The new EU-Wide General Data Protection Regulation (GDPR) came into effect on 25th May 2018.
A part of the new GDPR is the establishment of a ‘digital age of consent’ -an age at which children can ‘sign up to/join’ an online service (e.g. social networking site) which collects, uses and processes their personal data, without the need of parental consent. Under GDPR the age limit is set at 16 years, with EU countries able to pass national legislation specifying a lower age limit, but no less than 13 years. In line with countries such as France, Germany and the Netherlands, under the Data Protection Act 2018, the digital age of consent in Ireland has been set at 16 years.
What Does This Mean For Our Children?
Despite the amount of media attention this issue has received in recent months, I often meet children and parents who are unsure of what it all really means. Children have told me “it’s not fair we have to be 16 to go online”. The digital age of consent, is not about removing our children’s rights to participation online, or their right to a voice or their right to help and information. It is about making sure that the companies that supply online services do not do so at the cost of our children’s personal data. Under the Data Protection Act 2018 online services that offer counselling or preventative services to children have an exception from the requirement of parental consent, as such services are provided in the best interest of the child.
To echo the words of Professor Barry O’Sullivan, the digital age of consent is “not about when our children can use the internet, it is about when the internet can use our children”. By adopting the age of 16 years, we allow parents to maintain their role as parent in their child’s online life and place the responsibility firmly back on companies to ensure that their users are of age/or parental consent has been obtained. It is not going to remove all the risks and dangers our children face online, but it will allow parents to remain involved.
In my work with students across Ireland, I have met children as young as 7 and 8 years of age, who are using apps such as Snapchat. Despite WhatsApp’s recent age restriction for EU countries, requiring users to be 16+, I meet children at National School level, who are using this app. Students admit that they just tick the box to say they are old enough or lie about their age to set up the account. While robust age verification measures will be a key concern for companies to be GDPR compliant, it also highlights our need to educate our children and young people, to better equip them for their online lives.
“So what if they have our data? Why is this a big deal?” students often question me. It’s a big deal because of advertisements. If something is free online, then we are typically the product, or more specifically our information is. As online advertisements can be targeted at specific groups and demographics, there has been increased investment in advertising through online platforms. Personal information our children share, the videos they watch, music they listen to, their location etc. is often collected to target our children with specific adds relevant to their interests.
GDPR seeks to ensure our rights and the rights of our children to privacy and protection online. Under GDPR, our children will now have the right to access the personal information an online service/company has about them and the right to correct or delete information. Companies will also have to explain clearly what information they collect, why they collect it, how it is used and stored. Those found to be in breach of GDPR can now face penalties.
How Can We Help Our Children Online?
Although social media services have introduced new age restrictions, updated privacy statements etc. to ensure GDPR compliance, this does not abdicate our parental responsibility. GDPR will serve to increase our rights and protections, but parental involvement is still central to protecting our children online. Here are some things we can do to help our children in their online lives:
- Before agreeing to a service/downloading an app, read the terms and conditions (at least the main points) so you know what information is being collected and how it is being used/stored. A recent study showed that the vast majority of college aged students who joined a fictitious social networking site (98%, N=543) failed to read the terms of service, which indicated that their data would be shared with the NHS and they agree to providing their first born child as payment for using the site. Thankfully this was a study, but daily, we ‘click to agree’ online, often unsure what we are agreeing to;
- When setting up accounts with/for your child, supply as little information as possible, only completing mandatory fields. Think critically “why do they want to know this? Is it crucial to the service they are providing or are they just interested in collecting my data for marketing/commercial gain/profiling etc.?”
- Discuss with your child what ‘personal information’ is and explain what is okay/not oaky to share online (e.g. home address, school details, pictures, DOB);
- Turn off ‘location sharing’ for social networking sites/chatting apps;
- Go through privacy settings for all apps/sites your child uses and limit ads, third party sharing and data collection where possible;
- Talk to your child about online advertisements and help them to critically view and understand content they see online. For more information on how to discuss advertisements/marketing with children see Common Sense Media;
An additional tip is to always model good practices when it comes to your own sharing online.
For more information on the digital age of consent in Ireland see Webwise and Data Protection Act 2018.
If you found this blog post interesting you might like other blogs written by Maureen including Top tips to keep your kids safe online interesting.