Methods of age assurance for Children’s code

Organizations have a fundamental choice when managing the risks posed to children by their ISS. They may choose to:

* Use age assurance to identify children to a level of certainty proportionate to the risks of their using the ISS, and to ensure that the standards of the code are applied to all child users. For example, by providing a differentiated ISS, or not allowing children to access the ISS; or
* Apply the standards of the code to all users of the ISS if they are unable (or do not wish) to use age assurance.

There are four main approaches to age assurance as described below. Each approach has strengths and drawbacks and can be used to manage different levels or types of risk. In some circumstances, a combination of different age assurance approaches may be effective. This depends on the nature of the risks being addressed and the potential harms to children linked to those risks

The Commissioner emphasizes that the risks and harms faced by children online are real, and that age assurance can be an important part of an appropriate and proportionate response. When deciding how to implement age assurance, organizations should consider whether less privacy-intrusive approaches can achieve the same objective.

1. Age verification
Age verification refers to determining a person’s age with a high level of accuracy by checking against trusted records of data. Approaches to age verification include:
*Hard identifiers: confirming age using solutions that link back to identity documents or officially held data, such as a passport or credit card. This can be done by the user, or another party, for example a parent, guardian, or teacher; and
*third party services: age verification may be outsourced to a third party using any or all of the techniques listed.

Age verification offers a high level of certainty but must be used in proportion to the identified risks to children. There is a risk of indirectly discriminating against individuals who lack the necessary documentation or data, such as credit history. Organizations that do not intend to use age assurance must take alternative measures proportionate to the risk to children, such as applying the code to the whole of their ISS and all of their users.

2.Age estimation
Age estimation refers to the estimation of a person’s age, usually by algorithmic means. It is a catch-all term for a suite of AI-based or AI-assisted technologies that can estimate an individual’s age within a margin of error. It may involve biometric data or profiling or both.

Age estimation:
*can provide more granular determination of age, allowing differentiation of service where this is helpful to users (eg enhancing the age appropriate user experience);
* does not require documentary evidence or checks of official databases and so may be designed in a more privacy-friendly way than age verification;
and
* can be used to verify if users have been wrongly classified as children or adults, and their identity corrected, if employed in ongoing monitoring.

Age estimation techniques can accurately determine whether an individual’s age is within a specified range. The range may be comparatively wide. For this reason, age estimation alone may not provide sufficient certainty for ISS activities which are high risk to children.
Age estimation based on profiling is likely to be privacy intrusive but can offer means to automatically identify under-age users. Age estimation based on biometrics, such as facial or hand geometry, has the potential to be more privacy friendly if data minimization and purpose limitation are applied rigorously.
The market for age estimation has the potential to develop rapidly, and the Commissioner will keep these issues under review. The Commissioner expects these technologies to be developed in line with the principles of data protection by design and by default. They should therefore come to fruition in a data protection-compliant way. The Commissioner will continue to engage with organizations to address age estimation, UK GDPR and code compliance. This builds on the work done in our Sandbox and approval of certification schemes.

2.3.3 Account confirmation
Account confirmation enables an existing account holder to confirm that a user is over or under 18, or the age of the user. The ISS can then provide the user with an age-appropriate version.

For example, in a family account, the main account holder can confirm the age of the people using the other account profiles. The service can then be applied in an age-appropriate way to each user.
Account confirmation is useful for lower risk services, or if done in addition to other age assurance methods. It has limitations that mean it is unlikely to be sufficient when used as the only age assurance measure in high-risk ISS
activities.

This is because it:
*requires active engagement, willingness and a level of IT knowledge from the parent or guardian;
*relies on notifications to parents when action is required, which may lead to fatigue;
* depends on the parents having the capability and capacity to manage their child’s ISS experience (and thus carries some risk of discrimination if relied upon solely);
* may require the parent’s age or identity to be confirmed if they are used to manage access by children to higher risk services;
*can be bypassed by knowledgeable children or by parents willing to put in an inaccurate age to allow a child to use an inappropriate service, putting the ISS at risk of breaching the code; and
* may cause conflict between parents or guardians if there is disagreement between them.

Account confirmation may involve processing the data of both the original
account holder (usually a parent) and the confirmed account holder (usually a child).