Eamon Ryan (Dublin Bay South, Green Party)
Link to this: Individually | In context | Oireachtas source

77. To ask the Tánaiste and Minister for Justice and Equality the ramifications of setting the digital age of consent at 16 years of age; and if he will make a statement on the matter. [22702/18]

Charles Flanagan (Laois, Fine Gael)
Link to this: Individually | In context | Oireachtas source

The position is that Article 8 of the GDPR specifies a ‘digital age of consent’ of 16 years but allows Member States to provide for a lower age, but not below 13 years. It will mean that providers of information society services must make reasonable efforts to obtain the consent of the holder of parental responsibility over the child where such services are offered directly to children below the specified age threshold.

In late 2016, my Department launched a consultation process and invited submissions from interested parties on the digital age of consent to apply in this jurisdiction. The Government Data Forum, which brings together legal and data protection experts, business representatives from SMEs and multinationals, as well as sociologists, psychologists and education specialists, also carried out a consultation process.

A majority of respondents - including the Ombudsman for Children's Office, ISPCC, the Children's Rights Alliance, the Internet Safety Advisory Committee - recommended adoption of a digital age of consent of 13 years. Based on the responses received, including those mentioned, the Government decided that 13 years represented an appropriate balancing of children’s rights, namely a child’s right to participation in the online environment and a child’s right to safety and protection. As the Deputy will be aware, these rights are enshrined in the UN Convention on the Rights of the Child. The Government was also mindful that a digital age of consent of 16 years might prove difficult to enforce, not least because ‘tech-savvy’ 13, 14 and 15 year olds would have more than sufficient knowledge and IT literacy to enable them to circumvent the requirement for parental consent.

The Special Rapporteur on Child Protection, Dr Geoffrey Shannon, also recommended setting the digital age of consent at 13 years during pre-legislative scrutiny of the draft Data Protection Bill, and that recommendation was endorsed by the Joint Committee in their Report on the Bill in November last.

It is therefore disappointing that in the course of Dáil Report Stage discussion on the Data Protection Bill, an opposition amendment to increase the digital age of consent from 13 years to 16 years was carried. Section 31(1) now provides that digital age of consent shall be 16 years. However, subsection(3) of section 31 provides for a review of the age set out in subsection (1) within 3 years of the coming into force of the Bill.

In the case of children below the digital age of consent, Article 8(2) of the GDPR requires providers of information society services to make “reasonable efforts” to verify that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology. The Data Protection Commission will be responsible for the supervision and enforcement of this provision and the Commissioner will give consideration as to how this can be achieved, given the difficulties I have mentioned above.