The Irish government has been defeated on its proposal to set the digital age of consent for the processing of children's data at 13. We discussed this government proposal in a previous article. During a recent debate on the Data Protection Bill 2018, which is due to be signed into law shortly, an amendment to set the age at 16 was passed by 56 votes to 51. Additionally, a new Section 30 was added to the Bill which makes it an offence for companies to process the personal data of a child for the purposes of direct marketing, profiling or micro-targeting.
The digital age of consent refers to the age at which children may legally consent to services that process personal information without needing the explicit approval of their parent or guardian. This includes signing up for social media platforms such as Instagram or Facebook.
Article 8 of the General Data Protection Regulation (the "GDPR"), with effect from 25 May, provides for additional protections to be offered to children by limiting their ability to consent to the processing of their personal data without specific parental permission if they are under the age of 16. Article 8 allows Member States the option of setting the digital age of consent to a lower age not below 13. It was expected that the Irish implementing legislation would set the age of digital consent at 13, as this approach was advocated by a working group that investigated this, as well as many children's rights organisations, as the most appropriate way to protect the interests of children online.
Amidst rising concerns that the Data Protection Bill 2018 would be amended at the final Dáil stages, the Ombudsman for Children, Dr. Niall Muldoon this month voiced his support for the digital age of consent to be set at 13, stating that "providing for 13 years as the digital age of consent takes more appropriate account of young people's internet use" and "represents a more proportionate approach to balancing the opportunities and risks that the online environment presents to children".
Despite the concerns raised, the final version of the Data Protection Bill approved by the Dáil and later by the Seanad sets the age at 16. The Bill has been passed by both houses and has been sent to the President for signing via the 'early-signature' mechanism allowed for under Article 25.2.2 of the Constitution. The digital age of consent in this jurisdiction is now clearly defined as 16 years and companies and organisations that process children's data will need to consider how this will impact the way in which they process online data relating to children.