Age Assurance Isn't Easy to Implement or Enforce: IAPP Analysis
Though a variety of age assurance methods exist, effectively enforcing them “remains a persistent challenge,” said IAPP contributors Katelyn Ringrose and David Sullivan in an analysis Monday. Ringrose is a privacy lawyer at McDermott Will, while Sullivan is executive director at Digital Trust and Safety Partnership.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
“Enforcement has often been inconsistent or easy to bypass,” the contributors said, adding that “the rise of VPN usage further complicates compliance.”
In addition, a variety of stakeholders are responsible for implementing these tools, including device manufacturers, app developers, operating systems and third-party providers. Meanwhile, “questions about who should own and operate age assurance mechanisms have become increasingly complex.”
Accordingly, questions arise about exposure to "harmful content and implications for privacy and autonomy,” Ringrose and Sullivan added.
While the authors note that “device-level solutions can provide consistent age controls across multiple applications,” they “may not fully account for children's developmental stages or the context of specific content.” Though app-based systems “can offer more tailored experiences for different age groups,” they “often face interoperability challenges between apps and rely on accurate self-reporting and consistent age-appeal assessments.”
Additionally, a uniform standard “may inadvertently restrict some users or fail to protect others” through overlooking “important differences in children's developmental needs,” even when the tools "function as intended."
Ringrose and Sullivan said that third-party providers are playing “a growing role” in implementation, as “a wide range of techniques” can be developed, maintained and scaled for each use. But this “reliance on external providers also introduces important considerations around privacy, consent and accountability,” as sensitive data is often collected as part of the age-appeal process.
This means “policymakers and practitioners alike must acknowledge and grapple with the tradeoffs inherent to age assurance,” they added. “The actual implementation of age assurance … is a complex balancing act and this multilayered endeavor must respect the online protection, privacy, and digital autonomy of children, teens, and adults.”