Several European countries are moving to rein in the power of tech firms, restricting the accumulation of data that underpins their business models
“The tech giants must be limited”: Denmark’s Ministry of Industry, Business and Financial Affairs has announced that the Government intends to raise the age limit for consent to the processing of personal data and to introduce more effective tools for age verification. According to the Ministry, large tech companies (e.g. Google and Meta) now wield significant influence on the lives of ordinary people and as such they also represent a major challenge for society. The Government’s planned measures are based on the advice of its ‘tech expert group’, which has offered 13 recommendations on how to better handle some of the issues raised by big tech. Among other things, the advisory group has looked at basic regulatory approaches to tech giants' business models, both in relation to the collection of data and requirements relating to the use of algorithms.
Denmark to protect children from data collection and inappropriate content: The Government has stated that it agrees with the recommendations and will work to implement them both in Denmark and in the EU. Specifically, the Government will change data protection rules for children, raising the minimum age (currently 13 years old) at which tech firms can lawfully obtain the personal information of minors. This will mean that more children who use Facebook, Instagram, Snapchat and YouTube will be protected against the accumulation of personal information by big tech. Until then, the collection and processing of personal data of those under 13 will require the explicit consent of a parent. In addition, the Government will introduce obligations for digital age verification on certain websites and apps in order to protect children from inappropriate content, such as pornography or videos of war. Business Minister Morten Bødskov endorsed the planned measures, stating that tech giants “must take greater responsibility". He added that it is vital to put an end to their “opaque algorithms” and to the harvesting of “unimaginable amounts” of personal data.
New privacy rules are under development in Europe and the US: The initiatives are expected to become law later this year, thereby aligning Danish legislation with that of the EU. The Ministry’s announcement comes after Germany set a minimum age of 16 years old for data collection, while other European countries, including Hungary, Lithuania and the Netherlands, are working on similar laws. The US is also developing its own national privacy regulation – the American Data Privacy and Protection Act (ADPPA) – that would ban companies and nonprofits from collecting personal information on those under 16 without consent, and would allow younger users to erase that information. While the progression of ADPPA through the House of Representatives could ultimately lead to the US’s first federal privacy law, its proposed enforcement by the FTC could scupper the ambitions of the FCC, which is currently pursuing tougher data protection rules for the telecoms sector.