DSA guidelines risk fragmentation of EU age assurance for social media

The EU may allow member states to set their own age requirements for accessing certain products or services through age verification, according to a new draft of implementation guidelines for the Digital Services Act (DSA).

The changes may have been introduced to appease Member states, which have been lobbying the European Commission to tighten the guidelines for minor protection. Earlier in June, eleven countries submitted a letter to the European body advocating for mandatory age verification for social media to be included in the DSA.

The new DSA guidelines draft, obtained by French media outlet Contexte, can be seen as a compromise. It allows national laws to prescribe “a minimum age to access certain products or services” on platforms, including social media.

According to the upcoming regulation, online platforms must assess potential harms to minors and introduce age assurance measures that would limit children’s exposure to pornography and other harmful or age-inappropriate content.

The guidelines establish three risk tiers – low, medium, and high – that dictate which age assurance measures platforms must adopt. Age assurance measures are also divided into three categories: self-declaration, age estimation, which is most commonly carried out with face biometrics; and age verification, which relies on documents such as government IDs or bank cards.

The new DSA guidelines draft also shows that the Commission has been trying to minimize the potential fragmentation and disruption for users and platforms brought by age assurance measures.

Platforms may be permitted to use age estimation if they can “prove that such methods are comparable to those of age verification” when it comes to meeting defined criteria.

According to the draft, age verification must conform to several criteria, including accuracy, reliability, non-intrusiveness, non-discrimination and robustness – meaning that it’s hard for minors to circumvent.

EUDI Wallet for age estimation likely the most popular solution: CDT

Many of the details related to the DSA guidelines, however, remain uncertain, which could ultimately affect their implementation, according to The Center for Democracy and Technology Europe (CDT Europe).

In its review of the original DSA guidelines, published in May, the civil rights organization argues that many age estimation technologies are “neither accurate nor privacy-preserving.”

“In practice, we foresee that – faced with choosing between potentially inaccurate age estimation or robust age verification – many platforms will likely default to the European Commission’s proposed digital wallet solution,” says CDT Europe.

The Commission has been working on an age assurance app, which will allow online service providers to check whether users are under the age of 18. A beta version of the white label app is in development by Deutsche Telekom and Swedish biometrics firm Scytáles and has been made available on GitHub.

While the app may seem like a safe choice, it may not be accessible to large groups of people, such as migrants, adds the organization.

The guidelines should also distinguish between age estimation using existing user data, which larger platforms may already possess, and age estimation requiring third-party vendors and additional data collection. More clarification is also needed regarding the risk categorization that platforms must apply to avoid potential harms to minors, according to the non-profit.

Article Topics

age verification  |  biometric age estimation  |  Center for Democracy & Technology  |  Digital Services Act  |  EU  |  EU age verification  |  EU Digital Identity Wallet  |  regulation  |  social media