FB pixel

Yoti says no biometric data in age estimation tech, takes issue with UK ICO opinion

Yoti says no biometric data in age estimation tech, takes issue with UK ICO opinion
 

Some of the opinions about age estimation expressed by a UK regulator do not apply to Yoti’s facial age estimation solution, according to a response from the company in a blog post.

At issue is compliance with the UK GDPR regulation, which classifies biometric data as “special category data,” and sets stringent controls on its use, especially when collected from children.

Yoti says its technology “does not create or use biometric facial geometry,” referring readers to a white paper the company produced on how age estimation can be performed in a way that preserves the subject’s anonymity. The algorithm does not identify the user in initial or subsequent submissions, or recognize when an image is submitted from a person who has been through the process before, according to the post.

This means that Yoti’s age estimation does not involve special category data, in the company’s opinion, and that of external lawyers the company sought opinions from.

An explainer video produced by South Africa’s Be in Touch details the process Yoti’s technology uses, and the difference between facial analysis and facial recognition. The same difference also applies to 1:1 matches, as in biometric facial authentication.

Yoti also published a blog post earlier this month arguing that its sophisticated age estimation methods provide a better, anonymity-protecting method than the ID document and selfie biometric checks often used for online verifications.

ICO opinion paper

The UK Information Commissioner’s Office (ICO) published an opinion paper on ‘Age Assurance for the Children’s Code,’ which states that age estimation “may” be based on biometric data. The ICO later clarifies that age estimation may use biometric data to uniquely identify an individual, in which case it counts as special category data. The Children’s Code, also known as the Age Appropriate Design Code, provides a statutory code of practice for providers of online services likely to be accessed by children.

The ICO also states that the privacy protections of biometrics-based age estimation could be improved with rigorous data minimization and purpose limitation techniques.

Biometrics could still be allowed for age estimation under the “substantial public interest” clause in Article 9 of the UK GDPR, so long as conditions for the “safeguarding of children” in Section 10 are met.

Yoti “cautiously welcomes the Opinion,” but complains that it “does not clearly explain when age estimation uses biometrics” or when it does not. According to the biometrics and age estimation provider, the ICO missed an opportunity to make clear that data processed is only special category data if it is collected for the purpose of identifying someone.

The company particularly objects to a statement in the ICO paper’s Annex 2, which generalizes about the accuracy of all age estimation technologies, saying “There is little evidence for the effectiveness and accuracy of these emerging approaches.”

The ICO’s guidance concludes that age estimation technology is an important tool for mitigating online risks, and has launched a call for evidence as it works with OFCOM and other government bodies to work towards a coherent set of regulations and best practices for protecting children online.

Article Topics

 |   |   |   |   |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Could be 25 years before TSA gets facial recognition in all US airports

The Transportation Security Administration (TSA) foresees significant delays in implementing facial recognition across U.S. airports if revenue continues to be…

 

Single solution for regulating AI unlikely as laws require flexibility and context

There is no more timely topic than the state of AI regulation around the globe, which is exactly what a…

 

Indonesia’s President launches platform to drive digital ID and service integration

In a bid to accelerate digital transformation in Indonesia, President Joko Widodo launched the Indonesian government’s new technology platform, INA…

 

MFA and passwordless authentication effective against growing identity threats

A new identity security trends report from the Identity Defined Security Alliance (IDSA) highlights the challenges companies continue to face…

 

Zighra behavioral biometrics contracted for Canadian government cybersecurity testing

Zighra has won a contract with Shared Services Canada (SSC) to protect digital identities with threat detection and Zero Trust…

 

Klick Labs develops deepfake detection method focusing on vocal biomarkers

The rise in deepfake audio technology has significant threats in various domains, such as personal privacy, political manipulation, and national…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events