This story has been updated. Please see the most recent update below.

On September 19, 2024, the Office of the Privacy Commissioner (OPC) published a Joint Statement on a Common International Approach to Age Assurance.

In particular, the OPC endorsed the Common International Approach to Age Assurance, signed by data protection authorities including the UK Information Commissioner's Office (ICO), the Philippine National Privacy Commissioner (NPC), and the Argentinian data protection authority (AAIP) among others. The Joint Statement remains open to signatures.

The International Age Assurance Working Group was first established by the ICO in 2022 for data protection authorities to share information on age assurance methods. Other reports on age assurance published by the Working Group include the ICO Opinion on Age Assurance, French data protection authority (CNIL) Recommendations on online age verification, and the Decalogue of principles Spanish data protection authority (AEPD).

Specifically, principles provided for under the joint statement include:

• age assurance must always be implemented in compliance with data protection requirements in a risk-based and proportionate way;
• the use of personal information for age assurance must be lawful, fair, transparent, and non-discriminatory;
• providers should establish with reasonable certainty whether children are likely to access their platform or website;
• providers should assess and document the severity of potential data protection risks to users, particularly children;
• providers should be aware of the state of the art on age assurance technology to ensure the implementation of effective methods;
• providers should be aware that where there is a high data protection risk to users, then relying on self-declaration alone as a method of age assurance is unlikely to be appropriate;
• self-declaration alone should only be used in situations where there is little to no data protection risk to children, and methods requiring more personal data may be used when legally required or where there is a high data protection risk to children; and
• age assurance is only one potential technical solution among other tools, including parental filters, public education, and awareness campaigns.

You can read the press release here and the joint statement here.

Update: October 29, 2024

Gibraltar: GRA announces joint statement on age assurance

On October 25, 2024, the Gibraltar Regulatory Authority (GRA) announced its participation with several other regulatory authorities in a joint statement to encourage a common international approach to age assurance. The GRA also mentioned that the statement sets out key shared principles and outlines common goals and commitments, and that the principles are intended to guide the industry on age assurance related to data protection and privacy. The GRA further highlighted in the statement that local age assurance is the process of establishing, determining, and confirming either an age or an age range of a natural person.

You can read the press release and statement here. 

Update: October 28, 2024

Argentina: AAIP announces joint statement on age assurance

On October 24, 2024, the AAIP announced that it and five other governing authorities on personal data protection issued a joint statement on technologies available to strengthen the age verification of users of digital environments.

The AAIP noted that the joint statement sets out key principles for all commercial and industrial sectors operating on the internet to ensure that they can determine the age of their users, adapt their user experiences in accordance with their age, and apply restrictions where required by law.

Furthermore, the AAIP mentioned that the joint statement is the result of the International Working Group on Age Verifications that the AAIP is a part of, along with the data protection and privacy governing bodies of Canada, the Philippines, Gibraltar, Mexico, and the United Kingdom.

You can read the press release, only available in Spanish, here.

Update: November 19, 2024

On November 18, 2024, the Office of the Privacy Commissioner for Bermuda (PrivCom) announced its participation with several other regulatory authorities in a joint statement on a common international approach to age assurance. 

PrivCom noted that the statement sets out key shared principles for the signatory regulators, and is intended as a guide to industry to encourage increased policy coordination and improved regulatory clarity for companies operating internationally regarding shared expectations on privacy-related age assurance practice. PrivCom further highlighted that it had also joined the International Age Assurance Working Group, which meets regularly to share information on age assurance and learn from research, policy development, and enforcement action.

You can read the press release here and the statement here.