BLOG: The long-awaited EU data protection reform agreed on by the Europan Union late Tuesday night stipulated among others that companies cannot process the data of children and young people under the age of 16 without their parents’ consent.

The agreement is subject to final endorsement by both the European Parliament and EU member states, expected by early next week. But late Wednesday it was reported that the 16 year age limit had been “watered down” last minute. Although the idea was that individual member states would be able to opt out of this provision and lower the limit to 13 years, social media monopolies like Facebook and Google would have faced the daunting task of either banning young users below 16 years (as they do now quite unsuccesfully for the below 13s) or implementing parental consent and more stringent data protection standards for the treatment of data on their large scale of adolescent users.

A study from 2014 in a number of EU countries showed that 63% of youngsters between 11 and 16 years visit an online social media service daily. They use mainly US-based social media. In Denmark two in depth studies in 2013 showed that in particular Facebook had become a precondition for Danish young people’s social life, and they therefore had accepted lack of control over their data as an everyday condition.

The US social media giants have been on the pitch regarding the proposed EU age limit of 16 years. As a British child protection expert for example reported in this blog post: I was told by some of the individuals bombarding me that Google, Facebook and the US companies are “furious””. These are companies that have built their social media monopolies among European children and young people (and adults), among others free riding on data protection standards which have not been sufficiently enforced. They also stand to lose the precious data of  young European users, an essential part of the fuel of their data business models. All in all little to gain much to lose.

The new EU rules would mean that teenagers under 16 who wanted to use social networks like Facebook, Instagram, Youtube and Twitter in the future only would be able to do so if the companies obtained their parents’ consent. There has not previously existed in Europe a similar common provision on an age limit for the processing of data of adolescents (neither has their been a common EU age limit on processing of data of children below 13 year). The US companies behind today’s most popular social media among children and adolescents have so far followed the US COPPA law and similar laws in individual EU member states where the age limit for the collection and processing of data on children is 13 years. They have done so by simply allowing users to self certify their age. The new provision would have enforced the requirements for these companies. The social media services that European children and young people make use of today would have faced either to formally prohibit adolescents access to their services as The Guardian described it, or to implement technologies and policies that would ensure parent consent and responsible treatment of their data according to EU data protection legislation. (They will still have to do this with children below 13 year and with the new focus of the reform on parental consent, self certification of age might not be sufficient in the near future.)

A new age limit of 16 years would have made things more complicated for the current US social media monopolies and for a period of time this would indeed also have created a disturbance of young people’s digital social life as this is currently conditioned by these specific social media companies (a concern voiced by the industry and some children’s organisations and advocates these days). However this would merely be a disruption of the current data harvesting model of social media, which should not be confused with the opportunities of online media for youth in general. In a long term perspective higher levels of data ethical standards for youth is something we should strive for and at the same time something in particular European companies now have a chance to compete on. A provision as such would e.g. have created a growth opportunity for new social media services built on principles of privacy by design and a more ethical and responsible treatment of children and young people’s data. An opportunity that should have been present from the start.

Read more about the agreement of the EU on the data protection reform here: “EU strikes deal on Data protection rules” (Politico)

Advertisements