The Agency for Access to Public Information (AAIP) and five other data protection authorities jointly issued a statement to set out the key principles of privacy and data protection that shall govern age assurance methods in digital environments.
Age verification processes allow the user experience to be tailored to their age. Hence, these processes enable online services providers to comply with their legal obligations, such as protecting minors by restricting access to certain content, without hindering or blocking their access to the digital world.
Among the key principles outlined in the joint statement are the best interest of the child, proportionality in data collection, transparency and non-discrimination in data processing, and identifying potential risks posed by the implementation of a particular age assurance method.
In addition, the joint statement stipulates that when there is a high data protection risk to users, self-declaration becomes an inappropriate method, as it can be easily circumvented. Thus, self-declaration alone should only be used in situations where there is little to no data protection risk to minors.
Finally, the statement establishes that age assurance is not the only tool available to protect children online, but rather it should be accompanied by other solutions, such as parental filters, awareness campaigns, and applying data protection by design and by default principles.
