Policy & Research
Policy Brief

Latest Thinking on European Policies and Practices

By Emma Morris International Policy Manager, Family Online Safety Institute | June 6, 2013

At the Family Online Safety Institute's recent forum held in Dublin the discussions revolved around safety, digital citizenship, data protection and privacy, and incorporated perspectives from representatives of the European Commission, Irish Government and Data Protection authority and the UK Government and Data Protection Commission. 

The Irish Presidency of the Council of the European Union provided an opportunity to revisit the current situation in Europe and discuss emerging challenges and opportunities for collaboration. In a keynote address at the event, provided by the Minister for Children and Youth Affairs, Frances Fitzgerald, she underlined the challenges presented by the Internet in stating, "we've got to control the worst and promote the best."

Much attention has been paid to the parental controls work of the UK Council on Child Internet Safety (UKCCIS), which continues to promote the adoption of an active choice approach to Internet filtering at the home level. This involves specific decisions being made, upon installation, as to whether adult content can be accessed. Recently, a fifth Internet Service Provider (ISP), EE, signed up to join BT, TalkTalk, Virgin Media and Sky. The debate has been broadened in recent weeks by outspoken online safety advocates, as well as by Government representatives, to encompass the adult material that can be accessed using public WiFi. There are calls to implement filtering at locations such as coffee shops and restaurants to prevent pre-defined adult material being accessed there. Discussions also continue around the possibility of a crowd-sourced rating system for user-generated content. 

At a European level, the "CEO Coalition to Make the Internet a Better Place for Kids" continues to monitor industry compliance with the commitments made on February 5th 2013. A meeting scheduled for June 2013 with Commissioner Neelie Kroes assessed the work that has been done to date. Alongside this industry led coalition, the "ICT Coalition for the Safer Use of Connected Devices and Online Services by Children and Young People in the EU" is making progress around the six key areas that they identified for development in 2012. Specifically, the awareness raising component has formed a key area of work and has resulted in, among other initiatives, the launch of an informative website on the work of the group. 

There can be no discussion around online safety or privacy in Europe at the moment without examination of proposed reforms to the almost two-decade-old data protection law. The Regulation and Directive, proposed in 2012 by Commissioner Reding, continues to be the subject of review by the European Parliament's Committee on Civil Liberties, Justice and Home Affairs (LIBE). Over 3,000 amendments have been filed with the group, with many suggesting changes to key areas of the proposed law. 

Areas of concern remain around the right to be forgotten, the obligation to obtain explicit consent for all data processing and the requirement that using an online service is not contingent upon consenting to extensive data processing. All profiling to establish location, preferences and behavior, or other related identifiers, would be banned in the absence of explicit consent. Formal incorporation of the already extensive practice of limiting collection of data from children under 13 is also foreseen. All privacy policies would need to be written in clear and plain language, though the possibility of icons is reserved. Finally, the issue of penalties continues to divide contributors. The Regulation foresees fines of up to 2% of the global annual turnover of a company, while many others see this as excessive and argue instead for the imposition of privacy audits or lower thresholds for fines. 

Article 17 of the Data Protection Regulation remains one of the most contentious aspects of the proposal. As referenced above, the discussion around privacy in Europe would not be complete without assessment of the implications of an online right to be forgotten. As written, the Article would allow a user to request that all data about themselves be deleted, including all data that has been made public. 

Significant concerns have been raised regarding freedom of speech, not to mention, in some cases, the insurmountable burdens this would place on Internet platforms and service providers. 

Proposals from the LIBE committee include removing the binding obligation on third parties to delete data, as well as including a provision requiring erasure requests to be balanced against free speech interests. Critics argue that even with this included, too much responsibility is being placed on private companies to strike this delicate balance, a role that should be reserved for the courts in democratic countries. 

As for whether or not the European Commission will accept the changes made by the Parliament, only time will tell. The economic advantages of a standardized approach to data protection across Europe, such as saving companies considerable sums of money, exemptions for small businesses and overall simplification of the data protection regime, continue to be advanced as grounds to pass the Regulation and Directive before the end of this Commission in 2014. 

Given that this year's forum took place in Dublin, attention should also be given to the current approach of the Irish Government. Recent high-profile suicides linked to cyberbullying have refocused the debate in Ireland around the risks of being online. However, that is not to say that the Government as a whole is preoccupied with the negative impact of the Internet. In a keynote address, the Irish Minister for Children and Youth Affairs, Frances Fitzgerald, took time to highlight the many positive opportunities that the Internet offers children and called on participants to promote a culture of responsibility online and encourage a sense of digital citizenship for all. 

In addition to the data protection work, privacy focus and online protection efforts that are currently pursued by Europe, there remains an effort to ensure that creative and educational content is being produced for children. As part of the "New strategy for safer internet and better Internet content for children and teenagers" there is provision for the stimulation of age-appropriate content for children. These are admirable goals that, in combination with the work specifically around safety, will assist in ensuring that children have the opportunity to access material that is designed with their ages and comprehension levels in mind. Governments around the world would do well to learn from the EU in this respect, and to encourage and support similar efforts in their own countries. 

We are seeing an increasing convergence of approaches between Europe and the US, especially around online issues specific to children. The eraser button concept advanced in H.R 1895, the Do Not Track Kids Act from 2011, and the recently proposed California Senate Bill 568 which would allow minors to remove content that they themselves submitted to websites, online services or applications all bear the hallmarks of the European right to be forgotten, albeit reserved for children. This has been the subject of considerable concern in the United States. 

While the US looks to the Europe for their legislative approaches to privacy, the EU is looking to Silicon Valley for industry responses to the challenges they face. Both are keen to promote innovation and ensure that children are able to access the massive opportunities that the Internet provides, and the current legislative activity on both sides of the Atlantic suggests that the last six months of 2013 may shape the landscape around children's online safety and privacy for the next few years.