Identity and Biometrics: What’s Going on with Age Verification?
The year 2017 marked the first time ever that half of the world’s population got online. Today, internet connection and social media use clocks in at 5 billion and 4.7 billion users respectively – over half of the world’s population and growing. For many nations around the world, internet traffic for age-appropriate content is one factor they must consider regulating. So what exactly are countries doing to help create a safer online environment?
For one, they’re creating legislation on regulation. Government officials in the EU, for instance, introduced their regulatory framework that went into effect in 2018, called the “General Data Protection Regulation,” which aims to protect data through impact assessments. In the UK, the convention is similar but more specifically focused on minors and the internet.
The UK’s framework has served as guidance for a US version, which aims to regulate age-appropriate monitoring and internet access. But what else should the US and the companies that call it home be aware of? Leonard Navarro, VP of Business Development with Nametag, shares his insight on the age verification regulatory process.
Leonardo’s Thoughts:
“Hi, I’m Leonard Navarro, VP of Business Development at Nametag. One of the most pressing issues we’re seeing in the identity and biometric space is in regards specifically to age verification. Experts are coming together to offer guidance to government officials as they draft and implement new data protection and user verification laws to regulate the internet and create a safe environment for users of all.
As organizations evaluate their data processing practices and their responsibilities to their user base, they need to consider the European Union’s GDPR, and the United Kingdom’s Data and Privacy Protection legislation for minors. So let’s break it down. Under GDPR companies are required to conduct data protection, impact assessments, or DPIs for any project that may involve a high risk to user data.
This requirement calls for assessments when a company uses or develops new tech. Involves monitoring user locations and behavior, or when processing demographic data. In short, GDPR classifies any data that could cause physical harm to users in a breach or leak as data that would fall under its risk standards.
This includes age. The United Kingdom’s Information Commissioner’s Office has also implemented similar protections for children on the internet. Specifically named the Age Appropriate Design Code or the Children’s Code, which outlines 15 standards that online services, including apps, games, devices, toys, and news services must comply with for the safety of their users.
Now, here is what those of us in the industry are watching out for. The UK’s framework has served as the model for the United States potential regulations, including the recent Age Appropriate Design Act for children passed in the state of California or the Cal ADC, which may become the template for future national legislation.
While there are several approaches to age verification such as third party age verification services, many companies still simply trust account holders to enter and confirm real user ages and implement measures to prevent users from immediately changing their age to access services that they are denied access to.
This poses a large risk to companies, especially as the regulations expand. However, companies like Instagram have begun implementing either AI-based identity authentication firms or have fallen back on manually uploading government issued IDs for verification in order to stop the exponential growth of fake profiles and lower the risk of impersonation.
This is not an easy task. And companies that are thinking smartly are focusing on technologies that do not simply verify devices or blindly hope that people abide by the rules. That’s not going to be possible going ahead. Rather, agile and privacy focused organizations should look for a solution that balances convenience and compliance responsibilities.
Let’s keep the honest people in and continue to build businesses while keeping kids safe and bad actors out. Some of the best tools out there tie identity and biometrics back to a form of reference, such as a government ID or passport. Then those of age can prove they’re of age and able to access whichever platform they need, and companies will know they are in compliance.
Bad actors we face with a large hurdle and minors will need to either gain access through a parent or guardian or face limited or restricted access to such platforms. So that’s what we’re keeping an eye on, and as businesses develop, we hope to keep you up to speed on the state of identity. Thank you.”
