As regulators and companies consider new laws to protect children and give them age-appropriate experiences online, they are faced with the challenge of how to determine someone’s age.
We explored this topic at our latest regulatory roundtable; a lively and healthy discussion, chaired by our Guardian Gavin Starks. We discussed different age assurance methods, and the progress and widespread adoption of facial age estimation. We shared key updates on our technology, how facial age estimation can be configured to work with safety buffers, and demonstrated some live use cases. The roundtable also looked at why there needs to be international regulatory consistency to help companies comply with an increasing number of regulations.
Age assurance approaches
Julie Dawson, our Chief Regulatory and Policy Officer, kicked off the event with an overview of our age assurance methods. Discussions delved into how age checking methods differ in terms of friction; however all are data minimised. We described what should be the appropriate minimum levels required for facial age estimation to achieve a high level of assurance – transparency of origin of data sets, liveness detection, independent assessment, image deleted, anti-injection attack detection, option for safety buffers – and also for document based age verification methods – that for a high level of assurance there should be a requirement for document authenticity checks, face matching, liveness detection, injection detection.
Regulators will play an important role in helping platforms identify the most appropriate age assurance methods for each context. It will be down to the regulators to decide which platforms and services require a higher level of assurance. Regulators and companies will need to consider if they need to know the exact age of someone or would knowing which age band someone falls in be sufficient.
In practical terms, this could mean that higher risk or regulated sectors, such as those selling age-restricted items, need to verify age to a high level of assurance. Whilst a medium level with no buffer a might be deemed sufficient for accessing social media platforms.
Key learnings from the roundtable
- Age assurance methods will vary by country and user expectations of friction
- Facial age estimation is a universal method and is growing in popularity
- Any training data needs to be collected in accordance with GDPR – not scraped from the internet
- It is not wise to require facial age estimation methods to be too near to perfect.
- Self-declaration is no longer considered as a stand alone age assurance approach, as it is too open to abuse, however it may be used alongside other indicators for low levels of assurance in low risk scenarios
- There needs to be clear standards and benchmarks to ensure compliance across jurisdictions, streamline regulatory processes and foster transparency in the industry.
Our Fifth Regulatory Roundtable provided a platform for meaningful discussion on age assurance, compliance standards, and the future of regulatory frameworks in the digital age. By having an open dialogue between industry stakeholders and regulators, and inviting scrutiny, at events like these, we hope this can play a useful role in shaping responsible practices and building consumer and relying party trust in new technologies.