I listened with great interest to the various contributions of committee members on the current group of nine amendments, including amendments to sections 30 and 31 and a proposed new section, all of which are concerned with the protection of children. Indeed, for that reason we are discussing these amendments as a group. Notwithstanding that, it would be helpful, having regard to the discussion we have had, if I dealt with each amendment separately, commencing with amendment No. 27, tabled by Deputies Sherlock, Shortall, O'Callaghan and Catherine Murphy, proposing a digital age of consent of 16 years in section 30.
The position, of course, is that article 8 of the GDPR specifies a digital age of consent of 16 but allows member states to provide for a lower age not below 13. Article 8 will mean that providers of information society services must make reasonable efforts to obtain the consent of the holder of parental responsibility over the child where such services are offered directly to children below the specified age threshold. I acknowledge the extent and the importance of the discussion we had in the Seanad and elsewhere over the past year or more. I am quite satisfied that there are sincere and strongly held views in favour of both 13 years, as provided for in the Bill, and 16 years, which is the subject matter of amendments.
I want to talk about process here, and acknowledge the importance of the public consultation process that took place before any decision was taken by Government on this issue. I believe that is how legislation should be processed. Indeed, following completion of these consultations carried out by my Department on the Government's data forum, which brings together legal and data protection experts, business representatives, small and medium sized industry, multinationals, sociologists, psychologists and education specialists, the Government decided in favour of a digital age of consent of 13 years. I want to stress that full account was taken of the knowledge of those that responded to the consultation process in reaching the decision, and a careful consideration was given to the expertise of this body of opinion. A majority of respondents, including the Office of the Ombudsman for Children, the ISPCC, the Internet Safety Advisory Committee and the Childrens' Rights Alliance clearly recommended a digital age of consent of 13 years. Moreover, as Deputies Wallace and Clare Daly in particular mentioned, this committee will recall the contribution of the special rapporteur on child protection, Dr. Geoffrey Shannon, who recommended a digital age of consent of 13. That strong recommendation was adopted by the Joint Committee in this room in the Chair's report of last November. I acknowledge the work of that committee. The content of that committee report, and indeed the disposition of committee members, was very much considered in the context of the Government's decision here. I was keen, at all times, that the views of this committee would be taken into consideration in my deliberation with Government colleagues.
Having regard to the due process, the Government considers that a digital age of consent of 13 years does represent an appropriate balancing of the child's right to participation in the online environment and the child's right to safety and protection. These rights are enshrined in the UN Convention on the Rights of the Child. In making that decision, and in choosing the age of 13, Ireland is not out of line with many other EU states. The age of 13 has been adopted by Denmark, Sweden and Finland. These are member states that we often look to as an example of good practice in the area of child protection and child and family support. I can also point to other countries which have opted for the age of 13, including our nearest neighbour, the UK, Spain and Latvia. As we are deliberating here and processing this legislation, other countries are having the same debate.
For many reasons, I am unable to accept amendment No. 27, which seeks to replace 13 with 16. I was struck by the contribution of some Deputies here who said they were reluctantly supporting the amendment or that they were doing so with a health warning. I am not sure that represents good practice, and I am concerned that in many respects there is a move to depart from or abandon what was a programme of good process. I welcomed the discussion in the Seanad and proposed the inclusion of subsection 3 which provides for the review of the operation of the 13 year old threshold within three years. I put that forward to the members here who have indicated that they are conflicted. Article 8(3) of the GDPR provides that the providers of information society services must make reasonable efforts to verify that consent is given or authorised by the holder of parental authority, specifying that available technology must be taken into consideration by the controller, and that it is highly likely that the European Data Protection Board will issue further guidelines in this matter and move towards the identification of best practice, as it is entitled to under article 70.
There are a number of difficulties with amendments Nos. 28 and 246, in which Deputies Daly and Wallace seek to impose an obligation on Tusla to maintain a register of preventative counselling services. The services referred to here are not only those established in this State, so there is no good reason for it. A teenager in a Border county may well be using a counselling service in Northern Ireland; I am sure the Chair can relate to that example. Likewise, there is no good reason to prevent a teenager in Dublin or in any part of Ireland whose native language may be Polish, Lithuanian or any language other than English from taking advantage of a counselling service based in other countries.
We need to acknowledge the practical manifestation of everyday living, the freedom of movement and the fluidity or social mobility in society. The amendment seeks, in effect, to define the scope of the preventative and counselling services referred to in Article 8 of GDPR, which I am afraid would amount to an infringement of GDPR. As I said earlier, we will need to exercise great care in departing from the import of the GDPR itself.
I will briefly turn to children’s personal data - amendments Nos. 26, 29 and 30, tabled by Deputies Clare Daly, Wallace, Shortall, Murphy and Ó Laoghaire, seeking to impose prohibitions on the processing of children's personal data for marketing and for profiling purposes. I have a difficulty with the amendments. Processing personal data for marketing and profiling purposes takes place under the so-called legitimate interests ground in Article 6.1.(f) of GDPR. Recital 47 states specifically that the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest. It is important to note in that regard that the European Court of Justice addressed the issue of whether national law can impose additional conditions on processing carried on under the corresponding Article 7. (f) of the 1995 directive. In that regard the Court of Justice underlined the importance of free movement of personal data under the 1995 regime. It concluded that member states were not in a position to add new principles or impose additional conditions to have the effect of amending the scope of any of the grounds in Article 7 of the directive. Those grounds are now in Article 6.1.(f) of GDPR. In short, the imposition of prohibitions or limitations in national law on the processing of personal data that is lawful under GDPR is in breach of EU law and that could well have a consequence of exposing the State to infringement proceedings or possible sanctions of a type that we are familiar with.
I wish to go back to the Seanad debate because I think it is very important and informative for what we are doing here. Mention was made by Deputy Wallace of the contribution of Senator Lynn Ruane. It was a very strong contribution. I agree with Deputy Wallace in that regard. Senator Ruane was speaking not only as a Senator but as a mother of teenage children and as somebody who has engaged in children's issues to a very positive extent since she was elected to the Seanad. During the course of the Seanad debate one could see how her positioning evolved in the context of her own practical experience. That was really important. She was very helpful and very positive, as indeed were other Senators. I introduced a new section 31 in the Seanad, which makes specific provision for codes of conduct for the protection of children and I now propose amendments Nos. 32, 33 and 34 in response to Second Stage discussions here, including what was a constructive contribution from Deputy Shortall who joins us this morning. Those amendments introduce protection for children where there is processing of their personal data for the purposes of direct marketing and creating personality and user profiles. I think that is positive and I believe it meets the concern of Deputies. I thank Deputy Shortall for a positive contribution in that regard.
In order to remain compliant with Article 40 of GDPR, section 31 does place an obligation on the supervisory authorities such as the Data Protection Commission to encourage the drawing up of codes of practice. I listened carefully to Deputy Clare Deputy in that regard and I am conscious of her amendment but placing a specific obligation on the commission to draw up such codes would be in conflict with GDPR compliance. The conflict would arise because of the obligation placed on the commission under Article 40.5 to provide an opinion on such a code and to approve it where it finds the code provides sufficient safeguards. If the code is intended to apply in other member states the commission will submit it to the consistency mechanism for approval then by all member states. I think that is what will happen. In that regard I am unable to accept the proposals from Deputies Clare Daly and Wallace as far as amendment No. 31 is concerned, to replace "encourage" with "require" but I very much acknowledge the points Deputy Clare Daly made and I am in agreement with the overall point she made, but there is a limit to how we can mandate the supervisory authorities.