Tech Predictions 2023: Protection of Minors

The protection of minors’ regimes in Europe will see significant changes in the next years. In Germany and the UK, legislators had already started reforming laws. 2023 will be an interesting year since the EU’s Digital Services Act, which also addresses protection of minors, is looming in early 2024. In this article, we look at recent and future developments.

Europe has traditionally no harmonized approach to the protection of minors. Some countries do not have specific laws in place. Other countries with specific legislative protections in place for minors are often reliant upon laws that pre-date the internet, or pre-date a time when children were frequently online. In contrast, Germany has implemented requirements addressing specific aspects of children's online activities, particularly on hosting platforms and for film and gaming providers. With further change anticipated at EU level, the UK has begun its own shift from light touch regulation to far more detailed and onerous requirements for digital businesses.

Background in Germany

Germany statutory requirements on protection of minors are currently split into two different laws. Different legislators are in charge of these laws and for reforming them. On the one hand, there is the Federal Protection of Minors law (the Jugendschutzgesetz, “JuSchG”) and on the other hand there is State law by way of the Youth Protection Media Interstate Treaty which is agreed between the 16 Länder (the Jugendschutz-Medienstaatsvertrag, “JMStV”). Historically, the JuSchG provided the requirements on offline matters. This relates not only to the distribution of content on “carrier media”, i.e. hard copy books, CDs, DVDs, etc., but also the sale of goods, such as alcohol or tobacco, and age verification requirements in this regard, including via means of e-commerce. In contrast, the JMStV provides requirements for websites, apps, and other modes of online distribution of content. Some principles from the JuSchG, such as age labelling and gating, apply equally under the JMStV. The requirements are, however, unfortunately not completely congruent. Despite years of criticism on the uncertainty this causes for market players and consumers and the discussions with the aim of convergence, legislators have not achieved any major overhaul until now.

Current status in Germany

The JuSchG was amended in 2021 and, unlike in the past, imposes specific obligations on certain online business models. Providers of film and gaming platforms and host providers need to implement certain requirements. The reform of the JuSchG led to a discussion whether an update of the JMStV is also due. The JMStV is in its current version in effect since 2016. A reform, aiming to align it with the current use of online services, had been discussed often in the recent past. Given that the Federal legislator reformed the JuSchG, the State legislators (the “Länder”) felt that they also needed to act. As a result, a highly debated “discussion draft” of the JMStV was published, with the latest version dated April 2022. This provides for two fundamental changes in particular: i) Content as well as app providers must label any content on their services in accordance with the age categories under German laws (0, 6, 12, 16, and over 18 years), i.e. different than some international categories; and ii) operating system providers must implement a default “protection of minors setting”, that can acknowledge the relevant age category and filter out accordingly content. This has led that many parties involved in the legislative process to assume a de facto blocking of any content by foreign providers, who may not have the ability to assess and rate all their content accordingly. Negotiations on this discussion draft and these flamboyant new requirements will likely continue in 2023.

Other developments in Germany

Enforcement in Germany has traditionally been low key. In 2021, however, a case against online providers of websites with pornographic content regarding age verification requirements created a lot of attention. The providers made content available without the necessary age-gated restrictions. The State regulator (the Media Authority in North-Rhine Westphalia) had issued orders against the providers to block access to the websites. These were, however, operating from Cyprus. Thus, this was contrary to the applicable country of origin principle. The regulator, as explained in an interview, argued that the websites were targeting the German market (due to German language on the website, for example) and that the requirements of the JMStV applied. The regulator had aligned first with the authority in Cyprus and in parallel also informed the EU Commission. In September 2022, a second instance high court ruling confirmed this position. In light of this, there may be further regulatory action against other providers located outside Germany in 2023 and the near future.

Outlook in light of the DSA

In the next years, the protection of minors landscape will change significantly due to the EU’s Digital Services Act (DSA). It was adopted in October 2022 and will be in force from February 2024. Since it has a broad scope it will lead to a reformation of protection of minors’ laws in Germany. The DSA addresses explicitly the subject. Art. 28 of the DSA requires online platform providers to ensure a high level of privacy, safety, and security of minors, on their service. In addition, it regulates also online marketing to minors. In light of this, from 2024 the EU will have the sole competence over these topics, at least with regard to “online platforms” as defined under the DSA. The JuSchG will probably remain as is, to the extent it regulates offline matters. These do not fall within the scope of the DSA. In contrast to that, the Länder will need to adjust the JMStV. There still may be room to regulate content, intermediary and, in particular, hosting service providers on a national level. This, however, could lead to even more uncertainty due to heterogenous requirements in Germany.

Background in the UK

Historically the UK has always preferred light touch regulation when it comes to online safety, and this remains true in relation to children's safety. Other than requirements relating to the sale of physical products (which are enforced upon delivery) and serious criminal offences related to child grooming and abuse, successive UK governments have been slow to legislate in this area.

For one-way content (whether downloaded or streamed) minimum age recommendations may be made and in the case of films the British Board of Film Classification (the BBFC) rating will apply. However, there is no enforcement mechanism online, as there would be in the cinema. There are currently no restrictions or age verification processes in the UK, meaning that the onus is on parents and other adults to restrict access to both free and paid-for content.

The position is slightly different in the case of video games. UK games platforms and publishers follow the Europe-wide PEGI system and/or the International Age Rating Coalition (IARC) system to indicate a minimum user age, though for content available via the Apple App store, Apple's own rating system will also apply. Although physical and online stores cannot sell games to minors younger than the game's PEGI rating, there is no mechanism for enforcing this online and now age-verification requirement for gaming platforms.

Dangers to children lurk in places other than gaming and streaming platforms and in 2017 the UK government attempted to address one aspect of this with the Digital Economy Act 2017. The law contained powers for the BBFC to enforce an age verification system that would be mandatory for websites that publish pornography for profit. However, attempts to come up with a workable scheme floundered until 2019, when the government announced it was scrapping the plan in favour of a new and wider scheme of Internet regulation. This ultimately evolved into the UK's much debated Online Safety Bill.

The UK’s Online Safety Bill

With a wide remit and an initial approach that concerned free-speech campaigners, the Online Safety Bill has had a rocky ride. Although its progress has certainly been hindered by political uncertainty and changes of leadership in the UK, the primary reason for its delay has been the government's early plans to regulate legal-but-harmful content. Although the bill is heavily concerned with Children, it also contains extensive provisions relating to the protection of all individuals, regardless of age. Early versions of the Online Safety Bill required Ofcom, the country’s telecoms regulator to enforce rules that required large platforms to act against harmful but legal material like the promotion of self-harm, eating disorders or bullying. Tech companies and free speech campaigners expressed concerns about the workability and wisdom of this approach, particularly when it would take the UK so far out of alignment with the EU. The expectation to monitor and address "harmful" content has been largely watered down in the latest version of the Online Safety Bill published in December 2022 and responsibility to manage user generated content will now remain largely with the platforms themselves.

A holistic Approach or a Regulatory patchwork in the UK?

The UK's overambitious approach to tackling online harms might have paid off in a less politically tumultuous time but the struggle to get the Online Safety Bill passed highlights the challenges of addressing complex challenges facing participants in the digital economy in isolation. In contrast, closer alignment can lead to greater success. In the context of privacy, where the UK's version of the GDPR remains closely aligned with the original, the UK's Age Appropriate Design Code (which builds upon the GDPR) has been successful in changing approaches to handling children's personal data online and has become a model for California's recent Age Appropriate Design Code Act. It remains to be seen whether the Online Safety Bill, which is set to become law in spring 2023, will be able to have a meaningful impact in a digital world without borders without closer alignment to the DSA.

The way forward in Europe

Protection of minors has always been a sensitive and highly debated topic, with a very divergent legal landscape in Europe. While the DSA could lead to a partly harmonization in the EU, it probably will not be the end of the line. The UK's Online Safety Bill seems likely to be closer in approach to the DSA than the UK Government initially intended but its journey to the statute book is far from complete. Across the EU, national legislators seem to still have appetite for country-specific requirements for the time being. This makes compliance especially for online services difficult. Monitoring developments in 2023 is for companies key. Online platforms should be prepared for an implementation of DSA’s requirements and those of the Online Safety Bill when it becomes law. Whether they seek a one-size-fits-all approach to international compliance or instead try to adapt to local requirements and expectations, online platforms should expect to invest significant resources in managing compliance, particularly where children are involved.