Older adults are increasingly reliant on digital technology. The privacy needs and data protection vulnerabilities of this demographic are different to the general public. We believe that these special needs of older adults or (other) vulnerable persons are not sufficiently recognised in the GDPR and that work is required to address this shortcoming.

Our specific recommendations are:

1. The GDPR should be reviewed in detail to determine what extensions are needed to meet the requirements of older adults.

2. The issue of consent should be explored in detail to develop an understanding of how to address the specific issues of the use of intermediaries and cognitive decline.

3. Guidelines should be established to help developers that are tackling data protection issues of older adults.

4. Systems processing sensitive data (e.g. health apps) should explore the possible use of tools to assess the ability to give consent.

5. In the case where consent is not the legal basis, privacy guidelines need to be developed and increased oversight is needed to protect the privacy of older adults. In the meantime, ICT developers must take care to recognize the unique characteristics of senior citizens when creating solutions for this user group.