The noble aim of the GDPR, to protect children on the Internet, may not be as good, according to critics. The GDPR may have gone too far in this regard – the lawmakers have forgotten that children still have agency and can think for themselves.
Critics claim the main issue is with the definition of a child. The GDPR considers a person less than 16 years old a child. Ask any psychologist or developmental specialist and they’ll say a 15 year old is far from a child.
The GDPR does allow Member States to reduce the limit up to the more sensible 13 years old, but it is still unclear whether all states will do so. Some have decided to keep it at 16, like the Netherlands, Hungary and Germany.
The fear that children will be left out of the Internet has a lot to do with the increased requirements for companies that accept young users. Namely, children under 13 (or, post-GDPR after 16) will not be able to use online services that require registration unless they obtain parental consent. As you already know, many services, such as social media or even e-mail, require registration.
Since companies now have to verify every young user, they might feel it’s just not worth the hassle and simply bar all users younger than 16 from their web site. That would be horrible, but understandable from their point of view.
Is Verification Useful?
Verification may not be that useful at all. Children, and especially teenagers – are crafty and the system is incredibly easy to circumvent. Does the website require an ID scan? Scanning their parents’ ID is not that difficult. Does consent need to be filled out on paper? Not that difficult.
Besides, there are very few ways that are cost-effective and that can be successfully used to truly verify the identity of the individual that is consenting. Teens can find it easy to simple lie about their age by rounding it up to 16 – and voila! Problem solved. That’s why all this verification conundrum is basically barking up the wrong tree.
Social media platforms could create separate networks catering particularly towards teens and tweens 12 to 16 years old. Users on these platforms would have more rights and their data would not be profiled or used in any other way that could compromise their privacy.
This would essentially allow them to participate in what the Internet has to offer without risking too much and seeing their rights infringed upon. Such measures to create platforms for young people to express themselves wouldn’t earn much for the companies, so some sort of public funding would likely be required.
The GDPR definitely went a bit too far and further action by the institutions will be required to make sure the kids don’t get left out as a result of a badly written legal text.
For more great information and quality tips for preparing with the GDPR, don’t forget to visit GDPR Informer, the premier place for all things GDPR!