A few weeks ago, Twitter prompted me with a message suggesting that I add my birthday so I’d be able to “celebrate with balloons on your profile on your big day!”
Unlike Facebook, Twitter has never required users to add their dates of birth, and I never added mine when I created my account. Despite the fact that it was optional, I hopped on over to my profile settings and entered my birthday thinking little of what would happen.
Immediately after I hit the “Save Changes” button, Twitter shut me out. In an instant, the account that I’ve had for nine years was gone. “In order to create a Twitter account, you must be at least 13 years old,” the message on the screen read. “Twitter has determined that you don’t meet these age requirements, so your account has been locked and will be removed from Twitter.”
But the removal of my old account is simply collateral damage from Twitter trying to act in compliance with American and European laws protecting minors online—laws that don’t exist in Canada yet.
Under these laws, Twitter legally cannot keep content shared by users when they were under 13. Despite the fact that I’m 21 now, I created my account two months before my thirteenth birthday. Once I put in my date of birth, Twitter became aware that they had gathered data from me while I was under 12. They have no way of differentiating between data collected from me before I was 13 and data collected from me after I turned 13 and were forced to close my account.
Chapter 9 of the GDPR sets the age that children can consent to data collection. EU member states can set the age anywhere between 13 to 16, but if no age is set, the age of 16 automatically applies.
Legislation protecting the privacy of minors online is also more comprehensive in the United States. The Children’s Online Privacy Protection Act prohibits websites from collecting data from children under 13 without a parent or guardian’s consent.
But Canada’s online privacy law—the Personal Information Protection and Electronic Documents Act (PIPEDA)—has no specific provisions on online privacy for minors and does not lay out a minimum age at which children can have their data collected.
The Privacy Commissioner of Canada’s guidelines say that websites should obtain parental consent to collect data from children under 13, but these guidelines are not written into legislation.
However, change may be on the horizon. Back in February, the House and Commons Standing Committee on Access to Information, Privacy and Ethics made 19 recommendations for improving PIPEDA, many inspired by GDPR’s protections. Among these recommendations include “specific rules of consent for minors as well as regulations governing the collection, use and disclosure of minors’ personal information.”
On Tuesday, the federal government announced a nation-wide consultative process looking into developing a digital strategy and implementing some or all of the 19 recommendations. The consultation will cover a wide-range of digital issues, including artificial intelligence, digital infrastructure, and changes in the labour market. The most pressing of those matters—at least for the time being: data privacy.
“There will be a focus, in particular, on how companies can gather, use, and share personal information [to] innovate and compete, while at the same time, protecting privacy, a value that Canadians continue to hold dear,” said Navdeep Bains, the minister of innovation, science and economic development.
The federal government has begun holding roundtables with industry leaders, experts and other stakeholders and has also launched a website for Canadians to share their thoughts.
“Industry and policy research can’t answer these questions being closed doors,” said Bains. “It’s a fundamental question for our society and that’s why we’ll be launching these national consultations on data and digital transformation…with the goal of putting together a set of recommendations and a path forward in the fall.
This all comes, of course, in wake of the scandal involving Cambridge Analytica, a British consulting agency that was revealed in March to have used personally-identifiable data from 87 million Facebook users to sway public opinion in favour of the Donald Trump presidential campaign and the campaign in favour of Brexit.
Digital rights advocates have praised the federal government’s move. “We’re extremely happy that consultations are happening,” said Nasma Ahmed, who is the executive director of the Digital Justice Lab, an advocacy group focusing on digital issues.
Bianca Wylie, is the co-founder of Tech Reset Canada, another advocacy organization focusing on technology issues, called the announcement “really good news,” but noted that the government has a daunting task ahead.
“The scope and the sheer number of people that need to be at this consultation—it’s a lot,” said Wylie, “That leads to the other challenge… which is, you need to do public education before you can actually consult on things.”
That leaves users like myself muddling along, at the mercy of tech companies scrambling to comply with a constellation of new laws and requirements coming their way. Twitter, for one, has issued an apology for the confusion over the removal of my account and is reaching out to affected users.
In the meantime, we’re reaching out to people impacted with options to unlock their account and continue to use Twitter. Instructions from us will come during the coming week. 5/6
— Twitter Support (@TwitterSupport) June 12, 2018
In the meantime, I’ve made a new account. You can now follow me at @7om_Yun.
CORRECTION: This story has ben updated to correct the spelling of Bianca Wylie’s name.