Businesses have historically lacked clarity from regulators regarding the compliant methods of age assurance available to them.
While some brands have had to devote significant time and resources to understand and implement the solutions that best ensure child safety on their platforms, others have taken a more passive approach, opting to wait for additional guidance from the regulators instead of taking proactive measures.
The recent comprehensive update to the UK’s Information Commissioner’s Opinion on age assurance for the Children’s Code is therefore a welcome development. It brings much needed clarity to businesses in relation to the implementation of the Children’s Code, by outlining a risk- and standards-based approach to age assurance. Furthermore, given the ICO’s broad remit focusing on overseeing and enforcing data protection laws in the UK, it helps businesses assess their compliance with obligations under the UK GDPR, as well as with wider regulatory frameworks.
Alignment on age assurance requirements with the critically important Online Safety Act 2023 shows further joined up thinking that will help protect our young people online. This Opinion drives a collaborative approach between regulators, alleviating contradictory requirements.
A Timely Announcement
The developments are particularly important in an environment where Ofcom has revealed that 75% of parents now worry about their children seeing age-inappropriate online content. And where access to smartphones has led to children becoming the biggest perpetrators of sexual abuse against children.
Businesses must know they need to do more when it comes to assessing the age of their users. Enforcing regulation and applied guidance from the ICO will propel this matter to the higher echelons of decision making, ensuring the adoption of age assurance tools more quickly and effectively.
Fit For Purpose Solutions
Naturally businesses will look for solutions that offer minimal friction for their users. The guidance around implementing readily accessible, privacy-preserving forms of age estimation such as email address are therefore pleasing. Not only will the majority of individuals have an email address and be willing to use it for the purposes of age estimation, this will complement biometric-driven age assurance including face and voice.
Verification methods based on ‘hard identifiers’ such as an ID scan are also viable, but can exclude or indirectly discriminate against people who lack the necessary documents or information, such as credit history or passports. Where possible, businesses should also consider offering a choice of age assurance methods, appropriate to the needs of their service and users.
A View To The Future
The ICO is being progressive in its approach by referencing techniques such as email address, which adds little or no friction to a user journey, making it both practical and commercially viable for platforms to adopt.
The note from the ICO stating that it will continue its engagement on international standards for age assurance technologies via the International Organisation for Standardisation and IEEE shows that this is a long-term commitment. Something that will be welcomed throughout the industry.
When choosing an age assurance solution, businesses must ensure they partner with an organisation that is not only able to implement the tools they require but one which is genuinely passionate about helping to build a safer online environment.
With it becoming increasingly easy for our young people to access age-restricted content, it has never been more important for regulators to implement and enforce legislation that will safeguard children and society online. Businesses must react quickly and ensure they have the tools and systems in place to ensure they are also doing their part.