In a positive sign that the UK Safety Tech sector will continue to work well with its friends and partners in the European Union, a number of OSTIA members are part of a successful consortium appointed by the Commission to develop the infrastructure required to facilitate online age verification and parental consent across the continent.
Associate Member, the Age Verification Providers Association (which itself includes another OSTIA Member, Yoti, in its ranks) and the Age Check Certification Scheme (ACCS) put forward a proposal to design a solution based on the views of children from across Europe, and guided by leading child rights experts, Professor Sonia Livingstone of LSE and Professor Simone van der Hof of the University of Leiden. Backed by a legal team at Aston University, coordinated by Abhilash Nair, the AVPA will draw on the expertise of its members, but also rely on input from these leading academic figures in the field. Additionally, the outcome of primary research with children from multiple Member States developed by Revealing Reality will help define the business requirements and functionality of the new system.
This is a challenging project. GDPR, the revised Audio Visual Media Services Directive, as well as forthcoming European and domestic laws, all have differing requirements of a system which, in essence, will allow internet-based services of all shapes and sizes, to know the age – but not the identity – of the user at the other end of the keyboard. For example, GDPR sets an age below which children require their parents’ consent to give consent to their personal data being processed – but that age varies across Member States from 13 – 18. Meanwhile, the UK is likely to introduce strict age verification requirements for pornographic sites through amendments the government has invited to the Online Safety Bill, while other states are also developing their regulations for ensuring that video sharing platforms such as YouTube only show age-appropriate content. And what if two parents, based in two countries, disagree about whether to give their child consent to access a new game which processes personal data? How should the new system decide between them?
The European Parliament instigated this pilot programme, perhaps conscious that the laws and regulations being passed were getting a little ahead of the technology being widely available across the Union to implement age-restrictions on goods, services and content efficiently.
The euCONSENT technical solution is being developed across Europe, led by Upcom in Greece, along with companies in Belgium, Germany, Cyprus and Romania. They hope to have a prototype ready by the end of the year, with a largescale pilot early in 2022. It will be an open system, with providers of age verification and parental consent checks able to join the network once they are certified, by ACCS and others accredited to do so, as meeting the standards set by the project. In parallel, the BSI is developing a new international ISO standard for age verification with the support of DCMS and key UK regulators, creating an opportunity to extend this approach to online child protection globally.
Making what is illegal in the real world also illegal online has been a goal of governments for decades. euCONSENT facilitates the implementation of policies for the digital world which offer additional protections for children, just as we do in physical situations. The UK’s thought leadership in this field of SafetyTech is at the very heart of the project, opening up a wide range of export opportunities for tech developed here, while everyone benefits from the diverse contributions of a multinational team to solving what has proven to be one of the major challenges of living in a digital world.