Section 31, NDPA
Children or persons lacking the legal capacity to consent
(1) Where a data subject is a child or a person lacking the legal capacity to consent, a data controller shall obtain the consent of the parent or legal guardian, as applicable, to rely capacity to a on consent under this Act.
(2) A Data controller shall apply appropriate mechanisms to verify age and consent, taking into consideration available technology.
(3) For the purposes of subsection (2), presentation of any government approved identification documents shall be an appropriate mechanism.
(4) subsection (1) shall not apply, where the processing is —
(a) necessary to protect the vital interests of the child or person lacking the legal capacity to consent;
(b) carried out for purposes of education, medical, or social care, and undertaken by or under the responsibility of a professional or similar service provider owing a duty of confidentiality; or
(c) necessary for proceedings before a court relating to the individual.
(5) Where the circumstance relates to the processing of personal data of a child of 13 years and above in relation to the provision of information and services by electronic means at the specific request of the child, the Commission shall make regulations in accordance with the objectives of this Act.
(6) Nothing in this Act shall be construed as authorising data processing in respect of a child in a manner that is inconsistent with the provisions of the Child’s Right Act. Act No. 26, 20
This is Section 31 of the Nigeria Data Protection Act 2023. To explore the rest of the legislation, please use the links below:
- See the Full Act (Index)
- Next, Read Section 32: Data Protection Officers
- Back to Section 30: Sensitive personal data