Online age verification of minors
The AEPD has stressed the need to implement effective online age verification of minors methods to prevent them from accessing innapropiate websites and other insensitive information. In a world where Internet access by minors is becoming more and more frequent, many parents are concerned about the type of content their children may view that could have a negative or significant impact on their development.
In fact, every day many minors access inappropriate content online, such as pornographic content or social networks that pose risks such as cyberbullying or sexual harassment by adults (groaming).
In this regard, the Spanish Data Protection Agency (AEPD) has stressed the need to implement effective online age verification methods to prevent minors from accessing inappropriate websites and/or sharing sensitive information about themselves without being aware of the risks involved.
Online age vericfication of minors: protection of minors
Taking into account that a minor would fall within what the regulations consider as a group of vulnerable people who, due to their young age and inexperience, could face numerous risks that could significantly affect them, it is required to ensure specific and forceful protection when proceeding to the processing of their data by data controllers.
In this regard, and following the publication of the General Data Protection Regulation (GDPR) and Law 3/2018 of December 5, 2018, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), it was established that the processing of personal data of a minor based on consent could only be carried out when he/she is over fourteen (14) years of age.
In the case of minors under fourteen (14) years of age, the processing of their personal data based on the legitimacy of consent will only be lawful if the consent of the holder of parental authority or guardianship, as stipulated in the Civil Code, is on record.
In other words, only persons over fourteen (14) years of age or, in the case of minors, the parents or guardians of the data subject may give their consent in a lawful manner.
Online verification of the age of minors
While in recent years the legal and regulatory framework applicable in the European Union to ensure greater security for minors in the digital environment has evolved considerably, for practical purposes age verification mechanisms and parental consent tools remain ineffective in many cases.
In order to implement valid mechanisms that do not lead to excessive data processing for the purpose of verifying the user’s age, the French data protection authority (CNIL) issued a report of recommendations stating that age verification systems should be structured around five fundamental pillars:
- Data minimization
- Proportionality
- Robustness
- Simplicity
- Standardization and the intervention of independent trusted third parties to avoid the direct transmission of identifying data to the owner of a site offering, for example, pornographic content.
Meanwhile, the Spanish Data Protection Agency proposes similar solutions, such as having an independent third party verify the user’s identity by providing an official document (passport or driver’s license) and, once the age of majority has been verified, this information is encrypted or destroyed, so that it is only shared with the adult content service if the user is of legal age or not.
In short, it is important to highlight the fundamental role of the control authorities in this regard, since their functions include promoting this issue and raising public awareness, as well as prosecuting and reprimanding those data controllers who have not implemented the necessary tools to verify the age of their users when required to do so.
At Letslaw our team of Data Protection lawyers will help you and advise you with anything that you may need. Do not hesitate to contact us.
Letslaw es una firma de abogados internacionales especializada en el derecho de los negocios.