The ICO's Age Appropriate Design Code (commonly known as the Children's Code) came fully into force on 2 September 2021. See the August 2021 issue of DWF Data Protection Insights for our report. One aspect of the Code is the use of age assurance to verify or estimate the user of an online service to protect children from accessing inappropriate content. The ICO has recently published an opinion and a call for evidence on age assurance.
Information Commissioner’s opinion: Age Assurance for the Children’s Code
The ICO has published an opinion on age assurance for the Children’s Code. The ICO states that the opinion is for:
- providers of information society services (ISS) in scope of the Code; and
- providers of age assurance products, services and applications that those ISS may use to conform with the Code.
The Code's stated purpose is to:
- set out how the ICO expects ISS to meet the Code's age-appropriate application standard; and
- outline a risk-based approach for organisations to apply age assurance measures that are appropriate for their use of children's data and organisational context.
The opinion states that age assurance refers to approaches used to:
- provide assurance that children are unable to access adult, harmful or otherwise inappropriate content when using ISS; and
- estimate or establish the age of a user so that the ISS can be tailored to their needs and provide protections according to their age.
The opinion covers a number of aspects of the Children's Code, including:
- different methods of age assurance, including verification, estimation, account confirmation and self-declaration; and
- the ICO's expectations when applying the Children's Code and the data protection principles.
It also provides a flowchart to help organisations identify what they need to do to comply with the Code, examples of current usage and a table setting out the potential economic impacts of age assurance.
The ICO states that it will continue to work with stakeholders, including Ofcom, the Children's Commissioner, government, industry and civil society, and it will revisit the opinion in line with its planned review of the Children's Code in 2022.
ICO call for evidence on the use of age assurance
As part of its campaign to protect children's online privacy, the ICO has published a call for evidence on the use of age assurance in the context of the Children's Code. The ICO is seeking evidence related to:
- The effectiveness of age estimation approaches – which are the most appropriate and accurate measures?
- Emerging approaches to age assurance
- Economic considerations – what are the economic impacts for organisations developing/implementing age assurance approaches?
- Data protection risks – what are the risks associated with the development and application of age assurance approaches, e.g. bias, access and inclusion? How can these risks be minimised?
- What additional ICO support would be beneficial?
The ICO's call for evidence is open until 9 December.
As we've reported a number of times recently, the ICO is currently focusing on protecting children's privacy online. It's important to remember that the Children's Code applies to Information Society Services (ISS) likely to be accessed by children, not just services aimed at children. If you provide online services which are likely to be accessed by children, you must comply with the Children's Code, which can be complex, as you need to consider the requirements of different age groups. Our specialist data protection lawyers can support your business to comply with the law and the Code, so please contact us for bespoke advice.