Age Verification – General
What is Age Verification?
Many of our existing laws include age-restrictions. The most common examples where we require proof of age are the purchase of alcohol, fireworks, cigarettes, knives, scratch-cards and pornography. Increasingly, goods and services are accessed online, so an equivalent way to check the age of a consumer using the internet was needed.
Age verification technology provides this fundamental building block for applying the rule of law online. It seeks to do so in a proportionate way, just as is the case in the real world: So for higher risk uses, a higher level of age assurance is required to confirm that a consumer is the age they claim to be. And this new industry sector operates independently of the suppliers of age-restricted goods and services, and of the global platforms which advertise them, to a standard which can audited and certified.
How does Age Verification differ from identity assurance?
Age verification tends to be a cheaper and more straightforward than age assurance.
Is age verification the same as age assurance?
Other forms of age assurance, according to the UK Information Commissioner’s Office, include:
- Self-declaration – This is where a user simply states their age but does not provide any evidence to confirm it.
- Artificial intelligence – It may be possible to make an estimate of a user’s age by using artificial intelligence to analyse the way in which the user interacts with a website.
- Self-declaration and AI – Similarly you could use this type of profiling to check that the way a user interacts with a website is consistent with their self-declared age
- Account holder confirmation – You may be able to rely upon confirmation of user age from an existing account holder who you know to be an adult.
- Hard identifiers – You can confirm age using solutions which link back to formal identify documents such as a passport.
What methods of age verification are available?
- Identity Documents (Passport, Driving Licence, PASS Scheme cards)
- Credit reference agency data
- Electoral Roll
- Mobile Phone account records
- Social analysis
- Facial image analysis
Each of these, alone or in combination, verify age to a different level of assurance. Regulators can determine the level of assurance they require for each use.
Do I need to repeat age verification each time I use a restricted website?
Can I just verify my age once, and then access all age-restricted websites?
In addition, many providers have put in place bilateral arrangements to recognise each other’s age checks; making it quicker to access new sites.
As the age verification market matures further, it is predicted that a multilateral “age-attribute exchange” will be formed, along the lines of the model used by payment networks such as Visa & Mastercard, where hundreds of different suppliers of credit and debit cards can all be accepted by a retailer through a single payment system. The Age Verification sector is developing similar mechanisms for interoperability so this level of verify-once, use-many-times is extended across sites, regardless of which AV provider is used.
So in future, you may be asked to prove your age when you first buy a new kitchen knife with your online supermarket order, and you will then never be asked to do so again by any other site where age-restrictions apply to its sales or content.
Age Verification – Online Alcohol Sales
What standard of age verification for online alcohol sales is required in the UK?
The Home Office 2020
Isn't it sufficient to enter my date of birth, or send a scan of my driving licence?
Age Verification – Offensive Weapons
What is the current law on selling knives and other offensive weapons online
How and when is the law on online sales of offensive weapons changing
How does this affect retail collection points, couriers and other delivery services
Coronavirus – to protect delivery personnel, it is recommended that goods are left for the customer to collect from their doorstep. If it is not safe to check a proof of age, it will be even more important to apply rigorous online age verification at the point of sale.
Age Appropriate Design Code
What is the Age Appropriate Design Code
The Code applies if a site provides online products or services (including apps, programs, websites, games or community environments) that process personal data and are likely to be accessed by children in the UK. It is, therefore, not only for services aimed at children.
Websites should follow the code to help them process children’s data fairly. It will also enable the design of services that comply, and demonstrate compliance, with the GDPR and PECR. If websites do not follow this code, they are likely to find it more difficult to demonstrate compliance with the law, should the ICO take regulatory action against them.
Fines for breaking the code could be up to 4% of a company’s global turnover.
Does a website need to deploy Age Verification to comply with the AADC?
While the ICO lists a number of options to provide age-assurance, the responsibility lies with the website to adopt a suitably robust approach dependent on the level of potential harm the site may cause if children too young to use it are given access. In fact, this is already the law in the UK, under the Data Protection Act 2018, but the AADC will bring greater focus on this aspect of that law.
Can age verification providers confirm the age of children so I can comply with the AADC?
Checks at 13 are also being developed, primarily for Social Media – see FAQ’s below.
In time, more granular checks for younger children may become available, but for now, the safest policy to ensure compliance with UK law is to apply an adult age check to prevent access to any material harmful to children.
Why should social media platforms verify users are over 13?
Also, many platforms rely on the age given when a new profile is created to filter content, and comply with age-restrictions, such as those applied to advertising for certain products, for purchases or to see adult-only content.
Are age assurance techniques sufficient?
However, this cannot provide accuracy to a particular age, and certainly not validate a date of birth. Not only does this expose the platform to allowing children under 13 to sign up, but it also means they will miscalculate when those users later turn 16, 18 or 21, exposing them to restricted content at a younger age than is legal.
Can age verification providers check ages below 18?
It is already possible to check as each registered user turns 18, or creates an account claiming to be 18 or older, that they are being truthful. Using an AVPA member to conduct this check would allow platforms to identify a subset of their users who are verified as over 18 to the industry standard (PAS1296)
Age Verification – Online Dating
Is online dating age-restricted?
Some campaigners advocate full identity assurance for online dating, to mitigate perceived risks around fraud and sexual assault. However, it is likely that many consumers would object to such invasive demands for ID, and this could impact demand for online dating services.
Will users of dating apps be put off by having to prove their age?
Will age verification prevent dating fraud and other associated crime?
But a further benefit of applying AV to all ages may be that fraudulent users would think twice if they knew they had to, at some stage in the profile creation process, verify their age by disclosing their identity – albeit to an independent third party who would not share personal details except an age confirmation with the dating sites. This could therefore help tackle dating fraud, and indeed, be a further deterrent to those who seek victims for non-financial crimes.
What laws and regulations will affect online dating in future?
So it is arguable that only doing as much as the social media platforms do at present will not be sufficient. A more reliable form of age verification, albeit with a relatively low level of proof required (as compared to say, that which is required to buy a hunting knife online), is likely to be required were a regulator to become involved. BSI’s PAS 1296 standard allows for lower levels of proof but still to a recognised and effective standard.
Age Verification – Online Pornography
(under the UKDigital Economy Act 2017)
Why do we need age verification for online pornography
- Children and teens are stumbling across pornography from an early age, as young as seven.
- Majority of young people’s first time watching pornography was accidental, with over 60% of children 11-13 who had seen pornography saying their viewing of pornography is unintentional
- 83% of parents agreed that age-verification controls should be in place for online pornography
- Only 60% of households with children employ any form of parental controls, leaving 40% of children at risk of exposure to porn when at home, and even more through access to the internet from outside their home including over mobile phones.
- With 94% of 8-11 year olds regularly going online (OfCom), this is leaving a generation of children at high risk of mental harm from exposure to hardcore pornography.
Doesn’t this create a “hackers’ charter” by creating lists of an individual’s browsing history?
Can’t you use a Virtual Private Network to get around the law?
Won’t technology such as DNS over HTTPS make enforcement impossible?
Wasn’t there very low public awareness of the new rules?
Would there not be thousands of sites that did not comply?
There was a credibility issue after so many delays – so this would need to be addressed ahead of a new enforcement date. But all the major porn sites were gearing up to implement age verification, contracting with AV providers and developing new login mechanisms to ensure they complied.
Were privacy, security and accuracy concerns addressed comprehensively?
- There was also a new Certification Scheme run by the appointed regulator, the BBFC, to give added assurance about data security and privacy.
- AVPA members subscribe to the trade association’s code of conduct which offers further reassurance, and reduces the risk of fake AV services
- A new standard was developed by the BSI and Digital Policy Alliance to certify that suppliers are conducting effective age verification (PAS 1296)
What does being a Member of the AVPA offer?
Why should I check age verification is being provided by an AVPA member
What standards do AVPA members apply
In the UK, PAS 1296:2018 is the BSI standard already recommended by the Home Office to online suppliers of age restricted products, and all AVPA members apply this standard to their age checks.
In addition, AVPA Members must enforce the highest levels of data security to protect your privacy, applying rigorous, best practice standards such as BSI 27001 to their age verification systems.
What does the AVPA Code of Conduct Cover
– Fairness and Transparency
– Use of appropriate verification methods
– Security and Privacy
Read the full Code of Conduct here.