The new data protection regulation – possible wrinkles?

Late last week I was talking to a colleague from Sweden who works for a small social media start up. She was very exercised by the new GDPR.  They had already put their service together based on the notion that 13  was the minimum qualifying age in every country in the EU where they planned to work.

Her point now is that say 10 of the 28 Member States each opt to stick with 16 as the new default age and the other 18, between them,  go different ways across the other 3 options (15, 14 or 13) or  maybe they’ll split in some other way?  Anyway, potentially, this is going to involve the Swedish platform in having to rework the site, have more complex systems and get new Ts&Cs drawn up. They are going to have to spend money on lawyers and programmers – money they can ill afford but probably it won’t be such a burden for the larger, better established, richer  sites, most of which, she noted wryly, are not  European owned enterprises and have their Headquarters thousands of miles away.

But then she had a brainwave.  Suppose they just wait until they see which country opts for 13 as the minimum age and they then simply domicile themselves there or put all their servers there?  The Data Protection Authority in that land would have to make a finding that 13 was OK and wouldn’t that then have to be accepted by each Member State? This would achieve a Digital Single Market for young people by stealth – via the back door.

Otherwise the new law will come into effect in 2018 and any youngster who had told the truth about their age could face being kicked off if the site believes they are now or will be below their national minimum age.

Is there another Mr Schrems waiting to challenge such an expulsion?  My guess is because of the way the EU adopted this new rule the chances of them succeeding in overturning the decision will not be negligible.

Thoughts?

About John Carr

John Carr is a member of the Executive Board of the UK Council on Child Internet Safety, the British Government's principal advisory body for online safety and security for children and young people. In the summer of 2013 he was appointed as an adviser to Bangkok-based ECPAT International. Amongst other things John is or has been a Senior Expert Adviser to the United Nations, ITU, the European Union, a member of the Executive Board of the European NGO Alliance for Child Safety Online, Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised many of the world's largest internet companies on online child safety. In June, 2012, John was a appointed a Visiting Senior Fellow at the London School of Economics and Political Science. More: http://johncarrcv.blogspot.com
This entry was posted in Age verification, Default settings, E-commerce, Facebook, Google, Regulation, Self-regulation. Bookmark the permalink.