@abeorch @Michael 🇺🇦

I personally like the idea as such — and as the admin of a Friendica instance, too. But as Michael already hinted, there are a number of legal pitfalls involved. First off: the assessment below is based on the legal framework that applies in Germany and the EU (in particular the GDPR, the German Basic Law (Grundgesetz), and the German Civil Code (BGB)) — it may look different in other countries, and it isn't binding legal advice in any case.

How big those pitfalls are depends crucially on whether the instance is public or a purely family instance — that makes a huge legal difference, so I'll go through both points for each case.

The fundamental difference up front

On a public instance, I process the personal data of other people and am therefore fully a "controller" within the meaning of the GDPR. On a purely family instance, by contrast, the household exemption applies (GDPR Art. 2(2)(c) — "purely personal or household activities"), and a large part of the obligations simply falls away. However — and this is the most common misconception — that exemption only holds as long as the traffic actually stays within the closed circle. Friendica federates outward via ActivityPub by default; as soon as the child's content reaches other instances, it becomes accessible "to an indefinite number of people," and under the case law of the European Court of Justice (Lindqvist, Ryneš) the household exemption tips over at exactly this point. So "private," in legal terms, means: a closed circle and federation restricted accordingly.

1.) Access for minors (GDPR Art. 8)

Public instance: I may not simply grant a minor under 16 access without further ado — what's required is the verifiable consent of the parents (GDPR Art. 8 is fairly clear on this). As the admin, I have to be able to demonstrate

• a) how old the child / adolescent is, and
• b) that the person giving the consent is in fact the holder of parental responsibility.

The consequence is that I have to retain these proofs — i.e. process additional and in part highly personal data — and for that I again need a legal basis, data minimization, and documentation.

The verification of (b) in particular is hard to accomplish in any serious way on a public instance, and it is at the same time a child-protection problem: if any arbitrary person can register as the "parent" of a child account, then I am handing out full visibility into and control over the child — reading their messages, controlling whom they may follow and who may write to them, when they may log in — possibly to a stranger rather than to the genuine legal guardian. The very functions that are intended as protection for the child become a tool in the wrong hands: a person with bad intentions would thereby gain seamless surveillance, isolation from trusted contacts, and access to a child's private communication — that is, precisely the means by which grooming and abuse operate. So without reliable verification of the parent-child relationship, I'm not just building a protective function but potentially an instrument of abuse. That's why verification here is not a formality but the very heart of the matter.

Family instance: Here this critical point eases almost entirely. I know the families, the parent-child relationship is verified offline — a stranger registering as a "parent" is simply not possible within the closed circle, and the core child-protection problem falls away. The formal retention and documentation burden for the highly personal data also largely disappears, since there is no GDPR controllership.

2.) "See all the content they have access to."

Insofar as this refers to the child's / adolescent's public posts, it is unproblematic in legal terms in both cases. With private messages, however, the paths diverge again:

Public instance: I may not make the private messages accessible to the parents without first informing the affected third party who is corresponding with the child — and without having a legal basis for it. After all, the third party has not consented, and parental responsibility covers the child, not their communication partners. The viable legal basis for this is the third party's general right of personality (Art. 2(1) in conjunction with Art. 1(1) of the Basic Law — informational self-determination and the confidentiality of communication) together with the GDPR (I am the controller and need a legal basis + transparency under Art. 5, 6, 13/14). Thematically related, but in the individual case rather doubtful or not applicable, are the secrecy of telecommunications (Art. 10 of the Basic Law, Sec. 3 TDDDG) as well as Secs. 206, 201, 202a of the Criminal Code (StGB) — these mostly don't apply directly to a private, non-commercial instance.

In practical terms this means: either private messages are excluded from the parental view, or it would have to be marked — ideally visibly across the entire Fediverse — that this is a restricted account whose messages can be read along.

Family instance: A parent privately reading their own child's messages is acting within the scope of parental responsibility, not as a data-protection controller — so that is not a problem. With one caveat: as soon as the child is messaging someone on a foreign instance, that external third party still has their personality rights and knows nothing about the reading-along. So this part remains in play as soon as the communication leaves the family circle — one more reason to restrict federation for the child accounts.

What stays the same in both cases

Independently of the GDPR and the type of instance, the privacy of the growing child remains an issue. Sec. 1626(2) BGB obliges parents to take into account the child's growing need to act independently and on their own responsibility, and the child is themselves a holder of the right of personality. Seamless reading-along is care in the case of an 8-year-old, but a disproportionate intrusion in the case of a 16-year-old — and that applies in the living room just as it does on the family instance. This is precisely why the age-graduated, "growing-with-them" idea (winding the controls back as the child gets older) is spot-on from the very start.

Conclusion

Technically, the feature would be great. For a public instance, the parent verification is the critical sticking point above all — and that is exactly why, when it comes to minors, the gated approach (manually approved accounts with an offline-verified parent-child relationship) is not just cleaner but the only responsible option. For a purely closed family instance without open federation, by contrast, the legal pitfalls shrink down to a matter of family-law good judgment: staying proportionate and winding the controls back with age. But as soon as a family instance still federates publicly, you're partly back in the GDPR and affected-third-party territory when it comes to contacts outside the family. All of this refers to the legal situation in Germany / the EU — for a solid assessment of the specific individual case, professional legal advice would be advisable.

I wrote the text in German and had it translated using Deepl.

The problem is that the other side must also agree. So even if your child had consented to be monitored, all other people that your child has in their contacts also have to agree to this.

The problem here really lies within the boundaries of the specific countries.