Coming into effect on 25 May 2018, the EU General Data Protection Regulation (GDPR) will supersede all EU member states’ current national data protection laws, bringing a standardised approach to data protection throughout the EU. The GDPR contains specific rules designed to boost the protection of children’s personal data, restricting the age data subjects can lawfully give consent.
Age of consent
Under the GDPR, the digital age of consent refers to the age at which an individual is no longer considered a minor and may sign up for online services without parental approval. The default age of consent is 16, but member states are allowed to adjust this limit to anywhere between 13 and 16.
In setting the digital age of consent to 13, the Irish government is following a recommendation made by Dr Geoffrey Shannon, the special advisor on child protection.
Shannon said that the civil and political rights of the children must not be restricted by the state.
Given the de facto age of consent in Ireland was arguably already set at 13 – it’s the minimum age for setting up a Facebook account – this decision should not come as a shock to businesses. Ireland has also chosen to follow the UK in setting the digital age of consent to 13.
Many public figures in Ireland have backed the decision, including Ombudsman for Children Dr Niall Muldoon. He believes doing so “takes a more realistic view of children and young people’s Internet use, and of the integral role that the online environment plays in their lives”.
This decision will also come as a relief to Irish businesses as it will allow them to move forward with their compliance projects with more clarity.
Are you currently implementing the GDPR in your organisation? Why not accelerate your project with our market-leading EU GDPR Documentation Toolkit?