Is the Snoopers Charter a justified protection

EU reform: Facebook, WhatsApp, Snapchat & Co. only from the age of 16 * Update *

Update May 4th 2016, Bernd
The new EU General Data Protection Regulation (EU GDPR) is now available in full. The passages mentioned here can be found in Article 8, paragraphs 1 to 3, which, when appropriately incorporated into national laws, make the use of Facebook, WhatsApp, Youtube & Co. up to a minimum age of 16 years dependent on parental approval. In plain language, the EU writes:

(1) If Article 6 (1) (a) applies to an offer of information society services made directly to a child, the processing of the child's personal data is lawful when the child has reached the age of sixteen. If the child has not yet reached the age of sixteen, this processing is only lawful if and to the extent that this consent is given by the holder of parental responsibility for the child or with their consent. EU regulation 2016/679

With the note that this age may be reduced to at least 13 years:

(1) The Member States may legislate for these purposes to provide for a lower age limit, which may not, however, be below the age of thirteen. EU regulation 2016/679

To the obligation of the provider - including e.g. Facebook or Youtube, but possibly also operators of online games and the like. The offer also means:

(2) The person responsible shall make reasonable efforts, taking into account the available technology, to ensure in such cases that the consent of the holder of parental responsibility for the child or with his consent has been given. EU regulation 2016/679

In plain language: a 15-year-old can hit 200 euros on the head at H&M or Primark from May 2018. The store staff is not required to ask for parental consent. If the young lady wants to post the outfit on Instagram or tell her friends about it via WhatsApp, she needs it taking into account the available technology the consent of their parents.

Welcome to the internet.

Original article from April 25, 2016

The EU data protection reform includes plans by the European Union to improve the protection of personal data. Despite the many sensible approaches in the package, critics have long seen a hodgepodge of measures that are more or less targeted against US Internet services such as Google, YouTube, WhatsApp, Facebook & Co., which have been a rough wind in the EU for some time blows against. The data protection reform could hold a nasty surprise in store for young people and adolescents.

With the entry into force of the EU data protection reform in 2018, internet services would be forced to obtain parental consent for all users under the age of 16 to use the service. This is evident from documents available to the Financial Times.

So far, the age limit for using the various platforms and social networks is around 13 years. If a date of birth is entered when registering, which indicates a younger age, the registration process is usually aborted with a friendly note. This restriction, which is largely voluntary and also almost uniform worldwide, naturally makes sense. On the one hand, networks such as Facebook, Twitter, Google+ and Co. want to protect children from the dangers of the internet and require that they only have the necessary maturity from the age of 14. On the other hand, this age limit also represents a kind of quality control for the existing user community. One would like to prevent children from suddenly finding themselves in the comment and discussion threads of adults and "disturbing" there - possibly completely overwhelmed.

Of course, entering a date of birth during registration does not constitute a real age verification, companies know that and the European Union knows that too. Already today, many European Internet offers are faced with the problem of not finding a really functioning - and certainly not a really data protection compliant - system for proof of age. The most common method is for an “independent” service provider to carry out the verification by checking ID card data and notifying a website via an ID that the user has reached the required minimum age. Of course, sensitive, personal data is exchanged, so you have to trust the age verification service provider. In addition, the identity card system has known technical weaknesses.

Parents shouldn't post children's pictures on Facebook - say the children

Other verification systems usually consist of the approach of providing corresponding evidence via account or credit card debits, the electronic eID identity card, a cash card or the PostIdent procedure. The Schufa also plays along and sells corresponding evidence on request for quite expensive money.

If the EU data protection reform were to come into force in the present form, US Internet services that offer their services worldwide and thus also in Europe would have to implement a comparable system. On the grounds that personal data from children and adolescents under the age of 16 may only be collected with the consent of their parents, the next hurdle is at hand.

If an 11-year-old now wants to open his own Facebook, Twitter, Instagram or Snapchat account in two years, he needs the consent of his parents. This consent must also be conveyed to the service somehow - however this is to be done. You don't have to think too long to see how the cat bites its own tail here: if services have to assign a general rule that a certain young person is the child of two legal guardians, this can somehow not be in the inventor's sense of data protection law.

The paper lacks concrete proposals as to how the new EU data protection reform could be implemented on this point. Rather, one tries to use the recently so popular phrase that companies have to take “appropriate measures” to ensure compliance with the regulation. It becomes clear, however, with the impending penalties: up to 4% of the annual turnover should be due if a company violates the regulations of the EU data protection reform. Sales, not profit. If the EU were to refer to global sales with a touch of megalomania, Facebook, for example, would be asked to pay around 2.3 billion euros.

While the fundamental principles of the reform are binding for all member states, the individual member states are still given some leeway when it comes to age. Countries would be entitled to lower the age limit from 16 to 15, 14 or 13 years, thereby accommodating companies as well as children and families. Experts see little chance for this, however, and there is hardly a single state that is likely to dare to go it alone and to ensure that children and young people are allowed to use the relevant services without the corresponding consent of their parents (who are entitled to vote).

Many families, on the other hand, are likely to face a different problem: many parents do not even know what Facebook, Twitter, Snapchat or similar services are. There is a risk that, according to the motto “What the farmer does not know, he does not eat!” permission to use the services is denied or subsequently withdrawn from competent children. Another potential for abuse is the tendency in many families to abuse the use of modern media as an educational tool. The cases in which adolescents are threatened with the deletion of their Facebook account from 2018 if he or she does not comply with any of the parents' wishes are likely to increase dramatically.

This in turn leads to the fact that children and young people will secretly use the services and are left to their own devices in the event of questions or problems because the parents are no longer at least potential contact persons.

The unclearly regulated enforcement of age limits is just one example of how laws are now being developed bypassing reality on the Internet. In an effort to create uniform regulations for a closed legal area like the European Union, one positions itself almost desperately against the rest of the world and especially against the “evil US data octopus”. On the other hand, the member states themselves are diligently expanding their own monitoring mechanisms, above all Great Britain with the “Snoopers' Charter”. This is bigoted, hypocritical and has no relation to what is still common practice in this country, e.g. in terms of address trading.

In addition, it must be noted that every legally prescribed age verification naturally has the "taste" attached to it that the service in question is something dangerous, disreputable or forbidden. The EU does not even have to assume that this is a deliberate impression that will put an additional stumbling block in the way of the dominant US services. The fact is: the media literacy of young people in Europe will not benefit from this EU data protection reform in this form. Prohibitions instead of open-ended confrontations have never worked “on the Internet”.

Further information:,