Dr. Geoffrey Shannon:

I would like to thank the committee for the invitation to address it on cybersecurity for children and young adults. As an ever greater proportion of children live more of their lives online, their time there inevitably becomes a target location for predatory adults. As such, children engaging and socialising online on forums that are difficult for parents and carers to monitor and supervise, are acutely vulnerable. The technical complexity underlying this kind of online offending offers a very different regulatory challenge to child abuse not perpetrated or facilitated through an information and communications technology medium, and therefore necessitates targeted ongoing legislative and other interventions.

The Internet is the new child protection frontier and is clearly a tool that can be used to the detriment of children by those so minded. It warrants a particular concern in relation to child pornography and the grooming of children for sexual exploitation. As the Internet is accessible worldwide, robust regulation is required so as to ensure that a uniform and coherent system of protection is engaged in to the benefit of children.

The introduction of the Criminal Law (Sexual Offences) Act 2017 last February demonstrates Ireland’s commitment to better protecting its children from online predators and it specifically recognises the dangers that come with technological advances by creating a wide range of new criminal offences dealing with child pornography and grooming, with a particular emphasis on the use of information and communication technology in such offences.

A concern associated with children’s Internet usage is the prevalence of cyberbullying or harassment. In order to ensure that children are protected from cyberbullying in their online activities, regard should be had to the recommendation of the UN Committee on the Rights of the Child that states should "develop effective safeguards for children against abuse without unduly restricting the full enjoyment of their rights". Online bullying is a challenge posed by the prevalence of cyberharassment and is being considered by the Government in the harmful communications and digital safety Bill 2017. Such harassment can arise in a number of situations and can affect children and young people in different ways. In particular, there is a need for broader harassment legislation in this jurisdiction and greater clarity on the remedy of “takedown procedures”.

In Ireland, the law in force at present only deals with harassment to a limited extent and has yet to be updated to take into account the potential for online abuse. Section 10 of the Non-Fatal Offences Against the Person Act 1997 creates the offence of harassment in criminal law. While section 10 already criminalises online or digital harassment as it refers to harassment “by any means”, online and digital harassment is under-reported and under-prosecuted in Ireland. This suggests that section 10 of the 1997 Act in its current form is not sufficient to deal with these types of behaviour. For example, the existing reference in section 10 to the use of the telephone alone in outlining the offence of harassment, without any reference to the Internet, makes the current offence appear archaic and outdated.

The definition of harassment should be broadened. Any new definition should criminalise what is known as “indirect harassment”. Currently, the offender must persistently follow, watch, pester, beset or communicate with the victim. The offence does not include communications to third parties about the victim, such as posting content on public websites or sending emails to persons connected with the victim, but not directly to him or her. I recommend therefore that not only should section 10 be amended to encompass online and digital communications, the definition should be further developed to allow prosecutions for indirect harassment to fall within same. Having an overall broader offence of harassment on the Irish criminal Statute Book would be preferable, thereby encompassing new forms of behaviour that have arisen through the development of digital technology and which merit criminalisation.

While the criminal law seeks to prohibit certain behaviour and punish those who do not adhere to its provisions, a criminal prosecution is usually not the first priority for victims of cyber or digital harassment. This point is particularly relevant in the context of children. Quite often, the real remedy sought by persons so affected is what is termed a “take down”. It is an issue that I have consistently argued should be blended into our legislation and I am urging that this matter be given priority by the committee in its deliberations. It is the immediate removal of the offending publication or image from the website it has been posted on.

Historically it has been a major problem to persuade Internet service providers to take down material due to arguments that free speech rights are being curtailed. At present, social media companies have their own self-regulated non-statutory reporting and take down processes. Each social media company has a different policy in relation to harmful content such as hate speech, content that promotes sexual violence or exploitation, threats, fake profiles and other similar content. Pursuant to same, individuals can report any harmful content that violates its policies to that particular social media company and request its removal. The ad hoc nature of existing take down processes, which are dependent on each company’s specific policies, means that individuals are at the mercy of each company, its regime and approach as to whether it will take the impugned material down and how quickly it will do so.

I endorse the recommendations of the Law Reform Commission in its 2016 Report on Harmful Communications and Digital Safety concerning “take down procedures”. All the other recommendations are an integral part of having a safe online environment for children. The proposed Office of the Digital Safety Commissioner of Ireland should oversee an effective and efficient take down procedure in a timely manner, regulating for a system of take down orders in respect of harmful cybercommunications made in respect of both adults and children. I would also add that in the terms of the role of the Digital Safety Commissioner and take down procedures there should be a requirement on the Digital Safety Commissioner to take down material within a specified period of time. It is an issue that is not expressly referenced in the report of the Law Reform Commission, but it is one that I believe should be adopted.

Take down procedures are also to be considered in the context of the right to be forgotten provided for in the EU general data protection regulation, GDPR. As a regulation, the GDPR will take effect in this jurisdiction automatically from 25 May 2018 and does not require transposition. In my ninth rapporteur report, I discussed the right to be forgotten and its importance from the perspective of a child. The right to be forgotten was held to exist in the seminal case of Google v.Spain. In that decision, the European Court of Justice held that an EU citizen has the right to request that commercial search firms, such as Google, remove links to their personal information when requested, provided that the information is no longer relevant, emphasising an individual’s right to privacy which overrides the public interest in access to information in certain circumstances. Article 17 of the GDPR concerns the “right to erasure”, known as the right to be forgotten. The right to be forgotten is not just an important right which may be exercised by adults.

It is even more relevant and important for children. This is particularly so as children are less likely than adults to be aware that information they post online may be available long term and they may not consider the consequences of posting something online which may last long beyond their childhood. They may post material online that may have significant consequences for employment opportunities in the future. For this reason, I am passionate about the need to give a commitment to the right to erasure or to be forgotten. While not stated in Article 17 of the general data protection regulation, Ireland should take the opportunity to include specific provisions on this issue in the Data Protection Bill 2017. I am conscious that the Bill is not currently before the joint committee but given its particular relevance for children, I urge the committee to liaise with the Committee on Justice and Equality to ensure the right to be forgotten at least receives attention. The relevance of this right should be acknowledged, children should be educated about the matter and it should be understood that the age at which an individual posts information online should be considered a very important factor in decisions about whether to remove an individual's personal information from sites.

In light of the loopholes in existing criminal legislation to which I referred, action has been proposed by the Minister for Justice and Equality. At the final Cabinet meeting of December 2016, the then Minister received the approval of the Cabinet to draft the non-fatal offences (amendment) Bill, now named the harmful communications and digital safety Bill 2017. I note that no further progress has been made in respect of the publication of this legislation and I suggest that it receive priority. The Bill will legislate to put stalking, including cyberstalking and revenge pornography, on the criminal Statute Book and provide for the creation of new criminal offences, including criminalising the act of intentionally posting intimate images of a person online without his or her consent. Furthermore, the Bill will extend existing offences such as the offence of harassment to ensure it includes activity online and on social media, as well as the offence of sending threatening or indecent messages to include digital forms of communication. The announcement of an intention to legislate in this area is undoubtedly a positive development and it is anticipated that this Bill will endeavour to plug prominent gaps in existing legislation.

Our response to child victims of sexual abuse at times re-victimises the child. The Criminal Law (Sexual Offences) Act 2017, in recognition of children as vulnerable victims, provides for special measures, including that the child cannot in certain cases be cross-examined by the accused, which is set out in section 36, and includes rules governing the disclosure of third party records such as the child’s counselling records, which are set out in section 39. These provisions are to be welcomed. However, despite Ireland's obligations, our laws have yet to transpose the EU victims' directive which, among other matters, provides that victims should have access to confidential support services before, during and after criminal proceedings. The Criminal Law (Victims of Crime) Bill 2016, which is expected to transpose the directive into Irish law, is making its way through the legislative process and I understand it will be discussed in the Houses this week. Ireland must, in primary legislation, reflect the spirit and terms of the directive and this legislation should be a priority. The directive is part of domestic law and it is a matter of concern that it has not yet been transposed as this has consequences for victims. Sexual abuse has a devastating impact on children. It is imperative that the law requires joint interviewing by the Garda and Tusla, the Child and Family Agency, and the provision of victim support services.

Ireland is a signatory to the Budapest and Lanzarote conventions, both of which are international instruments emanating from the Council of Europe. The former relates to cybercrime, while the latter relates to sexual exploitation and sexual abuse. We have not yet ratified either convention. Child protection should be proactive. Having regard to those who use the Internet to the detriment of children, this is a prime area where legislation needs to keep one step ahead of the issues as they develop. All the relevant conventions and directives should, therefore, be implemented immediately and without reservation.

This is not only a matter of law. The law must be used to protect children as part of a much broader package. In addition to legislative changes, I recommend the development of a strategy on cyber or online safety. This should take the form of an overarching strategy on children's digital rights, a topic on which, I am pleased to note, the joint committee is engaging. The report the committee eventually publishes may very well form the basis for such an online safety strategy. Such a strategy should examine not merely the issues I have discussed but also wider issues around education and preparing children and young people to empower them to protect themselves from risks online. A wider strategy on all aspects of the lives of children online could address access to the Internet for children in rural areas with less than optimal access to broadband or children with disabilities, data protection and privacy, the right to be forgotten, access to appropriate information, the right to participate, freedom to assemble online, the right to play online, etc.

I emphasise that many parents, carers and teachers are ill-equipped to advise and protect their children from risks online. Education and awareness raising around the risks and opportunities and rights of children engaging online should begin very early in primary school and well before the age of digital consent in order that children are prepared and parents and teachers are in a position to advise and support them. This should be part of the primary school curriculum. I urge the joint committee to look beyond the legal framework and consider education as a key tool to equip parents and children.

Before making any decisions, policy makers should consider consulting children and young people on the issues they face and their real experiences. Last week, the UK Government published a green paper on an Internet safety strategy, which can be found at www.gov.uk/government/consultations/internet-safety-strategy-green-paper. I urge the joint committee to consider this interesting report which reflects many of the issues I have addressed.

I am in no doubt that people in Ireland are unequivocal in their belief that children must be protected from online abuse, in particular, against heinous acts of online sexual abuse and exploitation. The law must, therefore, keep pace with technology in protecting vulnerable young children and must exist as an accessible recourse for those who are victims of abuses such as cyberbullying.

I thank members for taking the time to listen to me and I will be happy to answer any questions they may have.