A range of different age checks are needed to protect children – but also to ensure they can take advantages of positive opportunities online-a new study says.
Experts found many current age assurance methods - especially self-declaration - provide far too low a level of age assurance to meet legal obligations in traditional and relatively new legislation such as the Digital Services Act and the UK Online Safety Act 2023.
The research says so far age assurance has often been ineffective in protecting children from online harm and it risks their privacy and harms their civil rights.
Age assurance measures are often poorly implemented, exposing children to inappropriate content, harmful products and services, and depriving them of the high level of data protection mandated by the GDPR.
Legal age restrictions in some form have existed for a long time concerning children's ability to access content, goods and services. The advent of the internet has raised several challenges for child protection as well as children's rights.
The study says it is important to restrict children's access to inappropriate content, goods and services, but also important that higher levels of protection do not lead to children being excluded from digital services of value to them.
Age assurance is an umbrella term used to describe methods that estimate or verify someone's age. Researchers call for a "child rights" approach, which requires that children should be consulted on safety and privacy measures, and all measures should be subject to robust evaluation. They identified serious child rights concerns in relation to protection, discrimination, privacy, the right to be heard, other civil rights and freedoms, and remedy.
Age assurance should include privacy-by-design and safety-by-design, to ensure children can enjoy age-appropriate digital opportunities as well as protections.
The European Commission-funded study, by Sonia Livingstone and Mariya Stoilova, from the London School of Economics and Political Science, Abhilash Nair, from the University of Exeter, Simone van der Hof, from Leiden University and Cansu Caglar, from Queen Mary University of London is published in the International Journal of Child Rights.
Researchers examined the legal requirements for age assurance in Europe for online content, online sale of alcohol & tobacco and online gambling, assessed compliance by companies, and analysed the consequences for family life.
They found a lack of clear guidelines from regulators as to how appropriate measures can be implemented in practice could leave both service providers and users with considerable uncertainty. Most specific age restrictions set by providers represent a business decision to exclude children rather than invest in designing services appropriate for them.
Professor Nair said: "We found there is a myriad of legislation across the EU that require age checks, but without appropriate age assurance mechanisms in place many of those laws have not been meaningfully enforced. There is now a renewed interest in age assurance, and it is important that we get it right this time so that age assurance tools can serve as a useful tool to achieve compliance with the laws but at the same time are rights respecting for all, and particularly for children."
Professor Livingstone said: "Digital services can make a hugely important contribution to children's development and should therefore be accessible to them. The threshold for age-based restrictions should be set according to whether, on balance, content, services or products are potentially harmful to children or certain age groups of children, bearing in mind all their rights."
Professor van der Hof said: "Although age assurance is the responsibility of digital service providers, they seem to shift the responsibility from digital service providers to children and parents by expecting them to provide the correct age or date of birth at registration. When children do use digital services below the minimum age set by providers, they find themselves using services that do not consider their safety specifically and may therefore not be age appropriate.
The study says children's right to be heard means that they should be meaningfully involved in the design and development of assurance and consent mechanisms and must be provided with easy access to make complaints when their rights are not observed or get support in using age assurance:
Experts found age assurance is only partially trusted, though this might be improved by setting standards for the efficacy of age assurance and age restrictions, combined with certification schemes as a statutory requirement for providing age-restricted content.