Making sense of Big Data and the GDPR
In this article, we take a look at big data, the new set of Data Protection Regulations (GDPR) and ask if parents should be concerned about what their children share.
What is the Digital Age of Consent?
In May 2018, the EU will adopt a new set of Data Protection Regulations. The GDPR introduces substantial changes to European data protection law, along with severe financial penalties for non-compliance.
The new regulations require members states to set a digital age of consent. The digital age of consent is the minimum age a user must be before a social media and internet companies can collect, process and store their data. The E.U. has set the age of consent to sixteen by default and member states are given the option of adopting a lower age, but it may be no lower than thirteen years. In Ireland, the Digital Age of Consent will be set at 16 when the Data Protection Bill 2018 is enacted.
An additional amendment to legislation has also been approved. The amendment declares it will be an offense for any company or corporate body to process the personal data of a child “for the purposes of direct marketing, profiling or micro-targeting”.
What Age Have Other Member States Adopted?
France, The Netherlands, and Germany have also opted for 16, while the UK, Denmark, and Sweden will set the age at 13.
What is Big Data?
Most of the big online companies, Facebook, Google, Twitter, etc. are not in the business of providing online services; they are all in the data business. Basically, they collect your information and sell it to advertisers.
If you are on a website or app and you can’t work out what they are selling, it’s YOU.
Your data is a lot more than the photos you upload, the tweets you share, and personal information you enter in forms when setting up social networking profiles. It also includes information about:
- where you are
- who you are with
- what you search for
- what articles you read
- what you buy
- what phone you have
There is an expression that Facebook knows what you are having for breakfast before you do. The data that they collect allows them to create a profile of you so detailed they can tell if you prefer Corn Flakes to Rice Krispies. This type of information is very valuable to advertisers. It means they don’t have to waste money trying to sell you products you aren’t interested in.
If you take your data and put it together with millions of other users’ data, you have what’s called big data. Companies use automated tools to analyse the vast amounts of data from millions of different users to identify cluster or patterns of behaviour. They can also have a pretty good stab at predicting what you will do based on what you and others like you have done in the past. This is the type of thing that insurance companies have been doing for years.
We all, either explicitly or implicitly, sign up to the ‘free’ internet deal. We get lots of cools stuff without having to pay for it and in return, the people who make the stuff get to collect valuable information about us that they can sell for hard cash. Once we give permission for firms to gather our data and they only use it for the purpose we agreed; then everyone is happy. If anyone doesn’t keep their side of the bargain, we can go to the Data Protection Commissioner and ask for help.
Data Protection for Children
When it comes to children things are a little bit more complex. They are considered to be less aware of the risks, consequences and their rights in relation to the use of their personal data.
The law provides protection around the use of children’s personal data for marketing or to create online user profiles or accounts. Currently, companies must get parental consent before they start to collect or use the data of anyone under the age of thirteen. Getting consent is a very big administrative hassle.
Without parental consent, and as a consequence without personal data, it isn’t possible for firms to create and manage user accounts on their service. This is why social media platforms like Facebook, YouTube, and Twitter are restricted to children over the age of 13. The threshold is less to do with child safety concerns and more to do with data protection compliance.
The introduction of the GDPR and the adopting of 16 as the Digital Age of Consent in Ireland will come into effect on May 25th. The requirements of the GDPR also state that “Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.”
Some services have already made changes to their terms of service ahead of the introduction of the GDPR, messaging app; WhatsApp has increased the minimum age, which was set at 13 years old, to 16 years old.
For more information on the new set of Data Protection Regulations (GDPR) go to: ec.europa.eu/justice/data-protection/