In relation to information society services being offered (e.g. registering with social networking sites, on websites, purchases at on-line stores, etc.) which require a legal basis for processing of personal data, the processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child. Pragmatic issues may still emerge, since in practice it is impossible to verify both the age of the child and the consent given by the child’s legal representative. However, the Regulation requires the controller to verify these facts with regard to the available technology, or at least to make efforts to verify compliance with these legal requirements.