My Lords, I have spoken extensively about the imperative to maximise online safety for children and of the need to provide the right tools to empower parents to help keep their children safe online. This will continue to be my priority as we discuss the Data Protection Bill at all its stages. Parents often feel that their children know rather more about accessing the technology than they do, but they still have a role and responsibility to guide their children, and this extends to the topic before us today—the child’s personal data.
During the extensive debates in this House on the Digital Economy Bill, we discussed what young people below the age of 18 should and should not see, and we voted to require a code of practice for the providers of online social media platforms, which is now Section 103 of the Act. In all our discussions about children during those debates, we were referring to individuals under the age of 18, and there was no dispute on the point. I am disappointed that nowhere in the Data Protection Bill’s 208 pages is a child defined as a person under the age of 18.
This Bill puts before us another dividing line between childhood and the influence of parents, the effect of which is nothing if not confusing. Clause 8 states that a child of 13 years can consent to providing data to information services; that is, they can sign up to social media sites and so on. By contrast, the default in the European General Data Protection Regulation is that a child should be 16 years old to be able to give “digital consent”.
The Explanatory Notes state of the age of 13:
“This is in line with the minimum age set as a matter of contract by some of the most popular information society services which currently offer services to children”.
These are contracts driven by decisions under United States federal law in the form of the Children’s Online Privacy Protection Act of 1998. However, the world of technology and what is at our children’s fingertips has changed significantly since 1998. What might have seemed good then does not mean that it is now.
Furthermore, given all the concerns expressed over recent months about the actions of social media sites, the current contracts of these sites should not be driving government policy; rather the primary factor should be what is best for children and young people, and what is best should be established through a solid evidence base. I hope that the Minister will set out the Government’s evidence-based reasoning for using the age of 13 and tell us what evidence has been collected by the DCMS from children’s charities and those representing parents and others with an interest in these matters.
Choosing the right age for children to consent to signing up to these websites is far from a straightforward issue. I am aware that there is concern among children’s charities that setting the age of digital consent at 16 could lead to an increase in the grooming of young people by abusers, something that none of us in this House would wish to see. The Children’s Society has said that, if Parliament sets the age in Clause 8 at 16, significant changes should be made to the grooming and sexual offences legislation.
I have also received briefing material from BCS, The Chartered Institute for IT, which suggests that there is significant public support for the age being 16 or 18 and very little support for the age being 13. I understand that parents favour firmly the age of 18, so clearly there is a lot of room for discussion, and no doubt we will have it during Committee. In this context, I would like to suggest that the Government should launch an immediate public consultation on this point so that the House can make a fully informed decision before the Bill moves to the other place. Right now, either end of the age spectrum looks like it has dangers.
I also hope that the Minister will set out some clarification of the intentions of the Bill in relation to the consent of children. Clause 8(b) includes an exemption for “preventive or counselling services”. Does that mean that a child could give their consent to these websites before the age of 13 or not at all? What is defined as a “preventive or counselling service”?
Clause 187 gives further criteria for the consent of children, but only children in Scotland where a child’s capacity to exercise their consent should be taken into account, with the expectation that a child aged 12 or over is,
“presumed to be of sufficient age and maturity to have such an understanding”.
The Explanatory Notes to the Bill state that this clause must be read with Clause 8, which provides that the age limit is 13. Is Clause 187 intended to say that the age of digital consent cannot go below 13, which is the position of Article 8(1) of the GDPR, or that there might be circumstances when a child who is 13 cannot consent for genuine reasons? Either of these scenarios seem to give rise to confusion for children, parents and the websites that children access.
After all the detailed discussions about age verification that we had earlier in the year, there is an argument for age verification to apply to Clause 8. How will websites that require a child to verify that they are 13 years old ensure that the child is the age that they say they are without some requirement for the site to prove the age of the child? This is surely a meaningless provision. I hope that when the Minister comes to reply, he will set out the Government’s position on this matter and explain what penalties a website which breaches this age requirement will face.
Finally, I hope that the Minister will give us an update on the publication of the Green Paper on internet safety and how the digital charter that was announced in the Queen’s Speech will play into this Bill during its passage through this House and on to the other place.