Clare Daly (Dublin Fingal, Independent) | Oireachtas source

Amendments Nos. 13 and 14 aim to protect children older than the digital age of consent of 13 years but younger than 16 years of age from being targeted, including through the use of sophisticated means, by companies online in a marketing context. The right decision is to have a digital age of consent of 13. All of the child protection experts tell us that this is so if we are to vindicate the legal rights - that is what they are, not aspirations - of children to participate and to be heard. These rights are enshrined in Article 12 of the UN Convention on the Rights of the Child, UNCRC, and Article 24 of the EU charter. Children also have rights to freedom of expression and assembly.

Obviously, it is less desirable that children should be micro-targeted by sophisticated algorithms designed to use their data to manipulate them. Indeed, that would be undesirable in anyone's case. Unfortunately, the GDPR does not give us that protection or the right to raise the bar for everyone, but we should at least do it in respect of children. It is important that children are able to exercise their autonomy in using online services from the age of 13, but we should throw the onus back on the companies that would exploit their data for profit. It is unrealistic to place another responsibility on parents by increasing the age of consent to 16. The increase would run the risk of violating children's fundamental freedoms and create privacy risks for parents. It would be far better if responsibility for policing platforms was placed on the providers, whose bread and butter is the kind of sharp practice we are trying to prevent.

Amendment No. 15 seeks to raise the digital age of consent from 13 years. We agreed the current age on Committee Stage and strongly believe it should be retained. We welcome the Social Democrats' move to a position of upholding the current age. The heat and noise created around this issue by sections of the media are an indictment of the laziness of these individuals in their coverage of important matters. The Bill has 162 pages, but all they can concentrate on is one line. It is pathetic, given the ramifications. A number of political contributions were slightly similar, but I mainly blame the media in this regard. It is the modern equivalent of "Just say no" in respect of drugs and sex education and it denies our young people access to social media and the Internet. They should be educated and enabled in taking a harm reduction approach. Instead, we are perpetuating the myth that we can protect them, which is nonsense.

One of the issues that have been downplayed in this discussion is the question of how to go about verifying children's ages online. It is significant that we thrash this out now, as raising the age of consent to 16 will bring many more children and websites into the dragnet. How do we verify children's ages? In the US, the COPPA Act has been in force for almost 20 years. It obliges operators of child-focused websites to get verifiable parental consent to allow children under 13 years of age to use those websites. In that sense, it is a more limited proposition than requiring parental consent for anyone under 16 years of age to access any commercial website. Despite being narrower, COPPA has been subject to heavy criticism because of the privacy implications of obtaining verifiable parental consent. In the US, ways of getting that consent include requiring a parent to scan and send a copy of his or her credit card or government-issued IDs, which would be held in a central database. A few years ago, the Federal Trade Commission, FTC, approved the use of knowledge-based authentication for verifying children's ages online. That is mad stuff.

As should be clear, all of these methods of verifying parental consent are privacy nightmares and an opportunity to hoover up sensitive parental data. As such, it is not surprising that, in the GCHQ's most recent Cyber Accelerator funding round, it provided a grant to a company called Trust Elevate that, according to itself, solved the problem of age verification and parental consent for young adults and children in online transactions. Interestingly, Trust Elevate was recently recommended as a possible solution to online age verification by some of the loudest voices calling for the age of consent to be increased to 16, the same voices that told the Oireachtas committee that they believed that robust age verification online was one of the most crucial requirements. It is not surprising that individuals with a security and intelligence background have an interest in getting people to reveal their identities online.

If we want to protect children, we should be listening to the people whose primary focus is on doing just that. Every single person and organisation involved in child protection has stated clearly that the current digital age of consent is the best option. People from the security and intelligence industry undoubtedly have valid reasons for their emphasis, but those are not child protection reasons, so the House should not use them as an excuse to follow those people's arguments.

The alternative to tight verification controls that hoover up large volumes of data are light controls, which are basically the type of box ticking seen with WhatsApp. If people are asked whether they are over 16 years of age, they will tick the box to say they are. That is it and good luck. It is nonsense. Who are we conning with this unenforceable digital age of consent? It will have the downsides of denying young people access to important websites that could protect their interests and shutting down many child services out of fear of being implicated in data breaches. It would be a nightmare, so we should uphold best practice and keep the digital age of consent at 13.

See this speech in context