Allowing children use social media can come back to haunt them in adulthood
Published 23/12/2015 | 02:30
How old should children be to have their own social network accounts? This deceptively simple question has sharply divided European governments this week and highlighted the issue of children's privacy rights online.
The question came up as part of the reform of European data protection law. Early proposals were for an age limit of 13 - in line with the United States. But at the last minute, some member states proposed raising it to 16 - prompting a storm of criticism that children under 16 would be "banned from Facebook".
The end result was a clumsy compromise. Under the new Data Protection Regulation agreed last Tuesday, the general age limit is set at 16 but member states can reduce this to 13 if they wish. It is a safe bet that Ireland will opt for the lower age limit, if only to facilitate Facebook and the other social network firms headquartered in Dublin. However, even those countries that keep the age of 16 won't be "banning" younger children from social networks - they can still sign up for accounts with their parents' permission.
Despite this controversy, we might ask whether the age limit really matters. Existing restrictions in the US are widely ignored. One-third of 9-12-year-olds in Europe has a social media profile on sites such as Facebook, having simply entered a false date of birth to register. Indeed, many parents knowingly allow their children to lie about their age - seeing access to social networking sites as essential to help children communicate with family and friends. The new rules will do nothing to change this.
Age verification technologies are sometimes promoted as a solution - and are already being used in some contexts such as gambling sites. But these systems have their own problems. They are expensive to run and easily circumvented. They tend towards social exclusion - for example, many systems block people who don't have credit cards. Instead of protecting privacy they are privacy invasive, requiring more information from users and undermining the right to read anonymously online.
Most importantly, age verification relies on a discredited belief that a crude age limit, enforced by technical controls, is a silver bullet to protect children online.
Increasingly, the research shows the opposite - children are best served by exploring the internet in conjunction with their parents and educators, gradually taking on more autonomy as they develop. The age at which children are mature enough to sign up to social networks or do other things online will vary depending on the individual child and the context. There is no 'one size fits all' solution and no quick technical fix.
Rather than focusing on age in the abstract, we should consider specific risks faced by children online and what can be done to mitigate them.
There is a particular role here for privacy law.
In 2010, Eric Schmidt, CEO of Google, suggested that young people should be entitled to change their name on reaching 18 to distance themselves from their youthful indiscretions. He was rightly mocked at the time for inviting people to abandon their identities for the convenience of Google's business model. But his suggestion did reflect a growing problem. Too often, children share information online without fully understanding how it might be used. Making mistakes is part of growing up, but foolish posts as a teenager can haunt individuals long after they reach adulthood. Even if an individual carefully censors their own posts they might find that their friends have posted material about them which is embarrassing or worse. This can follow them to a new school, university or job interview - jeopardising their later lives. This issue is partly addressed by the developing European "right to be forgotten" - a right to stop search engines showing certain search results for a person's name where those results are outdated or irrelevant.
The new Data Protection Regulation takes this further and establishes a right to remove personal information such as social media posts where they were made as a child while not fully aware of the risks. It also creates a "right to erasure", making it easier for children to remove not only their original posts but also any copies which might have been made elsewhere.
These new rights will significantly strengthen children's privacy rights online. They are not a cure-all - the best protection for privacy is still education for parents and children - but they will have significantly more effect than an arbitrary and largely unenforceable age limit for social networks.
Dr TJ McIntyre is a lecturer in the UCD Sutherland School of Law and chair of Digital Rights Ireland