There are strict laws regarding how to collect and handle children’s data on the internet. That’s because children have needs and vulnerabilities that are specific to their age and development stage. But these laws are not being enforced. The report: Online games gamble with children’s data document that the vast proportion of children for the greatest amount of the time they spend online are treated as if they were adults. So, the fundamental question about the tech industry is: How do they know it’s a child?
‘How do they know it’s a child’ is also the title of a fairly new report from the UK based organization 5Rights. It contributes to the ongoing debate on age verification, estimation and assurance – and it is really well worth a read.
According to the report the debate around age verification, estimation and assurance has for years primarily been seen as a way of restricting children in the digital world, but: “characterising age assurance as a way of preventing children entering ‘adult’ spaces fails to recognise the full gamut of possibilities that age assurance offers”.
When asking: What is it then, that it offers, the report gives a clear answer:
“At its best, age assurance offers children the prospect of being invited into a digital world that offers them greater privacy, freedom from commercial pressures, content and information in formats and language that they like, protection from misinformation or material that promotes harmful activities (such as suicide, self-harm or disordered eating), as well as supporting digital services in their legal duty not to provide children with age restricted contact and content. Rather than being the route to keeping children out of the digital world, age assurance can drive the development of new products and services to create a richer and more diverse digital ecosystem in which children (one in three internet users) are a recognised user group”.
New Report Debunks Ideological Myths
The tech industry has sometimes claimed that it is difficult, impossible, intrusive to identify children by age. And this claim has, according the report, undermined the faith of policy makers and civil society in the validity and possibility of recognising children in the digital environment. But it’s not true since “Understanding users (profiling) and tailoring user journeys (personalisation) are the bread and butter of the tech sector“… They already collect vast amounts of data om every indvidual. But as a result of their arguments: “the concept of age assurance carries the weight of firmly held ideological preconceptions, technical doubts and lack of public trust in both digital service providers and the state.” But as a matter of fact age assurance can be developed in ways that are privacy preserving. And it should be!
And more so. Age assurance must be:
- Privacy preserving
- Should be proportionate to risk and purpose
- Should be easy for the child to use
- Age assurance must enhance children’s experiences, not merely restrict them
- Age assurance providers must offer a high level of security
- Age assurance providers must offer routes to challenge and redress
- Age assurance must be accessible and inclusive
- Age assurance must be transparent and accountable
- Age assurance should anticipate that children don’t always tell the truth
- Age assurance must adhere to agreed standards
- Age assurance must be rights-respecting
The overall message is that age assurance is simply a way for providers of digital products and services to know the age of their users. Age assurance alone will not deliver an age appropriate service but is a first step to ensuring that products and services provide children with the safety, security, privacy and freedoms to which they are entitled.
There are many different approaches to ascertaining the age or age range of users. Collectively these should be referred to as age assurance but are often collectively referred to as age verification. They vary widely in ambition. Some seek to verify an exact act, age verification (AV); others to estimate an age or age range, age estimation (AE); and some are designed to identify a specific person, identification (ID). These differing ambitions are set out in the ten approaches below. There is no absolute line between all of the approaches, but they have been categorised to allow an analysis of their strengths and weaknesses in figure 2 below: Ten approaches to age assurance (from page 25 in the report)