The Online Safety Bill (OSB) has made substantial progress in its successful journey through the House of Commons and the House of Lords to become law. Having just received Royal Assent many organisations, from SMBs to the likes of Meta and Snapchat, will be required to verify users’ age by requesting either biometric data or government-issued IDs.
While the bill is designed to prevent minors from accessing ‘harmful’ content, it’s very vague on the details, leaving room for interpretation. For example, if the government considers content linked to eating disorders or suicide harmful, it would be hard to access someone sharing a success story of overcoming eating disorder effects or posts offering related health information.
This raises the likelihood of an overcautious approach to content censorship to ensure young individuals (or potentially all users if their age isn’t clearly identifiable) do not accidentally stumble upon such content. With website operators being regulated in this way, it will result in companies adhering to a blanket approach, which may inadvertently censor harmless and lawful content.
Striking a balance between data privacy and regulatory requirements
The OSB no doubt raises important questions about the importance of safeguarding the vulnerable online, across social media and in physical experiences. Implementing age verification mechanisms on and offline can help not only prevent children from being exposed to inappropriate or damaging information such as explicit or violent content but even prevent death – the most recent example is the improper use of the e-scooter by a 12-year-old who unlocked it using an app transferred from an adult’s phone.
However, at present, there are few privacy-centric age estimation or verification processes that are accurate for all users. In fact, comprehensive research by France’s National Commission on Informatics and Liberty (CNIL) analysed current age verification and assurance techniques and pointed out the absence of three vital elements – adequate and reliable verification, total population coverage, and upholding individuals’ data protection, privacy, and security.
Current systems either collect and send biometric information, leading to substantial privacy concerns, or require types of documentation which can penalise certain socio-economic groups. Meanwhile systems developed for offline environments such as retail can still require an internet connection to work.
If you liked this content…
Government proof of age scheme to include new digital ID apps
How facial age estimation is creating age-appropriate experiences
Millions in the UK using false IDs
Sterling partners with Yoti to launch portable digital identity solution internationally
Bridging the Gaps: A Holistic Approach to Government AI Strategy
These challenges led to us working with Fujitsu to develop a robust Digital Proof of Age solution that helps tackle two main requirements – strong data protection where personal data does not leave the user’s device – and functionality without an internet connection for physical environments.
How the Digital Proof of Age SDK works
The SDK can be embedded within a client’s own app rather than the customer being sent away to a third-party site or service giving them full control to design the end-to-end Customer Experience. This means customers canl self-serve in-store for age-restricted purchases without manual checks from a member of staff. We’ve built encryption and verification methods that are far more complex than other available solutions to maintain security. It also makes deploying in areas with closed networks and no mobile connectivity more accessible.
Internet connection is only required on sign-up to register the reference time and recognise the age from the document provided. This means that the user cannot deceive the system by setting a future date on the device. After registration, customers are not required to be online to enable face recognition since personal details and identification certificates are not used outside the device.
The tool has the functionality to read UK and Irish passports, EU biometric ID cards, UK driving licences and biometric residence permits (BRP), meaning that there are a range of options for customers of different nationalities and ages. This ensures that socio-economic groups are not penalised for lacking certain types of documentation, creating frictionless customer experience whilst maintaining data privacy.
Above and beyond the Online Safety Bill
The OSB will certainly go a long way to refocusing the UK’s digital sphere on user safety and content governance. As it approaches the Royal Assent, businesses should ensure that they have appropriate risk assessments in place, create content moderation policies, and establish age verification and certification mechanisms. But in order to stay on the right side of consumer demands for data privacy and ease of use, businesses must go some way beyond the terms of the OSB.
