service or content and a corresponding remuneration for such services, i.e., a price. The Directive further specifies that these rules also apply in instances where the consumer obliges the trader supplying the digital service/content to provide personal data. This, however, excludes cases where the consumer's personal data is processed solely for the purpose of supplying the digital content or service, or to enable the trader to comply with legal obligations, provided that the data is not processed for any other purpose.

Digital services/content can encompass a wide variety of forms. Therefore, the subject matter of a supply contract could include, for instance, an e-book, a digital copy of a film, or the provision of data storage capacity for the purpose of storing consumer data. The common denominator in these cases is the digital format of the subject matter. In this context, the method of delivery or the medium on which the content is recorded is not determinative of whether the special rules set forth in Directive 2019/770 will apply to the contract. While these exchanges typically occur over the internet, digital content may also be stored on physical data carriers such as CDs, DVDs, or other mediums.

Directive 2019/770 explicitly states that it does not affect the general rules of contract or consumer law in the Member States, nor does it define the legal nature of the contract. Such classifications are left to national law. Additionally, the Directive expressly asserts that its provisions do not limit the ability of Member States to regulate aspects of general contract law, including rules concerning the formation, validity, nullity, and legal consequences of contracts, including the consequences of contract termination, as long as they are not addressed by this Directive, nor does it impact the right to compensation for damages.

 

Contract for the supply of a digital service or digital content – in a nutshell


By entering into a contract for the supply of a digital service or digital content, the trader commits to providing the consumer with data that is produced and delivered in digital form (i.e., digital content), or a service that enables the consumer to create, process, and store data in digital form, as well as to access such data. This also includes services that facilitate sharing or any other form of interaction with data in digital form that is either read or generated by the consumer or another user of the service (i.e., digital service). The trader is obligated to fulfill the delivery of the digital service/content in compliance with both subjective and objective requirements regarding conformity. On the other hand, the consumer is required to pay a specified fee (price) for the digital content delivered.

A key aspect of the Directive lies in its explicit provision that it applies even in cases where the consumer, instead of paying with money, provides or agrees to provide the trader with personal data. While the Directive does not explicitly state this, an interpretation of the provision suggests that personal data may be considered as a form of consideration for the digital service or content provided. While a comprehensive discussion of the contentious issues surrounding this provision is beyond the scope of this analysis, we will focus specifically on the question of whether minors are legally able to enter into contracts for the delivery of digital content and services.

 

Personal data as an obligation of the consumer under a contract for the supply of a digital service or digital content


When a contract for the supply of a digital service or digital content includes an obligation to provide personal data, or such data has already been provided, Directive 2019/770 invokes the application of the rules set forth in the EU General Data Protection Regulation (GDPR), as well as the Directive on the processing of personal data and the protection of privacy in the electronic communications sector (Directive 2002/58). According to the General Regulation, personal data are defined as any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.

In a similar vein, our Law on the Protection of Personal Data, which largely mirrors the provisions of the General Regulation, stipulates what constitutes personal data. Essentially, any data that relates to a specific characteristic of a natural person (e.g., name, surname, personal document data, membership in organizations, phone numbers, or email addresses) which can be used to determine or identify the individual in question, constitutes personal data that is legally protected. Viewed in a broader context, personal data can be understood as an objectified aspect of a person’s identity, which receives special legal attention. As such, an individual’s personality is subject to protection under both public law norms (constitutional, administrative, criminal) and private law provisions.

From the perspective of our research, this complexity holds particular significance. Primarily, freedom of contract is constrained by imperative norms, public order, and good customs. Consequently, the public law framework governing the protection of personal data also serves as the boundary within which freedom of contract operates. Moreover, given that personal rights are non-transferable, and by extension, personal data as an objectified expression of these rights are not in circulation, a question arises regarding the treatment of such data in the context of a contract for the supply of digital services or content in accordance with Directive 2019/770.

Furthermore, the potential inclusion of personal data in a contract for the delivery of digital content and services brings forth another issue—one that may not seem controversial at first glance, namely the issue of contractual capacity.


Legal capacity of minors


Directive 2019/770 does not establish specific provisions concerning the legal capacity required to enter into such contracts. Instead, the general rules of contract law as defined by the national legislator are applicable to these matters. For the purpose of further analysis, we will focus on the rules typically found in traditional legal systems.

As a general rule, full legal capacity is acquired upon reaching the age of majority. However, minors, depending on their age, may also enter into certain legal transactions. These transactions are usually of low value, gratuitous, or do not create either rights or obligations. The mere fact that a contract a minor wishes to conclude is classified as a low-value transaction, a charitable act, or a neutral transaction does not, by itself, ensure its validity in terms of legal capacity.

In fact, an additional condition must be met for such contracts to be valid, based on the legal principle of protecting minors. In this regard, legally beneficial or neutral legal transactions entered into by younger minors are considered valid only if they do not harm the minor’s interests (i.e., if they are not detrimental). If such transactions would be to their detriment, minors cannot independently conclude them. Instead, the transaction would require the consent of the minor’s legal representative (for older minors), or the legal representative would need to conclude the transaction on their behalf and for their benefit (for younger minors).


Consent of a minor in relation to the use of digital society services


The legal relevance of a minor's consent is governed by the General Regulation 2016/679, as well as by our Law on the Protection of Personal Data. In the context of contractual capacity, the pertinent provisions are Articles 7 and 8 of the General Regulation, and their equivalents in Articles 15 and 16 of our Law. The fundamental principle in the collection and processing of data, based on the will of the individual whose data is being processed, is to ensure that such will is freely formed.

In this regard, the legislator explicitly stipulates that consent must be any voluntary, specific, informed, and unambiguous expression of the will of the data subject, signified through a statement or by a clear affirmative action, thereby indicating agreement to the processing of personal data relating to that individual. If the consent is provided as part of a written statement that addresses other matters, the request for consent must be clearly distinguishable from the other content, presented in an intelligible, easily accessible form, and expressed using clear and simple language. Any part of the written statement that contravenes these requirements will have no legal effect.

To determine whether consent is freely given, special attention must be paid to whether the performance of a contract, including the provision of services, is made conditional upon the provision of consent that is not necessary for its execution. The relevant regulations also establish the age threshold at which an individual’s declaration of will, for the purpose of consenting to the processing of personal data in the context of using information society services, is considered legally valid.

According to the General Regulation, when offering information society services directly to a child, the processing of personal data is lawful only if the minor has reached the age of 16. The corresponding provision in our Law differs slightly in wording but does not lead to a different outcome in terms of practical application. Under our Law, a minor who has reached the age of 15 is legally competent to independently consent to the processing of their personal data in relation to the use of information society services. From the definition of the relevant terms used in the Law, it is clear that consent is required when the processing of data concerns a service that is typically provided for a fee, remotely, by electronic means, at the request of the service recipient.


The relationship between Directive 2019/770 and General Regulation 2016/679 with regard to the consent of minors


In addressing the question of whether a minor can conclude a contract for the provision of digital services or content, particularly when the contractual obligation involves the provision of personal data, it is essential to examine the relationship between Directive 2019/770 and the General Regulation, the relevant provisions of which have already been discussed. Specifically, the Directive explicitly refers to the application of the rules outlined in the EU General Data Protection Regulation (GDPR).

The primary scope of the General Regulation concerns the processing of personal data, whether by automated or non-automated means, or where the processed data forms part of a filing system or is intended to be part of such a system. Moreover, in relation to the collection and processing of personal data, the Regulation allows for the transfer (exchange) of such data. However, this exchange does not constitute a market transaction involving goods or values; rather, its main purpose is to achieve a specific, clearly defined objective, which must be communicated explicitly and unambiguously to the individual whose data is being collected and processed. Personal data may not be collected or processed for purposes other than those explicitly stated, except in exceptional cases.

The General Regulation, therefore, establishes rules for the collection and processing of personal data, with the primary aim of protecting the privacy of individuals. Within this context, and in relation to our discussion, the age threshold of 16 years is relevant for assessing a minor's ability to understand the consequences of data processing for the stated purpose, which must be communicated to them in an explicit, clear, and unambiguous manner. The General Regulation does not treat the collection and processing of data as a form of "counter-consideration" for the use of information society services. Furthermore, the enactment of the General Regulation was motivated by the desire to create rules protecting individuals with respect to the processing of their personal data, while also facilitating the free movement of such data.

On the other hand, Directive 2019/770 specifically governs the contractual relationship between a trader and a consumer in the context of digital services and content, wherein personal data may be used as consideration for the service or content provided. It is important to note that the Directive does not address issues within the broader framework of general contract law. As a result, the determination of a minor’s capacity to enter into a contract involving the provision of personal data remains governed by national law. This issue is of particular significance given the widespread participation of minors in the exchange of digital services and content, especially within the context of social networks.

 

Conclusion


Regarding the capacity of minors to enter into contracts for the delivery of digital content or digital services, it is important to recall that minors are permitted to conclude contracts for small-value (so-called trivial contracts), contracts that confer only rights (legally beneficial transactions), and contracts that neither confer rights nor impose obligations (neutral legal transactions). While determining the value of personal data presents its own challenges, it is evident that in the digital environment, even an initially small value may escalate. This is especially true considering that personal data, in its essence, is information that cannot be 'consumed' simply by being known. As a result, one cannot characterize such a contract as trivial.

Moreover, a contract for the delivery of digital services or content cannot be classified as a neutral transaction. The conceptual definition of this contract clearly identifies it as a synallagmatic contract, meaning that it involves mutual obligations between the parties. Finally, only a legally beneficial transaction can be regarded as one where the minor consumer does not assume any obligations. Consequently, the obligation to provide personal data precludes the possibility of qualifying a contract for the supply of digital services or content as legally beneficial, even when the digital service or content is provided without monetary compensation.

In conclusion, minors, with respect to Directive 2019/770, lack the capacity to contract for the delivery of digital services or content, even if they are not required to pay any remuneration for the service or content they receive.

bottom of page