Threat P.GDPR.Hu-aDoPS-o.8

URI: P.GDPR.Hu-aDoPS-o.8

Package: GDPR

Description: Extra measures are needed for Service to store Data related to DataSubject who may be a child: the legal basis for this data processing Data relating to DataSubject under the GDPR is consent, but DataSubject may be a child, so additional measures are necessary for their consent to be valid. If DataSubject cannot be a child, then change them from type Human to type Adult to eliminate this threat.

Threat Type: Primary Threat

Matching Pattern:

MP-Hu-aDoPS-o

Finds a Service that serves data relating to a Human data subject who may be a child, along with its host and operator, and data processing operated by the subject that uses this Service.

(empty)

CSG-GDPR-Art6-1-a

(empty)

CSG-GDPR-Art8-2

Processing of personal data by consent is legal if the subject DataSubject is old enough (16+ or a lower limit in some states). The user interface for role DataSubject should include measures to ensure this. Competence Check represents a check whether DataSubject is old enough to provide consent, Guardian Consent signifies that reasonable efforts must be made to get authorisation from their legal guardian where this proves not to be the case.

Threat P.GDPR.Hu-aDoPS-o.8

MP-Hu-aDoPS-o

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (1)

Misbehaviour Sets (0)

Control Strategies (1)