by Larry Magid
European Union officials just approved data privacy regulations that, while offering some protections for European citizens, could also have some unintended consequences in both Europe and in Silicon Valley. The regulations, which must still be passed by the European Parliament, will go into effect in two years.
On the positive side, the regulations provide more transparency and control over how data is used by both the private and public sector, including law enforcement.
But there are some potential negative consequences including one that could prevent teens under 16 from accessing social media. Of course, the regulations will have impact on Silicon Valley companies that could face extremely stiff fines, up to 4 percent of a company’s world-wide revenue, if they are found to violate the provisions.
Based on a European Commission press release, it’s easy to see why many Europeans might applaud the deal, which calls for easier access to your own data, the right to transfer your personal data between service providers, the right to know when your data has been hacked and the right to have information about you removed from services, “provided that there are no legitimate grounds for retaining it.”
It’s a mixed blessing for companies like Facebook and Google that do business in Europe, but likely to impose roadblocks for smaller companies.
The press release claims that “by unifying Europe’s rules on data protection, lawmakers are creating a business opportunity and encouraging innovation,” and it makes some sense that a single law for the European Union would be easier to comply with than a patchwork of laws from its 28 member states. But, based on what I’ve seen so far, it’s not quite a “one law applies to all” scenario and there remain a lot of ambiguities and uncertainties that will guarantee full employment for privacy lawyers.
I’m confident that the big Silicon Valley companies like Facebook, Google, Apple and Intel will find ways to comply and continue to thrive in international markets. But I worry about small companies that don’t have the vast resources of these major corporations. As we’ve seen over the last several decades, some of the biggest innovations come from the smallest start-ups. I worry about the next Mark Zuckerberg and his or her small team of innovators who invest everything they have in developing their product with scant resources to engage international law firms.
Impact on teens
As an Internet safety advocate (I’m CEO of ConnectSafely.org, which receives support from Facebook and other companies affected by these regulations), I worry about the law’s impact on children. European countries already have rules similar to the U.S. Children’s Online Privacy Protection Act (COPPA), that requires verified parental consent before a child under 13 can provide personal information to commercial services, but a last minute provision to the European regulation raised the age of parental consent from 13 to 16.
This caused an immediate response from leading Internet safety groups throughout Europe, which argued that raising the age would actually harm young teens by denying them access to social media, which is how many young people get health information and access to vital services. It has huge free speech implications, considering that the Internet is the prime way many young people seek information and speak their minds and may even be in violation of the United Nations Convention on the Rights of the Child, which guarantees children “the right to freedom of expression … through any (other) media of the child’s choice.”
Country by country basis
As passed, the regulation still requires parental consent, but allows each country to decide the age when it will apply. Countries can stick with 13, but they can also raise the age to 16. Raising the age makes no sense, based on what we know about adolescent development and what we’ve learned from more than a decade of millions of teens accessing social media sites. Had this regulation been in place when Nobel Peace Prize laureate Malala Yousafzai began her campaign for the rights of girls and women in Pakistan, she might have been banned from posting about it on social media.
Could hurt immigrants and other vulnerable youth
The proposed regulation does allow parents to consent for their teens to use social media, which is great for those kids whose parents are able and willing to go through the verification process. But I worry about those whose parents won’t or can’t comply. There are probably millions of teens with parents who may not have the technology or local language skills to comply. Others may be afraid to comply for fear it might affect their legal or immigration status and some may not want to empower their children to interact with people outside of their cultural, ethnic or religious communities around such issues as religion, sexuality or politics. This is especially important in Europe, where millions of families are coming to seek refuge from oppressive conditions.
Based on America’s experience with immigrants — including my own grandparents and my own experience growing up, it’s pretty easy to envision generational conflicts with youth pushing to assimilate and parents seeking to uphold traditional values, sometimes at the expense of allowing their kids to interact with peers from other groups. As a society, we should be encouraging youth to interact and break down barriers, not put up additional barriers to prevent young people from expanding their horizons.
Bottom line. As we know, the vast majority of teens do and will continue to access social media, regardless of the law. I fear this regulation will drive some underground to services that have no regard for safety and privacy while causing others to cynically ignore the law and lie about their age.
Here are links to other articles and statements regarding the European Commission decision.