The GDPR passed its final, formal hurdle earlier this week. It went through un-amended and will become law in mid 2018. There were only a handful of votes against it, one of those being registered by Anna-Maria Corazza-Bildt who said
…..we missed a big opportunity to protect our children online.
Corazza-Bildt chairs the European Parliament’s Interservices Group on Children and, if I had one, she would definitely be on my Christmas Card list. Bravo AMCB.
Speaking yesterday at an event organized in Dublin by Google and Facebook (yes I was there too) Corazza-Bildt was very clear about where she thought the blame for the GDPR’s failure to protect children adequately should lie. There were two principal culprits. First
The Taliban of online privacy led by Jan Philipp Albrecht
Albrecht was the Rapporteur on the GDPR. This gave him a key role in respect of the GDPR from the beginning to the end of the entire process. According to Corazza-Bildt Albrecht had a number of his own and his Party’s key objectives which he wanted to secure in the negotiations that took place around the measure.
He could only fight so many battles and he decided children’s rights wasn’t going to be one of them. They were sacrificed.
Next in Corrazza-Bildt’s firing line was the Trialogue process itself. She said towards the end, in respect of children, it was chaotic, but from the moment it began it was opaque and allowed Member States to disguise their lack of interest in children’s rights or their opposition to what Corazza-Bildt thought were the necessary amendments to the original text.
And now a bit of good news
I met with Claude Moraes, Chair of the LIBE Committee. He accepted the force of the central point I made about the poor consultation processes with child protection experts which had surrounded the adoption of the GDPR and, above all, he grasped the significance of the absence of an impact assessment in relation to the Commission’s original proposal to make 13 the minimum age.
It might be going too far to say Moraes apologised for what had happened but he certainly acknowledged there was a need for the whole age and the internet issue to be thoroughly examined and debated. Moraes was clear it was now so late in the day there was zero possibility of the GDPR being radically amended or held up but he gave an undertaking to write to the Commission raising the points we discussed.
Moraes was as good as his word and in what is otherwise a sorry mess, he comes out of this with great credit. I am putting him on my potential Christmas Card list too. I reproduce here a copy of the letter that went to Commissioner Jourova.
I hope Jourova moves swiftly and brings together the right people. If a Blue Ribbon Commission could reach some sort of consensus within a reasonable time-frame it might help in the debates which will take place at Member State level with regard to the age option they go for. It might also assist in (at least) two further ways: with issues of interpretation as the GDPR comes to be implemented and to encourage the new EDPS and national DPAs to become more engaged as well as the wider privacy community.
Then there’s the new e-Privacy Directive, promised for next year. Will age and the internet raise its head there?
Desiderata 