Charles Flanagan (Laois, Fine Gael) | Oireachtas source

When this Bill was discussed in the Seanad and when it went through the rigorous select committee process, I explained comprehensively the consultation processes that resulted in the Government proposing a digital age of consent of 13 years. I do not propose to repeat those points this afternoon, not least because I thought the argument in favour of 13 being set as the relevant age was well made by Deputy Shortall in her constructive contribution last night. She outlined the reasons that a digital age of consent of 13 years will serve to protect children.

I want to take this opportunity to say I fully agree with the contribution of Deputy Clare Daly. I am seldom in a position to say that. I agree with the really good case she made. I also agree with what Deputy Wallace has said on this issue. I will add to what they said by making the point that Ireland's decision to choose 13 years as our digital age of consent is firmly in line with many other EU member states, including Denmark, Sweden and Finland. We look to these countries, more than most, for examples of good practice in the areas of child support and child protection. Countries like Latvia and Estonia can also be regarded as examples of good practice. Estonia perhaps gives more Government time to issues of e-activity, e-learning and e-government than any other EU member state. Our neighbours in the UK have also opted for 13 years as the digital age of consent, as have Spain and Portugal.

I want to acknowledge that there has been a rigorous process going back over a number of years. This has included the process of pre-legislative scrutiny on the part of the Joint Committee on Justice and Equality, which comprises Deputies and Senators of all parties and none.

There was also the matter of the public consultation which fed into the decision of Government. Through the Seanad, Committee Stage and now Report Stage in the Dáil, this was not done lightly and it was not a decision taken without due careful and comprehensive consideration.

If I may now focus on amendments Nos. 13 and 14 tabled by Deputies Clare Daly, Wallace, Shortall and Ó Laoghaire, these amendments seek to criminalise the processing of children's personal data for direct marketing and profiling purposes. I wish to state again that while I am sympathetic to their objective, I am not in a position to accept the amendments. As Deputy Wallace stated last night, the processing of personal data for marketing and profiling purposes takes place under the so-called "legitimate interests" ground in Article 6.1(f) of the GDPR, and recital 47 states this particularly. During the select committee meetings, we addressed the issue of whether national law can impose additional conditions on processing carried out under the data protection directive. The court underlined the importance of free movement of personal data under the 1995 directive and concluded categorically that member states could not add new principles or impose additional conditions that have the effect of amending the scope of any of the grounds in Article 7 of the directive. Put simply, the imposition of prohibitions in national law on the processing of personal data that is lawful under the GDPR, or the criminalisation of processing that is lawful under the GDPR, will be in breach of EU law. I think Deputy O'Callaghan acknowledged this. If he was not convinced, he certainly saw the difficulty. The State will be exposed to infringement proceedings and possible sanctions. We all know what that means.

I draw attention to the important difference between the wording of "legitimate interests" in Article 6 and the text of Article 7(f) of the 1995 directive. In the 1995 directive, Article 7 states that the personal data may be processed where necessary for the purposes of the legitimate interests of the controller, except where such interests are overridden by the fundamental rights and freedom of the data subject. The corresponding text in the GDPR contains an important addition, namely, "in particular where the data subject is a child". Taken together with the statement in recital 38 that children merit specific and special protection with regard to personal data because they may be less aware of risks or consequences and safeguards concerning their rights in respect of the processing of data, we can see that the GDPR itself imposes stricter conditions, which is worthy of consideration.

I share the concerns expressed by Deputies during earlier debate in respect of child protection. For that very reason, I have introduced section 31 providing for codes of conduct with regard to the processing of personal data of children for the purposes of direct marketing. I said on previous occasions that I expect this issue to be dealt with as a matter of urgency. In the light of concerns expressed here again, I assure the House that I will make early contact with Commissioner Jourová requesting the Commission to do all in its power to advance child protection issues. I met her last year. I will convey to her the concerns that have been expressed here on all sides of the House.

I am satisfied that it would not be in the interests of child protection to insert the section concerned into the Bill. The inclusion of provisions designed to criminalise processing that may be lawful under the GDPR would expose the State to infringement proceedings and distract attention from the overriding issues of child protection which have been amplified here by everybody on all sides. I agree with the Deputies. As far as the exposure of the State is concerned, it is not just my view nor that of my officials and Department but also the firm view of the Attorney General.

See this speech in context