Current Region:
Global

Code of conduct

The Age Verification Providers Association’s Code of Conduct is a set of guiding principles our Members agree to follow when conducting business. Our goal is that these principles will drive high standards from the industry, assist in establishing best practice and create a collaborative approach to solving the problems of age verification.

All references to age verification in this Code shall mean any physical or remote checks on an individual to determine the age of an individual or the age-range they fall within.

We recognise that requirements for age restrictions differ markedly from country to country and from sector to sector. Whilst the Code aims for a global approach to age verification, certain local regulations may preclude full adherence to this Code.

Code of Conduct for Full Members

Key Goals of the Code

To promote effective age verification

To encourage age verification adoption in a manner compliant with regulations

To encourage sound business practice

To promote the highest levels of data protection and data control

Code of Conduct

Member organisations agree to the following five principles:

Fairness and transparency

How personal data is collected or verified and how it is used should be clearly explained to the consumer. Data should be used for age verification and not additional unspecified purposes without the consumer’s knowledge and consent.

Use of appropriate verification methods

Data sources and technical methods against which consumers are checked should be reasonable and suitable to meet the requirements of regulators and client organisations, while recognising the sensitivities around release and use of personal data.

Members should normally comply with applicable published international or local age verification standards where these have been endorsed by the AVPA e.g. PAS 1296:2018 for the UK.

Privacy and Security

Data privacy should be paramount.  Members should follow ‘privacy and security by design’ principles and make all reasonable endeavours to minimise the use and retention of personal data and to maintain the security of processed or stored personal data.

Members should normally comply with applicable published international or local information security standards where these have been endorsed by the AVPA e.g. ISO27001

Accuracy

Members should take all reasonable steps to ensure the accuracy of data and rectify inaccurate data to maintain the integrity of their age verification systems.

Independence

Full Members must maintain appropriate operational and financial independence from the suppliers of age-restricted goods, services and content to ensure that age verification is conducted by a neutral party with no incentive to provide results that do not meet regulatory requirements and applicable standards.

Responsibility

Members acknowledge that they have a collective responsibility to maintain a positive public image of the age verification sector.

Enforcement

The approach to enforcing this code is set out in the Rules of the Association

Code of Conduct for Associate Members (audit & certification)

Key Goals of the Code

To promote effective audit and certification of age verification

To encourage audit and certification of age verification adoption in a manner compliant with regulations

To encourage sound business practice

To promote the highest levels of data protection and data control

Code of Conduct

Member organisations agree to the following five principles:

Fairness and transparency

How personal data is collected or verified and how it is used should be clearly explained to the consumer. Data should be used for age verification and not additional unspecified purposes without the consumer’s knowledge and consent.

Use of appropriate audit and certification methods

Data sources and technical methods against which consumers are checked should be reasonable and suitable to meet the requirements of regulators and client organisations, while recognising the sensitivities around release and use of personal data.

Members should qualify for membership of the Mystery Shopping Professionals Association (see here for criteria) and abide be their code of conduct.

Privacy and Security

Data privacy should be paramount.  Members should follow ‘privacy and security by design’ principles and make all reasonable endeavours to minimise the use and retention of personal data and to maintain the security of processed or stored personal data.

Members should normally comply with applicable published international or local information security standards where these have been endorsed by the AVPA e.g. ISO27001

Accuracy

Members should take all reasonable steps to ensure the accuracy of test data and rectify inaccurate data to maintain the integrity of their audit and certification systems.  This should include a robust QA and internal audit programme, and the application of consistent standards between clients [in the same sector] in assessing pass or fail outcomes.

Independence

Full Members must maintain appropriate operational and financial independence from Age Verification suppliers to ensure that audit and certification of age verification is conducted by a neutral party with no incentive to provide results that do not meet regulatory requirements and applicable standards.

Responsibility

Members acknowledge that they have a collective responsibility to maintain a positive public image of the age verification sector and particularly the audit and certification services which underpin it.

Enforcement

The approach to enforcing this code is set out in the Rules of the Association