The ISPCC recommended to the Department of Justice and Equality in its consultation process on the age of digital consent in 2016 that Ireland set the age of digital consent at 13 years.
This remains the position of the ISPCC.
- Children, like adults, have data protection rights under both EU laws and under the existing Irish data protection regime.
- The establishment of an age of digital consent requires a balancing of the rights of the child to information and participation with the rights to privacy and protection. We believe setting the age at 13 strikes this balance effectively.
- In setting the age of digital consent, we need to be clear about the problem we are trying to solve. In this case, we are seeking to reduce the ability of companies to exploit young peoples’ data for commercial and other means. The ISPCC believes this should be done through improved regulation and practice. Setting the digital age of consent at 16 will not automatically achieve this aim. It will, instead have a range of other consequences, including potentially restricting access to services for young people aged 13-15, and unwittingly leaving young people to disregard age verification practices and potentially to lie about their behavior online.
- Children are currently held criminally responsible for some crimes from the age of ten, are considered emotionally mature enough to be capable of undertaking part-time work under the law at 14 and to sit state exams. The ISPCC believes young people aged 13 and above are generally capable of making decisions regarding the processing of their personal data.
- We strongly believe that companies who use young people’s data have a responsibility to do this ethically and should not seek to commercially exploit young people, and believe that improved regulation and practice is necessary to ensure that young people understand how their data is used. The Data Protection Commission must have necessary powers in this area, and critically, an Office for Digital Safety Commissioner should also be established to tackle the broader issue of safety online. Setting the digital age of consent at 16 would not, in our view, automatically require companies to use young people’s data more ethically.
- We must consider the practical reality of setting the age of digital consent to 16. In practice, a young person aged 13, 14 or 15 would have to seek the consent of their parent or guardian in order to access a service that requires use of their data. In our experience some young people will simply disregard an age verification test, and will self-select the age of 16 in order to access a service. Existing age verification technology is weak and it is extremely unlikely to have technology in place by May 2018. Other children may seek the consent of their parents- but this in turn does not automatically guarantee safe use of their data- it will simply require an adult to consent to processing of data. Worryingly, it may give parents the false impression of safety online, which we know not to be the case.
- Media commentary on this subject has conflated the issue of child protection with data protection- the ISPCC is clear that this bill relates to how children’s data is used, and should not be misunderstood as a way to improve children’s safety online. We strongly believe that establishment of an Office for a Digital Safety Commissioner is a key step to strengthening law and practice regarding online protection. The ISPCC actively encourages Oireachtas members to support the establishment of such an office, with statutory powers to regulate and educate regarding the online space.
- In establishing our position the ISPCC has listened to young people who are active online, and has taken their behavior into account when arriving at its views. We would encourage anyone considering the digital age of consent to consider the practical reality of young peoples’ behavior.
ISPCC believes that setting the digital age of consent at 16 will, in effect, reduce children’s access to important online services.