Australian consult on age checks for social media shows common themes

Australia’s eSafety Commissioner has released documents summarizing the results of public consultations on how best to implement social media age restrictions, as well as guidance to help companies assess if they are likely to be covered under the restrictions.

The publication follows the release of the final report from the Australian Government’s Age Assurance Technology Trial, which a post on eSafety’s LinkedIn account says will go “hand-in-hand” with ongoing formal engagement with firms in the lead-up to December 10, when minimum age obligations commence.

“These resources will inform our compliance and enforcement activities, including the development of regulatory guidance to be released shortly.”

Fairness, flexibility, interoperability, inclusivity deemed important

According to a news post, the consultation process engaged a diverse range of stakeholders, including online service providers, age assurance vendors, “subject matter experts on the technical application of age assurance measures,” international regulators and government representatives, and representatives of civil society, academia and the education sector. Groups representing children, young people, parents and carers based in Australia got priority.

The consultation focused on eSafety’s implementation of the 2024 Online Safety Amendment (Social Media Minimum Age) Act, rather than on the contents of the legislation itself. The summary document lays out findings by group, and while there is plenty of information to digest, key themes recur.

The need for age assurance tech that prioritizes privacy and user consent is mentioned across groups. Systems should be robust, accurate and fair. Flexibility and scalability are noted as key advantages, as is a multi-layered approach integrated throughout the user journey. Interoperability is key, as is inclusivity. There is potential in zero knowledge proofs (ZKP) and tokenization. Some experts and educators have reservations about biometrics, notably around privacy and the potential for bias. Privacy legislation and standards are seen as laying a baseline on which to base age assurance practices. Friction should be minimized.

The responses from eSafety’s National Online Safety Education Council and online safety educators show “strong support for shifting greater responsibility to platforms rather than parents and carers.” However, they also stress the importance of digital literacy.

Everyone knows there are workarounds, such as VPNs. But some participants “suggested evaluation should consider whether age assurance is implemented in ways that uphold privacy, equity and children’s rights,” rather than the number of them age checks block from accessing harmful content.

Age assurance vendors offer a few insights from within the industry. Notably, they recommend “clearly distinguishing age verification from identity verification, to avoid conflating the two,” and “providing compassionate pathways for appeals and edge cases, recognizing that not all users fit neatly into standard processes.”

AVPA identifies three options for enforcement

The Age Verification Providers Association (AVPA) participated in the consultation, and a post on its LinkedIn page outlines the paths now available to eSafety Commissioner Julie Inman-Grant in how she enforces the law.

AVPA says Inman-Grant has three broad options, ranging from light to demanding. A light touch would leave it to platforms to use their existing marketing and data collection tools to flag and remove users who are likely to be underage.

The middle ground would “require specific age assurance processes when accounts are opened, but allow for a margin of error which would permit the most accurate estimation options to be relied upon,” acknowledging the need to set a buffer age for facial age estimation products.

What AVPA calls the “highly effective” approach is to “ensure the minimum age is applied exactly, so there is no access until the day you turn 16.” Again, in the case of estimation systems, that could mean setting a threshold of up to 21, to allow a buffer; the exact number, AVPA says, “will vary with the certified accuracy of the algorithm chosen.” Alternate methods, such as document checks, must be available for those who claim an error in estimation. “We also argue that platforms must offer age assurance of last resort – professional vouching to ensure inclusivity and accessibility).”

The association also notes the importance of independent testing and certification against international standards, and suggests the current moment is “a great opportunity to introduce an effective, interoperable, double-blind tokenized ecosystem so age checks can be performed once and then used across multiple sites seamlessly;” it points to euCONSENT as an example.

Article Topics

age verification  |  Australia  |  Australia age verification  |  AVPA  |  biometric age estimation  |  children  |  social media