My Lords, I feel confident that I will be able to reassure the noble Baroness and other noble Lords who have spoken this afternoon.
Child online safety is an issue close to the heart of the noble Baroness, Lady Howe, and everyone in this House. It is right that children in the UK should be granted a robust data regime so that they can access online services in a way that meets their age and development needs. It was with this goal in mind that the Government, with a great deal of support from a number of Peers from all sides of the House, led by the noble Baroness, Lady Kidron, agreed and supported her amendment. It introduced a requirement on the Information Commissioner to prepare an age-appropriate design code. This amendment was the product of many hours of discussion and days of drafting and redrafting, and I am glad that it was accepted with no dissenting voices in this House. The code will contain guidance on standards of age-appropriate design for relevant online services which are likely to be accessed by children.
The aim of Amendment 4, as explained by the noble Baroness, is to add a definition to the age-appropriate design code to define “children” as those under the age of 18. We are determined to ensure that children of different ages are able to access online services in a way that is safe and takes into account their different needs. For that reason, we included in Clause 124(4) a requirement that the commissioner must have regard to the fact that children have different needs at different ages, and in Clause 124 (4)(b) that the commissioner must have regard to the United Kingdom’s obligations under the United Nations Convention on the Rights of the Child. So I maintain that it is explicitly included in the Bill.
Article 1 of the United Nations Convention on the Rights of the Child defines children as,
“every human being below the age of eighteen years unless under the law applicable to the child, majority is attained earlier”.
As such, the existing age-appropriate design code, which requires the commissioner to have regard to the convention, already addresses the point that the proposed amendment is making.
Article 2 of the convention obliges state parties to respect and ensure the rights in the convention to each child—all those under 18. By requiring the commissioner to have regard to the convention, Clause 124 ensures that in order to comply with the requirements for the code on age-appropriate design, children up to 18 would need to be considered. Therefore, the existing age-appropriate design code already ensures that the commissioner must have regard to the different needs and rights of children under the age of 18, and as a result this amendment is not necessary.
Not only is the amendment unnecessary, it is also potentially unhelpful. One of the key features of the existing age-appropriate design code is that it recognises that children have different needs at different ages. The proposed amendment risks undermining this important point by presenting children as a homogenous group. The needs of a child aged 17 are very different from the needs of a child aged 10 and it is right that the requirements of the age-appropriate design code reflect that.
The noble Baroness asked—the noble Baroness, Lady Kidron, also alluded to this—whether the Bill is consistent in its approach to children. As I said, children are human beings under the age of 18. That is the consistent approach we are taking on this legislation. But the Bill works in tandem with the GDPR and we cannot amend the GDPR. Nor does the GDPR allow member states to come up with their own definitions, so we interpret the GDPR as adopting the definitions from the UN Convention on the Rights of the Child.
There are of course differences between young children and older children, and the provision needs to be age appropriate. A child who is 12 years old may consent to having their data processed in the offline world. Clause 201 ensures that is consistent in Scotland as well as England and Wales. A child who is 13 years old may consent to having their data processed online. That is provided by Clause 9. Any website or app maker providing services for children—meaning everyone under 18—will have the benefit of the code of practice on age-appropriate design provided by Clause 124. Of course, the law generally makes different provision for older children and for young children—for example, the age of sexual activity, marriage and serving in the Armed Forces.
There is a risk that the proposed amendment to the clause on age-appropriate design could also have serious unintended consequences. The Data Protection Bill contains numerous references to “children”. We cannot agree to an amendment that could have implications on issues elsewhere in the Bill.
Finally, it is worth emphasising that the existing wording of the age-appropriate design code is completely consistent with the wording of the general data protection regulation, which itself does not define children. I hope I have reassured the noble Baroness and as a result she feels able to withdraw her amendment at this late stage of the Bill.