We need to talk about the Irish ‘digital age of consent’
Mooted change of parental consent limit from 16 to 13 should make us concerned
The default digital age of consent in the EU is 16. However, member states have the option of lowering that age of consent to the age of 13. Photograph: Andrew Gombert/EPA
The special rapporteur for child protection recently recommended that the “digital age of consent” in Ireland be set at 13, the youngest age allowable under the European Union’s General Data Protection Regulation. This would become the age at which children could sign up to online services without parental consent. The default digital age of consent under the regulation is 16. However, member states have the option of lowering that age of consent to the age of 13. We should be concerned.
Setting an appropriate digital age of consent is a complex issue. The decision must be informed by the impact that technology has on cyber-cognitive development so that we avoid placing children in positions where they have neither the digital skills nor the understanding of the consequences of sharing their data, or indeed aspects of their personal lives. Children need guidance from their parents in this regard.
When it comes to technology and children, the digital age of consent really is a child-protection issue. An arbitrary statement that every child at 13 is capable of consenting to the terms and conditions of online service providers is problematic, given the potential risks that they face.
Levels of maturity
Notwithstanding a young person’s right to access information, the requirement for verifiable parental or guardian consent for those under the digital age of consent seems entirely appropriate and responsible. Of course, an organisation can go only so far in assuring itself that such consent has been given. The point is that parents and guardians know their children best. It is only they who can appropriately assess an individual child’s level of maturity, understanding and judgment in an online context.
If Irish youth under 16 cannot give consent regarding their physical health, then how can they consent to online activity that may have an impact on their mental health?
It is not quite clear why the ages of 13 and 16 were chosen as the band from which EU countries can set their own digital age of consent. In the US 13 is specified in the Children’s Online Privacy Protection Act. Notably, when the law was debated and discussed in the US not all parties agreed that 13 was the appropriate age.
Ireland, as yet, has no coherent policy or educational protocols in relation to cyber-cognitive development. In a psychological context developmental stages are not achieved on specific dates (for example by the age 13); rather age ranges are used because children are different – they mature at different rates.
An optimum digital age of consent for Ireland can be informed by best practice in other countries, Additionally, the Irish digital age of consent must be informed by the Law Reform Commission’s 2011 report Children and the Law: Medical Treatment. The report recommended that when it came to persons under 16 there should not be a presumption of capacity to consent.
The 2011 report involved the application of a “mature minor” test, which has been applied in a number of states, sometimes in case law and sometimes in legislation, to a wide variety of legal areas involving decision-making capacity of children and young persons. A recent study found that the use of certain social media platforms negatively affected the mental health of young people – if Irish youth under 16 cannot give consent regarding their physical health, then how can they consent to online activity that may have an impact on their mental health?
Of course, the law needs to focus on a specific age. If this must be the case, Ireland should adopt a protective stance, and arguably legislate towards the upper end of the relevant age band – perhaps closer to 16 than 13 – in order to protect the children who are less well equipped to deal with the complexities that digital consent presents.
Ireland also needs to put in place a policy framework and an associated educational programme that ensures that our children are sufficiently aware and responsible to understand and exercise their digital rights by the time they reach the digital age of consent. In the absence of a rigorous basis for any specific age at this point, a prudent approach would be to set the digital age of consent in Ireland at the upper end of the 13 to 16 spectrum.
However, we do not want to be prescriptive. Rather than decide on an arbitrary age, we would recommend an expert public debate on the subject, which would lead to a robust rationale justifying the selection of a specific age – in other words, “show us the evidence”.
Mary Aiken is an adjunct associate professor at University College Dublin, Geary Institute for Public Policy, and academic advisor (psychology) to the European Cyber Crime Centre at Europol.
Barry O’Sullivan is a founding director of the Insight Centre for Data Analytics. He is a professor in the department of computer science at University College Cork