The use of apps and social networks is part of the daily lives of children, teenagers and adults, but It is not always clear what minimum age is required to use each service or what laws govern itFurthermore, age requirements depend not only on the internal rules of each platform, but also on the legislation of each country and the content classification systems applied by Google Play, Apple, public bodies and international entities.
If you develop an application, manage an online service, or are a parent or guardian, you'll want to understand how all this works. From the app store age ratings including age verification systems and parental control toolsThere is a technical and legal framework that determines what a minor can do with a mobile phone, what data can be processed, and what responsibilities companies assume.
Content rating and age requirements in mobile applications
In app stores like Google Play or the App Store, each app must display an age rating, but That label isn't assigned randomly: it's based on questionnaires, local regulations, and external classification authorities.The aim of these systems is to guide families and users on whether a game or app is suitable for a specific age group and, in addition, to allow legal blocking or filtering in certain territories.
On Google Play, for example, developers have to complete a content rating questionnaire from Play Console For each app or game, both new and already published, a form is used to precisely describe the type of content the app includes (violence, sex, gambling, language, etc.), and the responses are sent to various rating authorities around the world, which apply their own methodology to determine the recommended age.
The information provided in that questionnaire is critical: An inaccurate, incomplete, or misleading description can result in a misclassification, review by the authority, or even suspension or removal of the app.If the developer disagrees with the resulting rating, they can usually repeat the questionnaire or appeal directly to the relevant rating agency, using the links provided in the certificate sent by email.
These classifications serve several additional purposes. For one thing, They allow you to block or filter content in certain regions. when required by law (for example, to prevent access to "adults only" apps in certain countries). On the other hand, they help Google and other stakeholders determine whether an app can participate in special programs, family collections, or featured sections for children.
In territories such as the European Economic Area, the United Kingdom, Switzerland, Singapore, Australia, or Brazil, content classification is also used for Restricting users considered minors from purchasing apps or games for adults (for example, +18) and to hide certain search results or navigation sections from them, unless they access them via a direct link.
Google Play questionnaire system and relationship with the target audience
The content rating process on Google Play always starts in the developer console. The questionnaire can be accessed from the "Policy > App Content" section.where a contact email is validated, the app category is selected, and a series of questions about the type of content and functions included are answered.
As sections are completed, Play Console displays provisional calculated rankings on a summary pageThe developer can edit responses, save drafts (only one draft per app is allowed), and submit the set when satisfied. Once submitted, the rating authorities participating in the IARC (International Age Rating Coalition) system process the responses and return the official ratings for each region.
It is important to be clear that The same app can have different ratings depending on the country or territory.This is because each organization applies its own criteria, even within the IARC framework. Furthermore, the rating displayed in the Play Console summary panel may not exactly match the rating ultimately shown to the user on Google Play, as manual reviews, adjustments due to local regulations, or subsequent decisions by the authorities may be involved.
Along with the content questionnaire, Google Play requires explicitly declaring the target audience and age group the app is aimed atIf there are minors or children among that audience, the app becomes subject to Google Play's "Families" policies, which are stricter on issues such as advertising, data collection, community features, or user-generated content.
Before completing that section, the developer must indicate whether their app displays ads, how to access it, and must provide a clear and accessible privacy policyBased on these statements, Google can apply additional policies to protect minors, require specific parental controls, or even reject updates if it detects a potential violation.
Advertising and tailoring ads to the user's age
An aspect that is often forgotten is that It is not enough for the app's internal content to fit the age rating: the ads displayed within the app must also respect it.In other words, an app labeled as suitable for minors cannot include banners or videos with adult content, even if that content comes from an external advertising network.
To minimize problems, it is recommended to properly configure the ad filters in the advertising provider. If you use a platform like AdMob, there are blocking controls and ranking settings for ads. These features allow you to limit which campaigns can appear on specific apps or user segments. The idea is that neither the promoted content nor the creative content should include themes that contradict the app's target age.
In practice, this means that the developer must coordinate with your advertising provider to ensure that only campaigns compatible with the app's rating are served. Google also has a specific policy on "Inappropriate Ads," which details examples of banners or interstitials that would conflict with the apps' age categories.
If an app aimed at minors is found to display ads that are not appropriate for its classification (for example, gambling games, sexualized content, or adult services), The store can take measures ranging from removing ads to suspending the app.Therefore, periodically reviewing which ads are being displayed is almost as important as moderating the internal content itself.
Main age classification systems in the world
The IARC ecosystem integrates several classification authorities from different regions, each with its own age scheme and descriptors. When a developer fills out the Google Play questionnaire, the answers are transformed into automatic ratings compatible with each organization.so that a single assessment serves many markets.
In the Americas, the best-known entity is the ESRB (Entertainment Software Rating Board). Their system is based on categories such as “Everyone”, “Everyone 10+”, “Teen”, “Mature 17+” and “Adults Only 18+”These ratings combine the minimum suggested age with content descriptors (violence, strong language, gambling, etc.). This classification is applied in the United States, Canada, and much of Latin America and the Caribbean, as listed by the ESRB itself.
In Europe and much of the Middle East, the reference is PEGI (Pan European Game Information). PEGI uses age ratings 3, 7, 12, 16 and 18, in addition to the "parental guidance" icon for apps that act as content portals (For example, streaming platforms where content varies and cannot be pre-rated). Each label is accompanied by symbols that warn of violence, fear, foul language, gambling, drugs, sex, discrimination, etc.
In Germany there is a system of its own managed by the USK (Unterhaltungssoftware Selbstkontrolle). USK establishes age ranges such as no age restriction, 6+, 12+, 16+ and 18+with detailed descriptions of what each rating level entails in terms of violence, language, sexual content, or emotional tension. This organization is known for being particularly thorough, and its ratings are legally binding in the German market.
Australia uses the Australian Classification Board (ACB) categories for games: G (General), PG (Parental Guidance), M (Mature), MA 15+ and R 18+with different levels of content impact (very mild, mild, moderate, strong or high) and age verification requirements to rent or buy products classified as restricted.
Brazil has ClassInd, the National Indicative Classification, which ranges from “Suitable for all audiences” to “18+”, progressing through age groups of 10, 12, 14 and 16 years. Each level details whether insults, scary scenes, references to drugs, violence, nudity or sexual content are allowed, including nuances about the impact (mild, moderate or high) and the presence of blood, mutilation or erotic situations.
In South Korea, games are classified by the GRAC (Game Rating and Administration Committee) organization, which Use the "All", 12+, 15+ and 19+ ranges for interactive titlesHowever, apps that are not games do not go through GRAC on Google Play, but are governed by a specific classification system of the store itself, with labels also by age (3+, 7+, 12+, 16+ and 19+).
Finally, for countries not covered by a specific national authority, the IARC applies its own generic scheme: 3+, 7+, 12+, 16+ and 18+Using criteria very similar to PEGI, taking into account violence, nudity, language, depiction of criminal activity, and drug use, this system allows users in almost any region to have a consistent age rating even without a specific local regulator.
Apps rejected and removed in specific territories
There are cases in which a classification authority decides that An app cannot be legally distributed in its territory and marks the title as "rejected rating"This is not common, but it can happen with products containing extreme content, inciting illegal activities, or violating sensitive local regulations (for example, regarding pornography, gambling, or hate speech).
When such a rejection occurs, the IARC notifies the developer by email, and the Play Console displays the message: “Classification rejected” instead of the usual ratingIn that case, Google Play only removes the app or game from the affected territory, but it may still be available in other countries where the rating remains valid.
The developer has the option to file an appeal with the authority that rejected the appusing the appeal URL included in the notification email. In some cases, a content review (changing or removing certain features, adjusting descriptors, etc.) followed by a new questionnaire may result in an acceptable rating for that market.
It is worth remembering that the icons and trademarks of all these classifications are legally protected, so Using them improperly or without authorization may result in legal actionIt is recommended to always follow the user guides published by each entity on its own website, both in apps and in marketing campaigns.
Minimum age and consent of minors in Spain
Beyond content classification, in Spain one must keep in mind At what age can a minor give valid consent for the processing of their personal data and what limits apply to access to online services such as social networks, messaging, or video platforms.
The Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD) establishes in 14 years is the age from which a minor can consent to the processing of their data.without the need for parental or guardian authorization, unless a specific rule requires otherwise. This connects directly with the General Data Protection Regulation (GDPR), which requires "reasonable efforts" to verify that the consent of a minor of that age has indeed been given by the person holding parental authority.
Therefore, for For children under 14 years of age, consent must be given by parents or legal guardiansThe responsibility lies with the data controller (the company or platform) to verify, using reasonable technological means at their disposal, that the person accepting the terms and privacy policy is indeed an adult with authority over that minor.
Between the ages of 14 and 18, teenagers can consent to the processing of their personal data themselves, although Certain activities or services may still require parental involvement according to other sector-specific laws. Furthermore, the regulations recognize the right of minors to request the deletion of data they have provided to social networks or other information society services during their minority.
This legal framework has direct effects on the minimum age of access to specific services, especially on social networks and platforms with potentially sensitive content, which must adapt their terms of use to comply with both national and European regulations on data protection and the protection of minors.
Minimum ages on the main social networks and platforms
Each platform sets in its terms of service one minimum age to register or use their appswhich usually combines the global reference (often 13 years) with local adjustments when the law requires a higher threshold, as is the case in Spain with the 14 years of the LOPDGDD.
On X (formerly Twitter), users in Spain are required to be 13 over yearsThe platform itself includes a mechanism to restore accounts for those who registered before that age but have now reached it, which involves deleting a large part of the associated content (tweets, likes, direct messages, lists or moments) before reactivating the profile.
Facebook establishes a minimum age in Spain is 14 yearsIn line with Spanish data protection regulations, Instagram, also owned by Meta, requires users to be at least 14 years old to create an account in Spain and has introduced additional mechanisms to better manage the experience for teenagers, such as so-called "teen accounts" with private settings by default and limitations on advertising targeting.
TikTok, very popular among minors, sets in its terms and conditions for Spain a Minimum age of 13 years to use the appIn addition, it applies further restrictions by age group: to send and receive direct messages, broadcast live streams, or allow video downloads and features like Duet or Paste, you must be at least 16 years old, reinforcing the protection of younger users.
Twitch is only available to those over 13 years old in Spain, but It requires that those between the ages of 13 and the age of majority in their jurisdiction use the service under the supervision of one of their parents or legal guardians.In other words, access is possible, but conditional upon the acceptance of the terms by a responsible adult within the household.
Discord, which combines text chat, voice chat, and communities, establishes a The minimum age is 13 years for many countries, but Spain expressly lists a threshold of 14 years.In addition, users aged 13 to 17 cannot access channels marked as age-restricted content (18+), using age information to filter certain spaces and content.
YouTube allows direct use of the service in Spain for those over 14 years of age, while Children of any age can use YouTube or YouTube Kids if a parent or guardian has properly enabled the accountThe adult who authorizes access expressly accepts the conditions and assumes responsibility for the minor's activity on the platform, and may use tools such as Family Link to supervise and limit usage.
Tumblr, traditionally permissive with varied and sometimes sensitive content, sets a The general minimum age is 13 years, but raises the requirement to 16 years for users in the European Union and the United Kingdom.Pinterest, for its part, sets the minimum age at 13, but refers to the legal age of consent in each country (in the EU between 13 and 16 years old), which in practice means that in Spain the effective threshold is 14 when the processing of the minor's personal data is relevant.
In the area of messaging, WhatsApp requires at least 13 years old or the minimum age established in the country or territory to be able to use their services. In Europe, that minimum age has recently been lowered from 16 to 13, maintaining the recommendation that, if the person is under 18, an adult should review the terms and conditions with them. Telegram, on the other hand, sets the minimum age at 16 to use its application, while Snapchat remains at 13, with the warning that accounts detected below that age or below the applicable national minimum age will be deleted.
LinkedIn, being geared towards the professional world, Spain establishes a minimum age of 16 to be able to use the platform.And at the most restrictive end, OnlyFans requires users to be 18 years old to create an account, accompanying this requirement with an identity verification system that includes sending a photo of the identification document and an image of the user holding it, precisely to reduce the risk of minors being present on the platform.
Spanish legislation on age verification in digital services
In Spain, age verification in online applications and services is not a mere formality: There are clear legal obligations arising from various regulations that seek to protect minorsespecially when faced with adult content or risky services (pornography, gambling, drugs, alcohol, etc.).
The LOPDGDD, as a transposition of the GDPR, obliges platforms to implement effective age verification mechanisms when processing data of minors or exposing them to sensitive contentA simple checkbox stating "I confirm I am over X years old" is insufficient if the service involves significant risks. Furthermore, the GDPR treats biometric data as special categories, so its use in verification systems (e.g., facial recognition) requires additional safeguards, data minimization, and transparency.
The Law on Information Society Services and Electronic Commerce (LSSI) also affects the obligation to Establish access control systems for services or content restricted by law or for child protectionThis covers everything from video platforms to betting websites, and can lead to administrative penalties if adequate filtering and age verification mechanisms are not implemented.
Furthermore, the Civil Code and the Penal Code contain provisions that reinforce the idea of to protect minors from exposure to clearly inappropriate contentsuch as pornography or materials that incite drug use or violence. In serious situations, inadequate age verification that allows minors to access this content en masse could lead to criminal liability for those responsible for the service.
From a technical point of view, audits of age verification systems focus on analyzing the accuracy of the algorithms, their resistance to attempts at deception (use of false data, impersonation, image manipulation, etc.) and the proportionality in the processing of personal data, especially when biometric data is involvedField tests are also conducted to verify that the system works reliably on different devices, lighting conditions, or camera qualities.
AEPD proposal: anonymous age verification
The Spanish Data Protection Agency (AEPD) has put forward a practical proposal for Verify users' ages without revealing their identity to adult content websites or servicesThe key is to handle the "of legal age" or "authorized person to access" attribute on the user's own device, preventing third parties from knowing exactly who they are and whether they are a minor.
This proposal is structured around a Decalogue of principles that define the minimum conditions that age verification systems must meet: protection of the best interests of the child, guarantee of the anonymity of adults, minimization of data, impossibility of locating a minor through the internet and consistency with European regulations such as eIDAS2 and the future European digital wallet.
To demonstrate its feasibility, the Spanish Data Protection Agency (AEPD) has developed several technical proofs of concept. In one of them, access to content from a computer or console is filtered using a verification app installed on the device, which only displays the content if the user locally proves their status as an authorized person through a QR code linked to their official identity (for example, a development by the FNMT).
In another scenario, an Android phone with an age verification app connected to a eIDAS2 compliant digital wallet (eWallet)Identity attributes (including age) are stored under the user's control, and the verification app only queries what is necessary to check if the required age for adult content is reached, without sending additional data to the content provider.
A third test is being developed on iOS and combines a verification app with another that reads data from official documents such as the ID card or passport, validating that the person holding the document is its owner through biometrics or digital signature. The processing takes place on the device itself, and the content provider only receives confirmation that the user meets the age requirement.without knowing their full identity.
These tests are not intended to be the only possible solution, but they do make it clear that It is technically feasible to protect minors from adult content without creating huge databases of identities.Based on this Decalogue, the AEPD and other regulators will be able to require adult content providers, gambling websites or even social networks that verify age to adopt equally robust systems.
Current risks and penalties for failing to meet age requirements
The age verification methods used on the internet today present Some pretty obvious problems: unverified self-declarations, sharing credentials with third parties, intermediaries accumulating too much data, or content providers estimating age by guessworkAll of this opens the door to locating minors, profiling users, and collecting unnecessary data on a large scale.
From the perspective of the GDPR and the LOPDGDD, failure to comply with obligations regarding the protection of minors' data and age verification may lead to fines of up to 20 million euros or 4% of global annual turnoverAccording to Article 83 of the GDPR, this includes cases such as failing to properly verify age, processing data of minors without valid authorization, or improperly exposing biometric data used for that purpose.
If the verification failure leads to massive access by minors to pornography, gambling, or other seriously harmful content, In addition to administrative sanctions, criminal liability may be triggered. under the Spanish Penal Code. In this area, the courts assess both technical negligence and the degree of exposure and potential harm.
The General Law on Audiovisual Communication adds another layer: It requires video-sharing platforms to implement effective age verification systems for the most harmful content., such as gratuitous violence or pornography, and entrusts the CNMC with the evaluation of the suitability of these systems, with a mandatory report from the AEPD in accordance with the Decalogue of principles.
All of this occurs in a worrying context: according to the report of the State Attorney General's Office, Sexual assaults committed by minors have increased by more than 100% in just a few yearsAnd various studies, such as those by Save the Children, point to early access to violent pornography as one of the risk factors. Hence the insistence of regulators and experts on strengthening age verification without losing sight of fundamental rights.
Parental control tools and best practices at home
Alongside regulation and technical verification systems, families have access to parental control tools and privacy settings on the devices themselveswhich allow you to limit what content children can see, what apps they can install, and what data the mobile phone shares.
A basic recommendation is to activate the Parental controls of the operating system (iOS or Android) and of the app storesWhile no system is foolproof, these tools help filter apps and content by age, restrict purchases, limit usage time, and monitor activity. They don't replace digital education, but they provide support when a child or teenager receives their first smartphone or tablet.
It's also a good idea to carefully review the permissions of each app: location, access to contacts, camera, microphone, call history, etc.In many cases, unnecessary permissions can be disabled or accuracy reduced (for example, by sharing an approximate location instead of the exact position). Furthermore, both iOS and Android allow you to restrict access to this data to only while the app is in use.
In the advertising field, device advertising identifiers can be disabled or limited, so that Unique identifiers are not shared with all apps for targeted advertising purposesThis usually translates into less personalized ads, but it increases privacy protection, which is especially relevant when children are using the device.
According to data from the National Institute of Statistics, around 70% of children aged 10 to 15 already use a mobile phone, but Only a portion of families use parental control tools to filter or block contentDigital wellbeing experts insist that the key is to combine these controls with ongoing education on risks, privacy, online etiquette, and screen time management.
Apple and the management of children's and teenagers' accounts
Apple has been strengthening its tools so that families can Better manage children's accounts, configure age-appropriate experiences, and limit access to certain content or featuresMany of these options are based on the App Store's "Family Sharing" ecosystem, Screen Time, and age ratings.
Children's accounts, associated with the Apple ID from a parent or guardian within a family group, are mandatory for children under 14 years of age (depending on the area) and They allow you to activate content filters, app restrictions, and other security settings from the start.Apple has simplified the sign-up process and ensures that, even if the setup is completed later, the default child settings are already active on the device.
An interesting new feature is the possibility of share only the child's age range with the apps, instead of their exact date of birthThrough the Declared Age Range API, developers can receive enough information to tailor the experience (for example, to age ranges 14+, 16+, 18+) without accessing more sensitive data. Parents control whether data is shared always, never, or only when an app requests it, and minors cannot change these default settings.
Accounts belonging to teenagers aged 14 to 17 also benefit from internet content filters and features like Communication Security from the very beginningRegardless of whether they are set up as child or standard accounts, these protections are integrated with the App Store's new, expanded age categories, which will now display labels such as 14+, 16+, and 18+ to provide more accurate age grading.
In addition, Apple is expanding the Communication Limits feature so parents can decide who their children can contact via Phone, FaceTime, Messages, and iCloud contacts. Minors can send requests to communicate with new contacts, which parents approve or reject., and a new environment called PermissionKit allows third-party apps (chats, networks, games) to integrate similar requests to follow other users or add them as friends.
These new features are in addition to tools already available such as age ratings and content restrictions, the "Request to Buy" function, the Search app, Communications Safety to detect nudity in photos and videos, the Kids section of the App Store, Apple Ads limitations for minors, the prohibition of ad tracking on children's accounts, and access controls to sensitive data such as location.
Parental controls and download management on Google Play
On Android devices, Google Play includes a system of Parental controls that allow you to filter which apps, games, and movies can be downloaded or viewed based on the selected age.Its setup is relatively simple and is done from the store's own app.
To activate it, open the Google Play Store, tap your profile icon in the upper right corner, and go to settings. Within the "Family" section, you'll find the option to... “Parental controls”When activated, a content PIN is requested, which only the responsible adult will know, and is necessary to change the settings again.
You can then set specific limits for “Apps and games” and for “Movies” by selecting the maximum age range allowed in each category. Once the changes are saved, apps or movies above that threshold cannot be downloaded without entering the PIN, and in many cases they won't even appear featured in the main sections of the store.
This system is complemented by other Google tools, such as Family Link, which allows you to create supervised accounts for minorsSet time limits, approve or deny app installations, and view activity reports. While relying solely on blocking isn't enough, it does help prevent a child's phone from becoming an open door to any kind of content.
When the use of these controls is combined with active digital education at home, Parents can better monitor what their children download and consume., decide which networks or apps they will consider appropriate for each age and limit exposure to adult content or services that pose a high risk.
This whole framework of age ratings, data protection laws, verification systems, and parental controls is designed to make mobile applications and online services safer for minors, while respecting adults' rights to privacy and free access to legal content; understanding how these pieces fit together helps both developers and families make more responsible decisions about what to offer, what to allow, and how to support children and teenagers in their digital lives.
