Key symposium of privacy experts call for Ministers to legislate for age check mechanisms to be included at point of payment.
November 26th, 2015- Although a number of the major adult content providers in the world have publicly committed to deploying age checking solutions on their platforms to prevent children accessing pornography, the adult sector does not want to commit to conducting full identity checks on each customer. Instead, it wants a simple age checking mechanism to be instituted, which will determine whether a person is over or under 18, to which they will receive a yes/no response.
It is now technically possible to conduct this type of age-related eligibility check and work has commenced on drafting a British Standards Institution,(BSI) Publicly Available Specification (PAS) 1296 Online Age Checking code of practice that will give recommendations for the implementation of these checks. A public consultation on the code of practice is expected to take place between Apr–May 2016 and the code completed by October 2016. The clear aim of this work is to protect the merchant from unwittingly selling or providing services to those who are not of a specified age, as well as protecting minors by preventing them from inadvertently entering websites containing adult content.
A recent symposium entitled ‘Online Age Checking: The Time Has Come’, saw key players from the privacy, identity, legal, payments, child-protection and technical standards sectors come together with representatives from government, online businesses and NGOs to discuss the PAS 1296 Online Age Checking code of practice and how to deliver frictionless, privacy preserving, online age-checking at the point of transaction.
The obvious resounding answer was the payments sector, because technology and policy innovation in the payments space provides scope for the inclusion of age-checks during the payment process. During a payment process, a series of checks are conducted, such as ensuring that there are sufficient funds in a bank account to cover the payment- the technology already exists here at this point to conduct a simultaneous age-check as a customer is purchasing age-restricted goods or services.
The inclusion of this simple age check as part of the payment process would deftly address the business and legal requirements of a significant number of business sectors. However, as the symposium heard, this will not occur in the absence of ministerial support. Without ministerial pressure or legislation, regulators, banks and others would not be incentivised to explore this opportunity as the type of innovation that the UK payments industry should be progressing.
Because we all want buying online to be simple and safe it is hopefully obvious to both banks and the new Payments Systems Regulator that enabling people [buying age restricted products or services online] to confirm they are old enough whilst paying is the type of strategic payment innovation that needs to be on the new regulators payment innovation shopping list. Peter Seymour, Independent payments expert
One of five key recommendations that arose from the Online Age Checking event is that Ministers Should Explore With Payments Experts And Regulators The Scope To Include Age Attributes In Payment Protocols
‘[I]f you want the payment service providers and the banks to provide online age checking solutions, I think there needs to a regulatory approach that says to banks”Actually we need you to do this, we need you to participate in this way” because otherwise the market will continue to be fragmented.‘ Sarah Munro, Barclays
Other recommendations arising from the event is that Ministers And The UK Council for Child Internet Safety (UKCCIS) Executive Board Should Support A Testing Exercise Designed To Establish The Effectiveness Of The Proposed Online Age Checking Mechanisms In Terms of Meeting Business Requirements.
The testing phase must be fully transparent and should assess the degree to which Age Checking Mechanisms Adhere To The 8 Core Privacy Principles Devised By The Privacy Consumer Advisory Group (PCAG), which is composed of prominent privacy advocates.
|Age Checking Principles||Summary of control afforded to an individual|
|1. User Control||Age checking can only take place if I consent or approve|
|2. Transparency||Age checking can only take place in ways I understand and when I am fully informed|
|3. Multiplicity||I can use and choose as many different attribute providers as I want to|
|4. Data minimisation||My request or transaction only uses the minimum data that is necessary to meet my needs|
|5. Data Quality||I choose when to update my records|
|6. Service-User Access and Portability||I have to be provided with copies of all of my data on request. I can move /remove my data whenever I want|
|7. Governance and certification||I can have confidence in any attribute ecosystem because all participants have to be accredited|
|8. Problem resolution||If there is a problem I know there is an independent arbiter who can find a solution|
A further recommendation is that Ministers And The UK Council for Child Internet Safety (UKCCIS) Executive Board Should Encourage Greater Levels Of Industry Participation. Child focused online businesses and social networking platforms that target the 13+ age group should be encouraged to participate in a separate testing phase. For this to happen an age-check would be conducted which asks of an authoritative data source ‘is this child under 10’ or 13 years or over, which would elicit a yes/no response. Knowledge of the age band to which a child belongs would require online businesses to respect not only a child’s existing digital rights including privacy but also limit exposure to age-inappropriate commercial products and harmful content. It would also enable businesses to respect more recent legal protections e.g. the right to be forgotten and necessitate the adoption by the commercial sector of a more ethical approach towards children and young people who are growing up online. Moreover, as an additional safety measure, an age-check will strengthen the measures companies such as Disney and Lego, and parents already operate to help protect their target age group (5-15 year olds) from online sexual grooming and exposure to age-inappropriate content.
The Children’s Charities’ Coalition on Internet Safety has campaigned for many years for online businesses to conduct age checks to ensure children are afforded the same protections online as businesses are legally required to put in place offline. The Online Age Checking code of practice will provide a vital framework and set of guidelines for both socially responsible businesses and those that are legally required to conduct age checks online. John Carr, online child safety consultant
A related recommendation is that A Programme Of Research Should Be Conducted To Explore How Well Online Age Checking And Related Programmes Of Education Improve Child Safety Online and what if any, are the unintended consequences.
For more information, please contact firstname.lastname@example.org
About the author:
Dr Rachel O’Connell, founder & CEO, TrustElevate.com is one of the preeminent authorities on electronic identification and age verification. Rachel’s PhD focused on online criminal activity and the implications for investigative strategies. She is the former chief safety officer of BEBO, one of the first mainstream social media platforms and speaks frequently at technology events on all issues related to online identity be it age verification or how large technology companies should engage more on child protection issues online.