How effectively does GDPR address dark patterns in consent mechanisms targeting minors, and what legal, regulatory, and technological measures can be implemented to strengthen its protections?

Abstract

This Master’s Thesis investigates the extent to which the General Data Protection Regulation (GDPR, Regulation) effectively addresses the use of dark patterns in digital consent mechanisms targeting minors. It identifies persistent enforcement and evidentary gaps both in static and dynamic digital services, particulatrly high-risk environments such as video games and social media platforms, where minors are especially vulnerable to manipulative design due their cognitive immaturity. The research evaluates whether the GDPR’s legal and regulatory framework mitigates these risks sufficiently or requires further refinement. Through doctrinal analysis, comparative regulatory review, and technological assessment, the thesis proposes two complemetary measures (design-time and post-deployment), as jointly they could bridge current accountability gaps, and ensure verifiable, context-aware consent. The thesis also outlines potential amendments to GDPR and related instruments, supporting stronger design-time obligations, mechanisms for contextual consent proof, and regulatory oversight tailored to child-facing digital services.