The Data Protection Act 2018 sets out UK GDPR which already requires the application of privacy-by-design and data-minimisation principles. It is enforced by the Information Commissioner’s Office.
The penalty for breaking this law is up to £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher.
In higher risk fields, the ICO is even more proactive and has approved Certification Schemes which audit providers. One approved scheme specifically covers providers of Age Assurance technology.
ACCS tests that age assurance products work. Age assurance products allow organisations to estimate or verify a person’s age so they can purchase/ access age restricted products or services. The ACCS scheme includes data protection criteria (ACCS 2:2021) for those organisations operating or using those age assurance products.