For immediate release
The Age Verification Providers Association welcomes ICO telling social media that days of tick-box compliance with data protection for children are over.
Commenting on the publication today of the “Information Commissioner’s opinion: Age Assurance for the Children’s Code”, Alastair Graham, Co-Chair of the Age Verification Providers Association said:
“The ICO today made clear that it’s no longer good enough to rely on users ticking a box or typing in a date of birth before processing their data and exposing them to content which is potentially harmful for children. Robust age assurance mechanisms are now required to protect children online, following the end of a 12-month grace period since the Age-Appropriate Design Code became law.
The UK leads the world in the provision of independent, standards-based online age checks, with a wide choice of methods available to children, ranging from estimation by artificial intelligence up to the most rigorous processes which validate identity documents to standards that consistently do better than the human eye.
We also welcome clarity that processing personal data for the purposes of protecting children online may done on the bases of both the public interest and safeguarding.
We are particularly pleased the ICO has confirmed what the standards we’ve developed in the AV industry, such as BSI PAS 1296, ensure – that age estimation techniques can accurately determine whether an individual’s age is within a specified range”
Notes for Editors
The new legal opinion was issued formally by the outgoing Information Commissioner, Elizabeth Denham CBE.
Article 58(3)(b) of the UK General Data Protection Regulation (UK GDPR) and section 115(3)(b) of the Data Protection Act 2018 (DPA 2018) allow the Information Commissioner to issue Opinions to Parliament, government, other institutions or bodies as well as the public, on any issue related to the protection of personal data.
Read the opinion here: https://ico.org.uk/media/about-the-ico/documents/4018659/age-assurance-opinion-202110.pdf
The Opinion allays fears that the use of sensitive personal data for the purpose of protecting children online could fall foul of UK GDPR laws.
4.2.1 Biometric data Age assurance may, depending on the type of technology used, involve the processing of biometric data in order to uniquely identify the individual accessing the platform or service. In that case this will be special category data under Article 9. In these cases, organisations firstly need to identify a lawful basis under Article 6, and then a processing condition under Article 9. If the use of biometrics is proportionate for age assurance, given the level of risk to children, then it is likely that the following will apply:
- Article 9(2)(g), substantial public interest; and
- Section 10(3) of the DPA 2018 will be met through the “safeguarding of children and of individuals at risk” condition in Schedule 1, Para 18 of the DPA 2018
BSI PAS 1296 is the only global standard for online age checking.
About The Age Verification Providers Association
The Age Verification Providers Association represents all the main technology suppliers who have invested in the development of age verification and estimation solutions to support the implementation of age restrictions online.
About the AVPA
As an association, we work to:
- Inform and educate the public, industry, and media, on age verification solutions and technology.
- Promote a positive image of effective age verification and the age verification industry.
- Represent the industry to regulators and law makers for the advancement of best practice, socially responsible age verification policy.
The AVPA was formed in 2018 from organisations involved in the UK’s Digital Policy Alliance age verification working group and created and in response to a need for a uniform voice for of the industry.
The AVPA is governed by a representative Board drawn from its member organisations.