ITIF argues for age estimation, device-level controls in EU Digital Services Act

Age verification requirements for access to online platforms, apps or websites can provide effective protection for minors, but it could also infringe on their rights if not designed properly, the Information Technology and Innovation Foundation (ITIF) warns.

The tech trade group made the comments in a submission to the European Commission in response to a request for feedback on the guidelines to enforce the protection of minors online under the Digital Services Act.

The Digital Services Act sets rules for online transparency, dissemination of disinformation and age assurance in Europe.

The ITIF starts from the position that a careful balance must be struck to protect children from online harms in a way that will not “trample on children’s freedom to engage with their friends and access appropriate information online.” The group argues that internet use provides a range of important benefits to young people that need to be preserved.

Age verification risks being either invasive or inaccurate, the ITIF argues. Remote ID document checks can provide the desired level of accuracy, but entail privacy risks if the ID is stored and then breached, as well as “free speech implications,” which are not spelled out.

There are more effective measures available though, the ITIF notes, including biometric facial age estimation. The submission acknowledges that age estimation is “not perfectly accurate and likely never will be—no form of age verification is—but it is constantly improving.”

The ITIF also makes a pitch for allowing encryption and avoiding backdoors to get around it, on ground that eroding encryption exposes vulnerable populations without effectively addressing the use of encryption by criminals.

Other age assurance measures could help, according to the ITIF.

Building default parental controls into devices or operating systems could serve the intended purpose without imposing an additional privacy risk, because it does not involve sharing any identity data. This approach would also avoid impacting adults’ access to online material.

The ITIF also notes that “digital forms of government-issued identification could solve some of the privacy concerns associated with ID checks for age verification, as well as make the process more efficient.”

Advocacy groups and anonymous individuals dominate feedback

The EC has received 65 comments so far, many of them from anonymous individuals or child protection advocacy groups.

Privacy regulators from France and Spain also weighed in with comments on how the Digital Services Act fits with other regulations and best practice recommendations.

Yoti has filed a response, offering evidence for its assertion “that privacy preserving age assurance can support the age appropriate design of services” in the form of statistics detailing the effectiveness of its facial age estimation. The latest white paper from Yoti shows a true positive rate of 99.3 percent for estimating that people between 13 and 17 years old are under 21.

The company argues that some content filtering mechanisms rely on manual setup that can introduce errors or inconsistencies, and could potentially be circumvented by teenagers. A layered approach is best, Yoti says.

The EC is accepting feedback until Monday, September 30.

Article Topics

age verification  |  biometric age estimation  |  children  |  data privacy  |  Digital Services Act  |  EU  |  EU age verification  |  ITIF  |  social media