Evidence needed to set personal data age of consent

The new Data Protection Bill is currently working its way through Parliament, promising to write some hugely significant principles about personal data into legislation.  However, a recent poll commissioned by BCS suggests some of the plans in the Bill may be worryingly out of step with public thinking.

BCS, The Chartered Institute for IT recently commissioned a YouGov survey of the public, which had a sample of 2114 people and was statistically representative of the country as a whole. Our survey included a question asking what the age of consent should be for children to give their personal information away online (in exchange for products or services), without the permission of a parent or guardian.

The Government’s new Data Protection Bill includes plans to set this age of consent to 13 years old, but the survey results make for interesting reading.

The responses to our survey indicate that:

  • Only a tiny percentage of the public (2%) believe the age of consent should be set at 13 years old, as proposed in the Bill.
  • Instead, the vast majority of the public (81%) believe it should be set at either age 16 or 18, with non-parents tending to favour the former and parents tending to favour the latter.

The Bill’s explanatory notes explain that the Government has chosen this age (the youngest possible allowed under the incoming General Data Protection Regulations) because it is 

"in line with the minimum age set as a matter of contract by some of the most popular information society services which currently offer services to children (e.g. Facebook, Whatsapp, Instagram)."

In other words, a de facto standard age of consent for children providing their personal information online has emerged, and this age has been set by the companies who profit from providing their services to those children. This has been recognised in the Children's Charities' Coalition on Internet Safety’s open letter to the Information Commissioner’s Office earlier this year.

As crossbench peer Baroness Kidron said during a debate on the Bill last week, the age of 13 “is really an age of convenience” for the Government; simply chosen to align UK standards with a piece of US legislation called the Children’s Online Privacy Protection Rule (COPPA), which dates from 2000, when the internet was in its infancy and the likes of Snapchat and Facebook were but a glint in their founders’ eye.

Now it may be that 13 is an appropriate age of consent for children to give their information away online, but importantly, we think this should be decided based on evidence from industry and the public.

Our YouGov survey results indicate the Government’s intentions to legally set the age of consent at 13 jars significantly with the views of the UK public. BCS would like to see some clear public consultation on the matter, rather than the Government simply putting into legislation a standard which the public is apparently so uncomfortable with.

This week, the Government has released its Internet Safety Strategy green paper, which is a welcome step towards making progress on the Digital Charter. However, the issues raised for consultation and discussion in that paper are closely related and intertwined with the question of age consent. Our conversations on the subject with other bodies, including children’s charities, educators and health professionals, indicate that this is a far more complex issue than appears to have been properly considered. Whilst the protection of our young people online related to the question of age verification and what should and shouldn’t be accessible has been a dominant policy area, enabling and empowering them as safe and knowledgeable online citizens is a separate conversation which we don’t believe has been properly had yet.

The very publication of this green paper suggests that the Government itself acknowledges there is still much to be discussed on the subject, however this comes after the Data Protection Bill has been written and introduced to Parliament - surely the two should be better integrated and the details properly aligned?

BCS is working with parliamentarians and industry stakeholders on the Bill as it progresses through Parliament, as well as on our own response to the Internet Safety Strategy. Through expert body partnerships and open consultation, we are confident that clearly explained, evidence-based policies can be achieved for the betterment of all.

BCS is currently gathering views from its members on the proposals set out in the Internet Security Strategy. If you are a BCS member and would like to submit your response,  please visit the Policy Hub.

James Davies, BCS Policy Programmes Manager

About the blog

The BCS Policy team works to inform and drive the debate on public and private IT policy developments.

See all posts by
October 2018

Search this blog