- New Opinion gives clarity to organisations on how to comply with age assurance
- gives guidance on what online services must do if they are likely to be accessed by children;
- reflects the technological developments in this area; and
- explains legislative developments and how organisations can meet their data protection obligations whilst also complying with the Online Safety Act 2023.
Age assurance is an important part of the ICO’s world-leading Children’s code. The Opinion explains how age assurance can form part of a necessary and proportionate approach to reducing or eliminating risks and conforming to the code. It also sets out how the Information Commissioner expects online services to apply age assurance measures that are appropriate for their use of children’s data.
The ICO committed to review and update the Opinion when it was first published, to help organisations understand how to approach age assurance and respond to ongoing developments in technology, legislation, policy and attitudes.
The regulator has held focus groups, published a call for evidence and engaged with innovators, experts, technologists and organisations. It has conducted voluntary audits, reviewed how online services identify risks to children, conducted research projects and engaged with Ofcom to ensure alignment between the age assurance requirements of the code and the Online Safety Act 2023.
The ICO continues to keep new developments under review and is committed to supporting organisations to ensure that information rights online are protected.
Notes to editors
- The ICO is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
- The Government included provisions in the DPA2018 for the ICO to create world-leading standards to provide proper safeguards for children when they are online. This became known as the Children’s code which came into force on 2 September 2021 following a 12 month transition period.
- Certification is a way for your organisation to demonstrate compliance with UK GDPR. If your business is using age assurance checks, you could apply to the Age Check Certification Scheme by ACCS. The ACCS scheme includes data protection criteria (ACCS 2:2021) for those organisations operating or using age assurance products. Find out more: Age Check Certification Scheme (ACCS).
- Age assurance is an umbrella term used to describe methods that estimate or verify someone’s age.
- The ICO can take action to address and change the behaviour of organisations and individuals that collect, use, and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
- To report a concern to the ICO telephone call our helpline on 0303 123 1113, or go to ico.org.uk/concerns.
