Implementing Age Verification in a Time of Regulation and Risk

Nametag Team
Nametag console showing a successful verification result

Enable Self-Service Account Recovery

Nametag sends MFA and password resets to self-service while protecting your helpdesk against social engineering.

As the digital landscape continues to expand, experts are coming together to offer guidance to government officials as they draft and implement new data protection and user verification laws to regulate the Internet and create a safe environment for users of all ages. Are you prepared to meet the requirements of today’s data compliance frameworks?

In order to protect children from data processing practices and ensure that your organization is managing risks related to their users, Nametag has assembled an overview of existing regulatory requirements for secure age verification and customer authentications, as well as a look at best practices that you can implement to stay compliant with new regulatory measures.

Understanding Today’s Age Verification and Identity Authentication Laws

As organizations evaluate their data processing practices and their responsibilities to their user base, they need to consider the European Union’s GDPR and the United Kingdom’s data and privacy protection for minors. 

Under the GDPR, companies are required to conduct Data Protection Impact Assessments (DPIAs) for any project that may involve a “high risk” to user data. This requirement calls for assessments when a company uses or develops new technologies, involves monitoring user locations and behavior, or processing demographic data (including information on racial/ethnic origin, political alignment, religious beliefs, biometric data or PHI, among other private data). Notably, it requires companies to implement protection against normal data processing practices for children. 

In short, the GDPR classifies any data that could cause physical harm to users in a breach or leak as data that would fall under its risk standards.

The United Kingdom’s Information Commissioner’s Office has also implemented similar protections for children on the Internet. Named the Age-Appropriate Design Code (or the Children’s Code”), which outlines 15 standards that online services (including apps, games, devices, toys, and news services) must comply with for the safety of their users. 

The UK’s framework has served as the model for the United States’ regulations, including the recent Age Appropriate Design Act for children passed in the state of California (the Cal-AADC), which may become the template for future national legislation. 

The scope of the law encompasses any "business that provides an online service, product, or feature likely to be accessed by children," and mandates that these businesses act in the "best interests of children." Tech companies are required to conduct a comprehensive Data Protection Impact Assessment to assess whether their products have the potential to "harm" children. Furthermore, businesses must determine the age of child users, configure default settings for children to prioritize a high level of privacy, and deliver and enforce privacy policies and other relevant information using child-friendly language.

How to Implement These Standards

In order to properly assess your data protection for young users when starting a new venture, most of today’s privacy legislation under this model requires a thorough and organized description of your processing practices, including a method of age verification. 

There are several approaches to age verification, such as third-party age verification services, trusting account holders to enter and confirm real user ages, and implementing measures to prevent users from immediately changing their age to access services they are denied access to. However, companies like Instagram have begun implementing either AI-based identity authentication firms or fallen back on uploading government-issued IDs for verification in order to stop the exponential growth of fake profiles and lower the risk of impersonation. 

How Nametag Solves Age Verification

At Nametag, we offer an agile and privacy-focused solution that balances convenience and compliance responsibilities. Some companies like, are hindered by processes which require you to upload your entire government-issued ID to a centralized database or like Yoti, which leans heavily on their often constricting UK-based expertise. Nametag’s more modern, faster AutoPilot solution only collects the information you need for authentication from a government-issued ID and reduces the amount of risk you face, while providing a sleek and user-friendly experience. That, coupled with Nametag’s express re-verification of identities, makes for a seamless user experience and quick mobile access that many apps, in particular social media and dating apps alike treasure. The photo ID and a real-time selfie combine physical and biometric comparisons without relying on legacy technology to work - all through a mobile device..

Nametag has also integrated technology that identifies individuals within a certain age group, where visibly underage selfies are required to further verify their age by scanning their government issued ID. While bad actors and underage users might be able to trick other systems or even utilize other people’s IDs to gain access, Nametag is unique in that the workflow uses strict, in hand document review, and powerful biometric matching technology made possible by the security features on a mobile device, giving users a digital Nametag to verify their age accurately, securely and in a privacy centric manner.

In the most obvious analogy to what people are accustomed to in their everyday lives, Nametag is the most advanced way to digitally represent the experience that we’ve all gone through when asked for ID in a physical scenario, but now it’s made mobile, accurate and privacy centric for everyday use throughout the globe. 

To learn more about Nametag or schedule a demo click here.

Secure your helpdesk against social engineering and impersonators.
Accept All Cookies