The first large scale pilot of our project just ended. It was held between the 17th of February until 3rd of March.
All the activities performed in the first half of the project – establishing a common vocabulary for the project, finding legal grounds for the framework to be implemented, analysing what parents, children and adults want and expect to find in the online environment to have a sense of security and safety, knowing the current situation for the way that online businesses (online shops, social media channels, online AV content, etc.) have been implementing methods for obtaining parental consent, protecting children and their rights, GDPR requirements, etc. – have created the basis for the framework, a route to follow in developing it.
We’ve asked our technical leader, Vangelis Bagiatis, to give us some details on the pilot in a more comprehensive but not very technical manner.
How many participants were included in the pilot?
Our initial goal for this pilot, was to have 1600 participants – children, adults and parents – to thoroughly test our euCONSENT framework using various scenarios. We were quite surprised to have a little bit more at the end of the pilot. But, since we are still analysing the data, the final number of the participants will be made public in a little while.
From how many countries did the participants come from?
Participants were selected from 5 different countries: Greece, UK, Germany, Cyprus and Belgium.
What did the participants have to do?
They had to answer to some simple introductory questions in a survey which we divided into several groups. Once they answered all of the questions, the participants were redirected to a specific website where they had to complete a mission: verify their age or ask for parental consent. Each participant had to complete 3 missions. After each one, the participants had to return to the survey and answer some more questions about their experience. To give you an example of one scenario: a child under the Digital Age of Consent had to complete:
- Mission 1: access a dummy alcohol website where they had to verify their age using one of the methods provided. Facial recognition was one of the preferred methods. Once the age was verified, the child was redirected to a ‘protected’ page informing them that they were too young to access that site.
- Mission 2: access a dummy social media website where they were recognised as being under the digital age of consent, since they had already proved their age in the previous mission. Now they had to ask for parental consent to be able to move forward in the survey.
- Mission 3: access a dummy chat website where they had, as well, to ask for parental consent to complete the mission.
We also had use cases for adults and children over the Digital Age of Consent.
Who did the age verification and how?
We had 3 age verification providers (we call them AVPs), integrated with the euCONSENT framework: AGEify, AgeChecked and Yoti. Each AVP had several methods to verify a participant’s age such as: facial estimation, where we use AI techniques to estimate the age of somebody based on their facial features, extracting the age of birth by scanning some official document, like a passport or a driving license, using dedicated apps (as in Yoti’s case), using a Credit Card or (for Belgian citizens) proving their age through their itsme account. We mixed the AVPs, so that for each mission there was a different AVP responsible.
Once a participant had proven their age in the first mission and because all AVPs were integrated with the euCONSENT framework, the participant was recognised automatically as a child/adult in the next mission without being age-verified again. This was a very important aspect of our solution that we wanted to test, since one of the main objectives of euCONSENT has been to allow the users to reuse a previous age check, even if this was performed by another AV provider, and therefore improve their user experience.
How about parental consent? Which Parental Consent Providers were involved? How was the process?
For this process we had 2 Parent Consent Providers (PCPs): JusProg and Upcom.
The child first has to enter their name and the email address of one of their parents of legal guardians. Then the parent receives an email with instructions and details about the website that their child is trying to access (asking for their consent). If the parent agrees, then the child is allowed to access the website. If the parent declines consent, then the next time that the child attempts to access this website in the future, they are redirected to a dedicated page informing them that their parents didn’t approve it.
How many dummy websites were made?
In total, there were 20 dummy websites. As we had participants from different EU countries, we had to translate the survey, websites missions, AVPs/PCPs pages into 3 other languages aside from English – German, French and Greek.
For the missions, we created 5 different dummy websites: one for selling alcoholic products, a dating site, one for chat, one for social gathering and another as an online store for selling knifes. We needed this many to test that age checks could be re-used and to make sure checks became stricter in line with the level of assurance required. Of course, they didn’t sell any actual products or include any harmful content, we used them simply to simulate different types of businesses.
What do you mean by ‘levels of assurance’?
This refers to how strict an age check needs to be. So, for products or content that is deemed more dangerous, like knifes, more strict age checks are required. How this plays out in the real world depends on the standards that are currently being developed, we will inform you when we know more.
Did the pilot participants have support should they experience any problems?
Yes, we set up a team to answer any queries or help them with technical problems our participants may have had. On each dummy website we installed a ‘Contact us’ button, which directed them to a support form on the euCONSENT.eu website. All inquiries were captured in our issue tracking system and we tried to answer them within 24 hours.
How about the pilot results? Will you produce a public report?
For sure. We’ll publish the results on the euCONSENT.eu website in the coming months.
What are your next plans? How are you going to use the results of this survey to improve euCONSENT?
All the feedback that we received during this large-scale pilot has been essential for us, as it helped us to identify areas for improvement, especially regarding the user experience (UX) aspect of our solution.
During the next couple of months, we’ll analyze the results more thoroughly and translate them to new business requirements. At the same time, our technical teams will be working on implementing all these changes and improvements. What we can already say is that the core technical solution we designed worked in practice without any major systematic problems.
Finally, by the end of May, we’ll be having the last pilot round, during which we’ll try to measure the impact of the changes, and see to what extent we managed to improve the euCONSENT solution.