Current Region:

How does Age Verification differ from Identity Verification?

The essence of age verification is the ability to prove your age WITHOUT disclosing your identity

Age verification allows you to prove your age online without the requirement to share any personally identifiable information (your identity) when buying goods, using services or accessing functionality and content.

You don’t need to share your identity simply to prove your age online.

Or to put it a little more technically…

To allow for the application of age-restrictions (e.g. the sale of age-restricted goods, services or content) Age Verification (‘AV’) discloses only age-related personal data (‘age attributes’) to the service they are trying to access (‘relying party’).  It is not necessary for the relying party to know the full identity of their customer, they simply need to know the age, or age-range, of their customer.

Identity providers (‘IDPs’) can offer reusable ‘digital identity wallets’ and allow a consumer to share only age attributes and therefore offer age verification to prove their age.  It is also possible for an age verification provider (AVP) to issue age attributes without retaining any identity knowledge of the customer; personal data may be required but only for the initial age verification process.  Indeed, some methods of Age Assurance do not require any personally identifiable information even at the outset e.g. age estimation via facial analysis, where the customer doesn’t login and their image* is instantly deleted.

Age verification offers unique benefits in situations where it is not necessary or not desirable for the relying party to access personal data.  For example, when assessing whether a customer is a child without the relying party needing to process the personal data of children; also, when adults wish to access age-restricted websites without disclosing their personal data to those sites.

So, in summary, we distinguish Age Verification as being the minimal data set that is shared with relying parties in the process i.e. you do not need to know someone’s name to know they are old enough to be served beer.  And whilst age is undeniably an attribute of identity, the key requirement for many websites is to receive only the confirmation that a user meets their age requirement.

*  images are biometric data which are legally considered to be sensitive personal data; but full images are not reqired for estimatin age and need not be retained by AV providers once age assurance has been undertaken.