ICO Releases Opinion on AI-Based Age Assurance Methods and Data Protection Guidelines
The UK Information Commissioner’s Office (ICO) has released an important opinion addressing age assurance methods and data protection guidelines, with a particular focus on those utilizing artificial intelligence (AI). The ICO guidance aims to provide clarity and assistance to organizations in implementing effective measures to prevent children from accessing inappropriate content while respecting their privacy.
Age assurance strategies are designed to strike a balance between safeguarding children and tailoring online experiences based on their age. By implementing age verification methods, organizations aim to ensure that children are shielded from harmful content while still enjoying a personalized online experience.
The ICO emphasizes that organizations must comply with data protection principles when deploying age assurance methods. These principles include fairness, transparency, lawful processing, minimal data collection, accuracy, limited retention, security, and accountability.
When it comes to AI-driven age assurance methods, the ICO highlights the need for additional data protection measures. For instance, if the AI method involves processing biometric data, the controller must determine if it falls under special category data and take appropriate steps accordingly. The ICO also stresses that when using profiling for age assurance, controllers must carefully assess the risks posed by profiling and ensure it does not lead to discrimination or bias.
The opinion identifies four main approaches to age assurance:
1. Self-declaration: Users are asked to verify their age by simply providing their date of birth or ticking a box confirming they are of legal age.
2. Third-party age assurance services: Organizations employ external services or databases to verify a user’s age.
3. Trust frameworks: Organizations use frameworks to establish the age of their users, often based on user attributes or characteristics.
4. Age estimation techniques using AI: AI algorithms are employed to estimate a user’s age based on various factors.
The ICO advises that for high-risk services, controllers should opt for methods with the highest level of certainty. While the level of certainty will vary across services, organizations should be able to demonstrate that they have thoroughly explored a range of age assurance options and provide reasoning for selecting a particular method.
This opinion from the ICO provides valuable guidance on age assurance methods, with implications for organizations that adhere to the Data Protection Commission’s Fundamentals for a Child-Oriented Approach to Data Processing. By following these guidelines, organizations can create safer digital environments for children while respecting their privacy rights.
Read more about the Fundamentals and Games: The DPC’s Fundamentals for Processing of Children’s Data on our previous briefing.
Sources:
– [UK Information Commissioner’s Office](https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/07/age-assurance-opinion-and-resources/)
*Disclaimer: This article is for informational purposes only. It does not constitute legal advice or indicate endorsement by any entity.*
