This website uses cookies to improve your browsing experience.
By continuing to use this website you consent to the use of cookies in accordance with our cookie policy. To find out more, click on this link: Read More Allow Cookies

Technology, innovation, law and tax

GDPR Update - Ireland Decides on Digital Age of Consent

By Sean O' Reilly and Caroline McCarthy

Personal data has become a valuable commodity in this digital era. Users of one digital platform can become the customers of another, and so the personal data of users is processed, bundled together and sold to others. Adults using the internet and its services are, or at least should be, aware of the associated risks. Children, however, require a greater protection.

The Irish government announced at the end of July that it would be setting the ‘digital age of consent’ at 13 years.  This means that before children under the age of 13 can access online services that process users’ data, they need the consent of a parent or guardian. This move is part of the implementation of the European Union’s General Data Protection Regulation (GDPR) into Irish law, the protections of which will be fully effective by the 25 May 2018.

The GDPR leaves the exact ‘digital age of consent’ to the discretion of individual Member States, requiring only that it falls between the ages of 13 and 16. The consultation paper on the issue, launched in December 2016, noted that children, in particular, are vulnerable when using internet services and are open to the “risks of abuse, grooming, cyber bullying, access to unsuitable materials and the potentially adverse impacts of direct marketing activity.”[1] Bodies such as the Ombudsman for Children responded in favour of maintaining a low age, arguing that legislation should recognise the role that the internet now plays in the lives of children.[2]

Whether such controls are effective in reality remain to be seen. The USA has had a similar system in place since 2000, but it has not been without its critics. Given the difficulty on the part of service providers to ensure that under-13s have parental permission to use online platforms, companies have tended to prohibit these younger users from accessing their websites outright. It is argued that this leads to children lying about their age when registering for sites such as Facebook. This behaviour may also occur under the forthcoming Irish Act.   

There is additional cause for concern; the digital age of consent applies to ‘information society services’ offered directly to children. This term is defined in point (b) of Article 1(1) of EU Directive 2015/1535 as being “any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services”. The Court of Justice in Mc Fadden v Sony Music Entertainment Group clarified that this does not necessarily mean that it is the users of the service that must pay for it.  The Court of Justice favoured a broad interpretation to include services provided free of charge for the purposes of advertising the service provider’s goods and services. Nonetheless, the digital age of consent would seem to be limited in application to online services and facilities to which there is an economic dimension.   

This restricted coverage places a question mark over the aim of this provision of the Data Protection Bill 2017 to safeguard the “physical or emotional safety and welfare” of children, as suggested by the Department of Justice.[3] In fact, with its focus on the economic aspect of internet usage, the GDPR cannot be said to take an all-encompassing approach to the protection of children’s data.  

For more information on the content of this Blog post contact: Seán O'Reillysean.oreilly@rdj.ie


[1] ‘Data protection safeguards for children (‘digital age of consent’)’ Consultation paper, Department of Justice and Equality, page 2.
[2] Preliminary Observations of the Ombudsman for Children’s Office on the General Scheme of the Data Protection Bill 2017, Submission to the Oireachtas Joint Committee on Justice and Equality, 29 June 2017, page 9.
[3] ‘Data protection safeguards for children (‘digital age of consent’)’ Consultation paper, Department of Justice and Equality, page 2.

0 Comments

Add Comment
Letter footer for printed documents
© 2017 Ronan Daly Jermyn
Web design by Granite Digital