Right now, in the world of age verification, there are a lot of moving parts. In an ideal world, they would all fit a neat blueprint for the final precision-engineered machine. It may be that the UK government’s full response to the Online Harms consultation, due any day now, will give some insight into its vision. But even then, the internet is global, so even that is not going to reduce the challenge for those who work to provide the technology to deliver policy goals of many governments in this field.
There is a strong case to be made for aligning the approach to online age verification around the world. Consumers shop and surf the web internationally. The technology will be cheaper if it does not have to be re-written to the standards set by each country – more expensive still if different products and services apply unique requirements imposed to their own regulators.
One way to reduce divergence is through standards. In the UK, the reputable age verification providers all operate to a BSI standard – PAS1296:2018. This document was produced between the BSI and the Digital Policy Alliance and is widely accepted as the leading standard for effective age verification in the world.
One drawback for a standard of this sort (a “PAS”) is that it is not susceptible to formal audit and certification, so now it has been firmly established, age verification providers are supportive of it being upgraded to a British or International Standard. However, such standards require considerable investment – more in time than money – so providers are looking for reassurance that any new BSI or ISO standard will be at the heart of the plethora of future legislation and regulation in this field before they commit to support its development.
A new standard would doubtlessly benefit consumers, regulators, and website operators. Without costly bespoke solutions for each product and country, the technical costs fall for age verification providers, so the price to operators, borne in turn by consumers, is lower. It also makes interoperability between age verification providers more straightforward, reducing the chance a consumer has to prove their age repeatedly on different sites. Regulators need not become experts in a complex and fast-moving technical area to design and maintain their own rules – this is handled by the standards body with ongoing input from experts in the industry. It also offers them choices as to the level of assurance they wish to apply to different goods and services, commensurate with the risk of harm to children and young people.
In the UK, PAS1296:2018 can already be the basis of much of the impending new regulation. Ofcom should consider it as the basis of implementing the Audio-Visual Media Services Directive. The ICO should apply it to the Age Appropriate Design Code. Online Harms legislation should empower the new regulator to endorse such standards and provide reassurance to companies that follow them that they will not suffer costly enforcement action.
A new standard could be even more ambitious in scope, recognising the convergence of age verification across traditional over-the-counter retail, self-service check-outs, and online purchases. It should be applicable in circumstances where all a user wishes to do is prove their age, not disclose their full identity. For example, many websites do not want the burden of complying with the regulations which apply to them processing children’s data but would need to do so if they use full identity information to check only the age of their users. And many adults are less than keen to share their data so generously with spammers, marketeers, and potentially fraudsters when they are simply trying to prove their age.
So, as all those involved in this area read new proposals from governments and regulators across continents and respond to the relentless flurry of consultations, globally accepted standards that deliver independent, rigorous, accurate, reliable age verification with a level of confidence that matches the risk of harm in each case, offer an effective route to alignment.
The Free Speech Coalition expressed concern in this tweet by Mike Stabile, that an article in Politico implied we oppose the use of Virtual Private Networks and shared the view of un-named “Labour MPs” (actually just Sarah Champion MP) who wish to restrict VPN use in...