Cybersecurity experts criticise ‘digital age of consent’ plans

Under the EU General Data Protection Regulation (GDPR), all EU member states have to set an age threshold at which children can sign up to websites and technology services that process personal data without parental consent.

Professor Barry O’Sullivan and Dr Mary Aiken criticised the Government’s approach while appearing before the Oireachtas committee on children and youth affairs this week.

Professor O’Sullivan, director of the Insight Centre for Data Analytics at University College Cork, told TDs and Senators there had been a “conflating the child’s right to information online with the digital age of consent, which specifically relates to the age at which a child can sign legal agreements with online service providers who gather, profile, sell and commercialise his or her personal data”.

Dr Aiken, adjunct associate professor at UCD Geary Institute for Public Policy and academic adviser to the European Cyber Crime Centre at Europol, said 16 would be a more “prudent” age.

She said the digital age of consent should be informed by the Law Reform Commission’s 2011 report on children and medical treatment, to which she contributed, which recommends there “should be no presumption of capacity to consent” on the part of under-16s.

Given the “substantial risks to the safety, security and well-being of children and young people online”, Dr Aiken said: “Ireland needs to put in place a policy framework and an associated educational programme that ensure that our children are sufficiently aware and responsible to understand and exercise their digital rights by the time they reach the digital age of consent.

“In the absence of a rigorous basis for any specific age at this point, a prudent approach would be to set the digital age of consent in Ireland at 16. would both like to state for the record that we unequivocally oppose the Irish Government’s current position to set the digital age of consent in Ireland at 13 years.”

Professor O’Sullivan added that the Digital Safety Commissioner should pursue the development of a “robust system of age verification online”, arguing that “self-verification does not work” as children can simply lie.