Age Verification: Data Privacy and User Protection

In recent years, there’s been a lot of speculation surrounding the issue of whether or not online users should prove their age, and many jurisdictions are considering doing so. The fundamental goal of this legislation is to protect children from any harm that may come from using the internet. Finding a method to confirm users’ ages is easier by disclosing private information about online activities.

Several American states have established legislation pertaining to guidelines for children’s use of social media. Multiple measures at the federal level, including in the United States and the United Kingdom, are now being considered to address the online age verification system. Some of these rules penalise websites that knowingly permit minor users without specifically mandating verification, while others mandate particular characteristics from age verification programmes.

Age Verification and Identity Authentication Laws

When assessing data processing procedures and user base responsibilities, businesses must consider the General Data Protection Regulation (GDPR) of the European Union and the Data Protection and Privacy for Children Act of the United Kingdom. 

Data Protection Impact Assessments (DPIAs) are mandatory under the General Data Protection Regulation for any initiative that poses a “high risk” to user data. You must assess if a business uses or develops new technology, monitors user locations or behaviour, or processes demographic data (such as information about race or ethnicity, political affiliation, religious beliefs, biometric data, or protected health information). It mandates that businesses provide safeguards to prevent common data processing abuses involving minors. Data that could result in serious physical harm to users in the event of a breach or leak is considered “high risk” under the GDPR.

The United Kingdom’s Information Commissioner’s Office has likewise implemented measures to protect children from sexually explicit content online. The Age-Appropriate Design Code is a set of 15 guidelines for ensuring the safety of consumers of digital products and services (such as software, hardware, media, and toys) aimed towards children. 

A recent law in California, the Age Appropriate Design Act for Children (Cal-AADC), may serve as a model for future federal legislation because it is based on the framework established in the United Kingdom. This legislation applies to any “business that provides an online product, feature, or service likely to be accessed by children.” It mandates that these companies put the “best interests of children” first when making any decisions that could affect those children. Tech companies must complete a thorough Data Protection Impact Assessment to determine if the products could “harm” children. In addition, businesses need to know how old young users are, adjust default privacy settings accordingly, and communicate and enforce privacy rules and other pertinent information in child-friendly language.

Strengthening Age Verification Controls

Tools verifying a user’s age will become crucial in making the internet safer for children. Online identity verification is one such instance; it uses artificial intelligence (AI) and biometric-based liveness recognition to match a selfie taken at the moment to a government-issued ID. Some of the most well-known social media platforms, including Instagram and Yubo, have recently included age verification options. While such technologies offer a convenient means of age verification online, they also carry the potential to compromise users’ personal information in other ways. Another problem these tools bring up is how to verify children without government-issued IDs, which are required.

As a result of websites lagging in efforts to verify users’ ages, some governments are beginning to do so on their own. California passed a law in September 2022 that sets strict guidelines for online organisations to follow to keep minors safe. The California Age-Appropriate Design Code Act (CAADCA) is a watershed moment for protecting the privacy and safety of children in the United States’ digital space, but it has been met with resistance from the tech industry. NetChoice, a trade association for the tech industry, has filed a lawsuit against the state of California to prevent the law from going into effect in 2024 on the grounds that it is an attempt to censor the tech industry by the government.

The proposed federal Kids Online Safety Act (KOSA) continues to be pushed by those who want to make the internet a safer place for children despite receiving strong support from senators but increasing pushback from representatives in the house. If legislation is passed, the covered platforms must include certain protections for children or parents, such as privacy controls and parental control features.

In the following months, parents and child safety groups are expected to put more pressure on the government to approve KOSA. While legislation is essential for encouraging corporations to take action, organisations should only sit on their hands once the measure is signed into law. More services will likely adopt Instagram’s age verification policies, but the security versus privacy discussion will likely continue anyway.

Recent Developments in Age Verification Challenges to Privacy

Critics argue that implementing tougher rules around age verification could be harmful and invasive for youngsters. Privacy activists for children have already spoken out against the CAADCA, complaining that the bill’s language is too nebulous and fails to convey significant ramifications for businesses. There is a risk that corporations and data brokers will use age identification technologies to harvest personal information from minors. People are worried that technology suppliers may track internet activity and whereabouts in real time.

Companies are responsible for safeguarding children and protecting privacy by obtaining parental permission before collecting or storing any information about minor children.

Ensuring Child Online Safety Requires a Two-Way Approach

Organisations and parents should share the burden of ensuring children’s online security and privacy. Most U.S. customers believe parents or guardians should also be responsible for keeping children away from age-restricted content, services, and products, but businesses should do their part by implementing age verification procedures that can establish a user’s genuine age.

Businesses and social media sites operating online should implement a system to confirm a user’s age and obtain parental or guardian permission for the user’s account. Organisations should also provide settings that allow verified parents or guardians to determine how much access a child can have to the website or application to safeguard them from inappropriate content, bullying, and other types of online damage. A parent can choose to filter out inappropriate content, such as inappropriate words or accounts. Data privacy best practices include minimising the information corporations acquire from minors, so parents and guardians should do more than just monitor their child’s social media use.

Safety and Accuracy Issues

When dealing with minors, there are additional privacy and accuracy problems in the realm of age verification. Regarding online data collection, one of the most pressing issues is the reliability of age checks. Protecting children while they are online requires the ability to verify age. Users’ self-reported ages are used in some age verification procedures, and this information is easily fabricated.

Data privacy and security may potentially be an issue, depending on the age verification method used. Gathering private data like date of birth, government-issued ID, phone number, and physical address is standard procedure for many age verification operations. When users provide personal information to an online service, that provider protects that data from misuse, hacking, and unauthorised access.

Methods for Age Verification

Careful planning and thought are needed to effectively adopt age verification technologies to assure compliance and to produce a smooth user experience. To ensure they comply with the law, internet businesses must use reliable age verification tools to check customers’ ages. These verification solutions must also be adaptable enough to be altered to fit the needs of various jurisdictions’ legal frameworks.

There have been discussions with significant tech firms about adding age assurance features to operating systems, which would respond affirmatively or negatively on the owner’s behalf to websites and online services that need proof of age. But this adds still another layer of difficulty. Verifying one’s age using a mobile device would give major internet firms access to more private data. It is also assumed that the person whose age is being verified has sole access to the device in question, which is only sometimes the case in shared houses.

Innovative technologies and techniques can be used in alternative age verification strategies to validate the ages of prospective clients. Many internet firms contract with established outside agencies to avoid the hassle and expense of building their own in-house age verification systems. These businesses have made it their mission to provide foolproof age verification services, and they have a wide range of flexible options available to them.

Many online businesses must deploy reliable age verification solutions to communicate with the intended audience—which may include minors—safely and in accordance with applicable rules and regulations.

How can Shufti Help

Shufti’s age verification service is a gateway to staying ahead in compliance while offering a seamless user experience. Integrating our robust solution gives you a competitive edge in upholding age restrictions and protecting businesses from costly non-compliance fines. We empower you to identify and restrict minors’ access to age-restricted content, creating a secure digital environment that builds trust with users. With a user-friendly, interactive interface and lightning-fast verification, we ensure that verifying age is a hassle-free experience. With our database of over 10,000 identification documents worldwide and complete Know Your Customer (KYC) compliance, you can reliably serve a wide range of users while staying in line with regulations.

Ready to enhance age verification processes and fortify compliance efforts? Contact us today to integrate Shufti’s age verification service and provide users with a safer, more seamless experience.