Thomas Gould
Question:592. Deputy Thomas Gould asked the Minister for Justice the legislation under which certain websites are required to have age gate verification. [17512/22]
View answerTuesday, 5 April 2022
Questions (592)
Written answers
Under the provisions set out in Article 8 of the General Data Protection Regulation (GDPR), countries within the EU are directed to set a minimum age at which online service providers, including social media companies, can rely on a child’s consent to process their personal information data. This is an EU wide instrument and Member States, including Ireland, cannot deviate from its provisions.
Under Section 31(1) of the Data Protection Act 2018, the age of a child specified for the purposes of Article 8 is 16 years of age. This means that if an organisation is relying on consent as the legal basis (justification) for processing a child’s personal data and the child is under 16 years of age, then consent must be given or authorised by the child’s parents or guardians.
Additionally, Section 32(1)(b) of the 2018 Act outlines that the Data Protection Commission shall encourage the drawing up of codes of conduct intended to contribute to the proper application of the Data Protection Regulation with regard to the manner in which the consent of the holders of parental responsibility over a child is to be obtained for the purposes of Article 8.
My Department continues to monitor the impact of the implementation of GDPR, the impact of any possible future regulatory changes across Europe as well as any changes within industry, in conjunction with the Data Protection Commission, to ensure that the Commission continues to have the resources required to fulfil its important, statutory obligations.