Spanish law among most comprehensive for age checks, kids’ online safety

Among EU nations pursuing child online safety legislation and age verification tools, Spain has been at the forefront. It has released a technical specification for its online age assurance system; co-signed, along with Greece and France, a discussion paper pushing for stronger protections for social media; and seen its digital wallet chosen as a pilot technology for developing the EU’s white label age assurance app for the EU.

On the policy side, Minister for the Presidency, Justice and Parliamentary Relations Félix Bolaños calls a new law in its final stages of approval “a comprehensive, ambitious and pioneering regulation in Europe to try to solve the social problem of indiscriminate access by minors to social media and other digital environments.”

A government release says the Organic Law for the Protection of Minors in Digital Environments criminalizes making pornographic material “indiscriminately available to minors,” and makes it crime to create or distribute AI-generated or manipulated content involving minors, or deepfakes used for sexual exploitation or to demean.

It requires manufacturers of internet-connected devices to pre-install effective, free and accessible parental control systems, which must be turned on by default. Data collected during the set-up process may not be used for commercial purposes.

It recommends the promotion of digital literacy and addiction prevention, to educate students about digital rights, data privacy, online ethics and the risks of digital platforms.

It includes regulations on access to and activation of “random reward mechanisms” or “loot boxes” in video games and platforms, special provisions for victims of gender-based and sexual violence, and stronger penalties for adults who create fake online identities for the purpose of grooming or cyberstalking minors.

Finally, per the release, the General Law on Audiovisual Communication has been amended so that “large media operators and influencers with a very large number of followers are obliged to have channels for reporting content that is inappropriate for minors. They must also report content that may be harmful to minors, use effective age verification systems and separate content of a pornographic or violent nature from other content.”

Age verification systems must be anonymous, with all data processing done on the user’s device. They should not leave traceable patterns, not rely on collecting extra data such as gender or ethnicity, and not rely on profiling or continuous user tracking. Users should only need to prove their age for accessing age-restricted content. Systems should avoid using centralized databases. And companies must conduct a Data Protection Impact Assessment (DPIA) when introducing or modifying age verification systems, to ensure compliance with data protection laws.

The proposed law does not outline specific age assurance products that platforms and services can use, but the National Commission on Markets and Competition (CNMC), which is overseeing the age verification piece, will “evaluate the adequacy of the age verification systems implemented by platforms.”

The law is far reaching, with an overarching goal to protect minors’ “right to privacy, honor and self-image” and to encourage responsible use of technology and promote the necessary skills. Schools will be responsible for expressly regulating the use of mobile devices in the classroom and in extracurricular activities. A larger media literacy plan will be implemented to educate students about digital rights and how to exercise them, data privacy, online ethics and risks.

The Spanish Data Protection Agency (AEPD) will be responsible for overseeing compliance with data protection regulation, while CNMC will focus on age verification, and consumer protection agencies will ensure devices meet safety standards.

Targets social media influencers with large followings

A blog from Yoti digs into specific rules around age assurance in Spain’s new law.

“While comparable initiatives such as the UK’s Online Safety Act and California’s Age-Appropriate Design Code exist in other jurisdictions, the Spanish law stands out for its broad scope and emphasis on enforceable age assurance, platform accountability and digital literacy,” says the post. “Its comprehensive framework places it among the leading examples of child online safety legislation worldwide.”

There is a wide scope of entities to which various angles of the new law apply. Beyond the usual suspects – social media platforms, for which the minimum age for access without parental consent has been raised from 14 to 16 – it affects influencers and content creators, video game developers and publishers, and healthcare and educational institutions.

While the age verification debate has already touched gaming, the inclusion of influencers and digital content creators is a new development. Instagram may be responsible for age verification – but now, so is MrBeast.

Online personalities that meet a certain threshold of followers must “comply with content regulations similar to those of traditional media, including the type of content they publish and restrictions on time slots.” They must also have effective age checks. And they should “avoid publishing content containing gratuitous violence, sexual themes or other material inappropriate to users identified as children.” Sponsored or promotional must be clearly labeled.

In the health and wellness department, the law guarantees children free and ongoing access to 24/7 support services. It proposes the development of a national digital literacy strategy for minors, educators and parents, and establishes “public digital culture laboratories” – spaces where young people can “safely explore digital creativity and innovation.”

Clinically, primary care visits to pediatricians will include questions about screen time and digital device usage.

The draft Organic Law has entered the parliamentary phase and has been submitted to the Congress of Deputies, where it may be subject to further amendments.

Article Topics

age verification  |  children  |  digital identity  |  legislation  |  regulation  |  social med  |  Spain  |  Yoti