Professor Barry O'Sullivan:

I will wrap up. We have a number of recommendations. We are happy to speak to each of those in detail if the committee wishes. Experts, policymakers and stakeholders should come together to agree on a national framework to address Irish children's well-being, safety and security online. There are a variety of aspects to that which are important and we are happy to discuss them.

The Government must hold social media companies accountable for underage usage of their platforms. Despite what one hears in the media that this is not practical, it is eminently practical. One also often hears that children drink alcohol underage but that is a problem we have, by and large, solved. There are very specific things we could be doing.

There is a need to stop conflating a child's right to access information online with the digital age of consent which specifically relates to the age at which a child can sign legal agreements with online service providers who gather, profile, sell, and commercialise personal data. We both agree that this conflation has mis-stepped the entire debate on the digital age of consent in Ireland because people think it is about access when it is not. Six lines in the general data protection regulation talk about entering legal agreements.

The Government must formalise the role, office, and statutory powers of the digital safety commissioner, which we strongly welcome. One specific task that could be assigned to this office is the development of a robust system for age verification online. Self-verification does not work. A child simply saying he or she is 13 or 16 is not adequate. One does not enter bars on the basis that one says one is 22 if one is not. Ireland could lead in the area of online age verification. We believe that robust age verification online is one of the most critical requirements to deliver on child and youth security in cyber contexts.

We must develop robust policies and safeguards to ensure that children are delivered content that is age-appropriate and that careful consideration is given to limiting or eliminating advertising to them online. In tandem to setting an appropriate digital age of consent, consideration must be given to making the Internet and social media safer for children specifically, as well as educating children and parents on Internet safely. That is clearly something that can be picked up by the office of the digital safety commissioner.

The report of the Internet content governance advisory group should be revisited. Specifically, consideration should be given to recommendation 12 on page 9, and its possible implementation through the office of the digital safety commissioner, to provide:

[A] common online platform and brand, and offer a helpline, educational resource and awareness-raising function for children and young people, for teachers and educators, and for parents. It should act as a one-stop portal designed to address the likely volume of enquiries, aggregating available support content and serve as a directory/information resource for the general public.

The Office of the Data Protection Commissioner, who is ultimately responsible for implementing the GDPR in Ireland, must work in tandem with the new office of the digital safety commissioner to provide a seamless reporting mechanism for violations of the GDPR, digital age of consent, online age verification, and the provision of safe and age-appropriate Internet content.