A new code of practice for effective age checks to protect children from viewing adult content online has been published by BSI, the UK standards body.
The guidance is for online service providers – such as dating, gambling and adult entertainment firms – to verify an individual’s age without being able to access their full identity. The guidance – PAS 1296: 2018 Online age checking – provision and use of online age checks services – code of practice – provides recommendations to prevent ineligible users from:
a) Buying age-restricted goods online
b) Accessing age-restricted content online (e.g. adult content)
c) Using age-restricted online services (e.g. dating agencies)
d) Accessing harmful content on platforms and apps.
Data privacy concerns – ahead of the general data protection regulation (GDPR) coming into force EU-wide – are covered with a section covering ‘data masking’, and how an online vendor can protect confidential information. This ensures that the processes recommended adhere to the GDPR “privacy by design” principle, through measures such as data minimization, transparency and consent and pseudonymization.
Scott Steedman, Director of Standards at BSI, said: “Parents, businesses and regulators agree that more must be done to protect those under 18 from accessing age-restricted content online. This guidance will help organizations to reduce the risk of children being exposed to material they shouldn’t be able to access, whilst still respecting the privacy rights of law-abiding adult consumers.”
Earl of Erroll, Chair of the Digital Policy Alliance, which facilitated development of the PAS, said: “We rapidly realized the requirement to replicate some of the protections that exist for children and adults in the real world. It is essential to know that you are dealing with someone of the right age and this PAS gives common sense guidance on how to do that. PAS 1296 was created to avoid children stumbling across inappropriate adult entertainment, and the DPA will continue to champion age checking to protect children from all age restricted goods and services in the online world.”
The PAS will assist businesses that are required to comply with the legal requirements involved in conducting age checks. Risks for non-compliance or for those with inadequate compliance systems include disciplinary sanctions, civil or criminal action against the business, and reputational damage.
The new guidance recognises the need for a tailored approach to online age verification checks, rather than a ‘one-size-fits-all’ process. This is due to the varying natures of these businesses, such as an online gambling website, which should have more stringent age-checking measures than a website selling 12-rated films. The age restricted guidance would also prevent a 40 year old from attempting to sign up to an under 16s club, for example.
Involved in the steering committee for PAS 1296 were: AgeChecked; Age Verification Providers Association; Aristotle International; Avoco; Better Regulation Delivery Office; British American Tobacco; BSI Consumer & Public Interest Network; Co-opted members; Digital Policy Alliance; ICM Registry; Nicoventures, BAT Group; Portland Broadcasting Ltd; Trust Elevate; Verime (Telecom2 Ltd); Yoti.
