FB pixel

Parental consent in focus at day 3 of Global Age Assurance Standards Summit

Parental consent in focus at day 3 of Global Age Assurance Standards Summit
 

Day three of the Global Age Assurance Standards Summit hosted speakers presenting on how to use decentralized digital identity for parental consent, how the biometrics industry is responding to regulatory demands, the open identity exchange approach, and other key topics for the age assurance and age verification industry.

AgeAware app to be the centerpiece of euCONSENT 2.0

In a presentation on euCONSENT, Iain Corby, executive director of the Age Verification Providers’ Association, revealed the direction for the program’s second phase and introduced the AgeAware App. Financed for its pilot phase with €1.4 million (US$1.5 million) from the European Commission, euCONSENT 2.0 has funding from the United Nations through UNICEF’s Safe Online initiative.

“We are moving away from the concept of publisher based age assurance to decentralized app-based age assurance,” says Corby, in what he calls a “pivot.” The first phase of euCONSENT involved a device-based token system for age verification. Corby explains the new system using the metaphor of a chocolate wrapped in foil. The raw ingredient is a user’s age, which they must prove when entering an age restricted website, via the AgeAware app – what Corby calls a “thin application,” a technology-neutral client that can work with a multitude of software and hardware options.

After performing age verification through biometrics, facial age estimation or more traditional means processed through a provider, AgeAware issues a token. This is the foil wrapped chocolate. The part with the ingredients (personal information) is inside. The wrapper is the external public product on which AgeAware confirms that what is inside meets the threshold for age verification.

As a user accumulates tokens from different websites using different age verification providers, AgeAware will interrogate all of them and choose the best token for that particular relying party. The content provider may have a preference in terms of pricing, or it may simply accept the published price of that verification provider, which is a generic price available to anybody who wants to use the token. A backstop is in place offering a default price for a party that has no verification deal in place.

“That means that the relying party just needs to find a token, even if they’ve never met the age verification provider and have no contract,” says Corby. “They can still use that token interactively to check the age of the user, which is provided to the right party through an anonymizing service.” Tokens will expire over time.

A tallying service overseen by euCONSENT keeps track of which age verification provider’s tokens are being reused for new verifications, and then reports to an orchestration scheme to charge and distribute fees to the providers. This also eliminates the need for relying parties to report their own numbers.

Corby says phase one saw particular problems with allowing parents to provide parental consent, in terms of linking the identities of parent and child. Priorities for phase two address “unfinished business,” such as advancing zero-knowledge proof, improving the degree of untrackability, expanding compatibility to apps, and exploring integration with the EU digital wallet. The plan also involves updating certifications, refining underlying ethical principles, and deepening the involvement of international standards organizations such as the ISO and ITU.

Although euCONSENT frames itself as an industry-led response to European regulatory demands, the project has global aims. It is managed by an NGO, euCONSENT ASBL, whose membership includes representatives from industry, academia and the legal worlds.

Ver.iD demos decentralized ID system for parental consent 

Showcasing the potential of digital credential wallets, Roger Olivieira, co-founder of Amsterdam-based age and identity verification firm Ver.iD, explains that the Dutch government issues verified personal information that can be retrieved with an app such as that provided by Ver.iD. The government is experimenting with a decentralized digital ID system that would allow for digital verification of relationships between two individuals – for example, a child and their guardian. Then, a “parental dashboard” would allow linked guardians to provide parental consent by verifying the age of minors (“wards”) attempting to log into apps or accounts that require age assurance (for example, video games or social media).

Report on EU age assurance says more regulatory pressure needed

Martin Sas from the KU Leuven Centre for IT & IP Law outlined its forthcoming report for the EU Parliament on the trustworthiness of age assurance. The report aims to map the legal requirements for age assurance under European law, identify potential risks to fundamental rights, and evaluate risks for specific methods.

The report says that necessity, proportionality and the best interest of the child should always be considered when age assurance is implemented. In the latter, protection should be fairly balanced against the digital rights of the child. Of biometric age assurance methods, age estimation is judged to be less reliable than age verification – but verification is “more intrusive.”

Ultimately, the report raises concerns about risks to privacy and security, and the potential for age assurance measures to be discriminatory or to exclude people with limited access to ID documents or technology, or people with various developmental disabilities. It thus emphasizes the need for regulatory consistency and increased pressure to meet conformance testing, to keep up with increases in use.

Open Identity Exchange outlines vision for universal ID

In his talk, Nick Mothershaw, chief identity strategist for the Open Identity Exchange, outlined how the organization sees the connection between digital identity and age assurance. Its vision for a “simple, universally trusted ID” focuses on educating relying parties on the facts and advantages of biometrics and digital identity, through a variety of initiatives including events, consultations and resources.

Mothershaw highlights the importance of trust frameworks and trustmarks to make sure the security relationship is addressed from both sides. OIX has analyzed trust frameworks from around the world, including the UK Digital Identity and Attributes Trust Framework (DIATF), eIDAS 2.0, the NIST version 4 draft, and the DIACC Pan-Canadian Trust Framework.

Related Posts

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics race for the borders

Biometrics to ease border crossings are a major theme of the week among Biometric Update’s most-read articles of the week….

 

US election likely to be a missed opportunity to advance digital ID policy

The 2024 U.S. election represents an opportunity for social dialogue around digital identity policy in the wake of a series…

 

India to pilot Digi Yatra for foreign nationals in 2025

India is planning an international pilot project for June 2025 that will see the introduction of facial recognition technology beyond…

 

Papua New Guinea advances digital ID, wallet and govt platform to pilot

Papua New Guinea has stood up a new digital ID, wallet and online government platform, and plans to pilot them…

 

UK police organized crime unit seeks new facial recognition software

The UK’s main law enforcement agency against organized crime is looking into new facial recognition solutions, as the country doubles…

 

The EUDI Wallet was not meant for age assurance: AVPA

The European Union should not look at the EU Digital Identity (EUDI) Wallet as an age-assurance solution to keep minors…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events