PPPA-AGEVER-01-2020: “Outline and trial an infrastructure dedicated to the implementation of child rights and protection mechanisms in the online domain”

PPPA-AGEVER-01-2020: “Outline and trial an infrastructure dedicated to the implementation of child rights and protection mechanisms in the online domain”

Home » News » Press releases » euCONSENT announces the AgeAware App – device-based online age assurance

euCONSENT announces the AgeAware App – device-based online age assurance

BRUSSELS, BELGIUM Speaking at the Global Age Assurance Standards Summit held in Manchester, UK, not-for-profit organisation euCONSENT ASBL has announced an update to the design of its global network to facilitate the re-use and interoperability of online age assurance checks across multiple websites and apps.

At the heart of euCONSENT 2.0 will be a new, free AgeAware App which will store anonmyized tokens issued by approved Age Assurance providers to users who successfully complete an online age check, using any audited and certified method.

A first-time user visiting a completely age-restricted website, accessing restricted content and functionality within a site or, indeed, on any other app running on their device, will be referred to an age assurance provider to complete their first age check.  Users can alternatively choose to use any method from any participating age assurance provider if they prefer. This can include both traditional age verification approaches and innovative age estimation techniques.   Once the age has been checked, the chosen provider will invite the users to download a small software agent onto their device and can issue a cryptographically signed token to be stored locally.

The website they wish to access will be able to retrieve from the token, answers to age-related questions such as “is this user 14 or older?”   The token is supplied via an anonymizing service, a privacy enhancing technology (PET) operated by euCONSENT, which will remove any identifying information, and also make it impossible for the age assurance provider to know which tokens are used by which relying party – it is zero-knowledge proof.

When the user needs to access another age-restricted digital service, the platform will be able to re-use the existing token to answer its question about the age qualification of the user e.g. “Is this user 18 or older?”   Relying parties can also refer users to an alternative age assurance provider – perhaps if they have negotiated preferential pricing.  Users may accumulate a number of tokens which they can re-use until their expiration after a period that is determined based on the level of age assurance required.

A tallying service will independently count the number of times any given relying party makes use of tokens from each issuer.  This facilitates the operation of an open and competitive market for age checks.  A backstop default fee of e.g. $1 will allow any digital service to use any suitable AgeAware token on a user’s device.  Providers can choose to price their token below the default, and this price will be visible to relying parties, along with a unique code for each issuer, allowing them to choose between issuers, and facilitating separately negotiated contracts, such as volume discounts.  A separate commercial scheme is expected to be created by participating providers to facilitate efficient collection and distribution of fees.  Both the app and the commercial scheme will, after the initial ‘live’ trial, be open to new entrants which can set up competing alternatives, provided they meet the standards set by euCONSENT’s governing board.

euCONSENT also acts as the certification authority that allows for tokens to be cryptographically signed, and will manage the auditing process required before an age assurance provider can join the network.  All issuers will be certified against international standards which will ensure they produce accurate age checks, to defined levels of age assurance proportionate to the risk of each use-case.  Auditors will also inspect data security and privacy protections, applying a strong requirement for data minimization, with the central retention of personally identifiable information (PII) not permitted.

Technology does not stand still, but there is an enduring need to protect children from online harm, while preserving the rights of adults and children to privacy and access to the enormous benefits the Internet provides.  We aim to facilitate an open and competitive market for age assurance, underpinned by international standards, with quality assured through audit and certification.

John Carr, OBE

Chair of the euCONSENT Advisory Board

Our initial pilot was a successful proof of concept, but the context in which age assurance is required has moved on. Regulators and clients are rightly raising the bar to require a higher degree of privacy protection than is promised through simply complying with data protection laws. Our new approach incorporates the double-blind approach promoted by France’s CNIL, and the privacy-enhancing technology delivered through a device-based app, as recommended by the Spanish AEPD.

Iain Corby

Secretary-General of euCONSENT

euConsent Consortium

Subscribe to our Newsletter

Do you want to be informed with the progress of euConsent or other related news? 

Thank you for subscribing. A email was sent to confirm your email address. Please check also spam folder.

Share This