On 11 February 2024, the European Data Protection Board (EDPB) adopted a new statement on age assurance. This statement, while not legally binding, will guide the enforcement of age-gating methods across the EU. Age assurance refers to the methods used to determine an individual’s age or age range with varying levels of confidence or certainty.

The EDPB’s statement addresses several online scenarios where age verification is crucial. These include situations where legal age requirements exist for purchasing products, using services that could pose risks to children, or engaging in legal activities. It also emphasizes the responsibility to protect children by ensuring that services are designed and provided in an age-appropriate manner.

Platforms publishing notably adult content and which may be mandated under local laws to implement age control methods will need to take this guidance into consideration.

Implementation Requirements

Perform and document a risk-based assessment explaining the necessity of age assurance for your service and identifying specific risks. The age verification system should collect only the minimum age-related data necessary, typically just determining if a user is above or below the relevant age threshold. The chosen method must not enable tracking, profiling, or identification beyond what’s necessary for age verification.

Technical Requirements

Implement privacy-enhancing technologies that favor user-held data and secure local processing. Ensure multiple verification methods are available to prevent discrimination against users without access to certain tools. Consider a “no-log” policy where age verification data is not retained after the process.

Required Documentation

Conduct a Data Protection Impact Assessment (DPIA) before implementing any age assurance system. Develop clear policies documenting your age assurance governance framework, including roles and responsibilities, data protection measures, and compliance monitoring procedures.

Josefine Beil contributed to this article