8 November 2016
 
The Department of Justice and Equality has launched a consultation process on the statutory “age of digital consent” to be applied in Ireland in the case of information society services offered directly to children as required by the General Data Protection Regulation (GDPR).
 
Article 8 of the GDPR provides that, in the case of information society services offered directly to a child, parental consent is required where personal information of  a child under 16 years of age is collected and shared with other service providers. It allows however for Member States to adopt a lower age threshold provided that the age is not below 13 years. The providers of such services are required to make reasonable efforts to verify that parental consent is given in each case.
 
The purpose of the consultation is to seek the views of  individuals and organisations, including bodies representing parents and young people, child protection bodies, privacy advocates and other interested parties, in relation to the appropriate age below which parental consent for the processing of personal data in the context of information society services is required in Ireland. 
 
Interested parties may submit views on the appropriate “age of digital consent” threshold by 2 December 2016. 
 
Submissions may be sent by e-mail to Digitalconsent@justice.ie or by post to:

 

Consultation on Digital Age of Consent
Civil Law Reform
Department of Justice and Equality
Bishop’s Square
Redmond’s Hill
Dublin 2.
 
 
A consultation paper has been published on the website of the Department of Justice and Equality (www.justice.ie) to assist those wishing to make a submission. The consultation paper may be downloaded from the website.
 
Note for editors: Background
 
The General Data Protection Regulation was adopted earlier this year and will apply with effect from 25 May 2018. While the Regulation will in general have direct effect without the need for any national legislation it does however allow for some national laws in a limited number of areas.
Article 8 of the Regulation provides 
 
  1. Where point (a) of Article 6(1) applies [i.e. processing based on data subject consent], in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.

    Member States may provide by law for a lower age for those purposes provided that such lower age is not below 13 years

     
  2. The controller shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology.
     
  3. Paragraph 1 shall not affect the general contract law of Member States such as the rules on the validity, formation or effect of a contract in relation to a child.. 
 
Further information is set out in the consultation paper.
 
ENDS