Britain’s information watchdog refuses to rule out age gates for ALL websites under tough new code
- Information Commissioner’s Office has drawn up plans for website age checks
- But it is unclear which websites will be affected and how rules will be enforced
- Web giants will have to confirm they know the age of users who create accounts
- If they do not they will face fines, which in Facebook’s case could be £1.67billion
- New code is backed by data protection law and could come into force this year
The UK’s Information Commissioner Elizabeth Denham
Britain’s information watchdog has drawn up plans to introduce strict age checks on websites – but has not said how it will enforce them or which firms will be affected.
The Information Commissioner’s Office is set to unveil a tough new code of conduct to force companies to guarantee they know the age of their users.
It is not known whether websites will have to monitor the age of users themselves, or if the public will be responsible for reporting breaches.
And the proposals don’t indicate exactly how the new rules will be policed or which websites will be affected.
The new code will likely come under the remit of the Data Protection Act 2018, which was completed in December last year. It will give the ICO the power to issue huge fines to firms who do not adhere to the new rules.
But the move, likely to come into force by the end of the year, is likely to trigger a backlash from privacy and free speech campaigners.
France unveils the ‘GAFA tax’: Macron launches new levy on…
‘UK-based Facebook fake news network’ is BANNED: Site bosses…
Share this article
The ICO said in a statement: ‘The code won’t have a lot of prescriptive detail about how sites age verify because all of the sites are going to be different.
‘So we are going to say there has to be appropriate age verification on the site.
‘We will then use our powers to ensure that such verification is effective and in place.’
The proposals suggest web firms that hoover up people’s personal information will have to guarantee they know the age of their users before allowing them to set up an account.
What is the ICO and what are its powers?
The Information Commissioner’s Office (ICO) upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
It is a non-departmental public body which reports directly to Parliament and is paid for by the Department for Digital, Culture, Media and Sport (DCMS).
The office investigates issues including spam emails, data consent to companies, political campaign practices and individuals’ rights to information.
They also advise companies on data protection issues and investigate firms not thought to be complying.
The ICO has the power to hand out huge fines, of up to four per cent of companies’ global turnover.
Age checks are expected to be on a sliding scale depending on the webpages or websites a child wants to enter – from a tick-box system to an electronic passport type system where the person must use ID to prove their age.
But the specifics on exactly how that will work have not been made clear.
Companies that don’t, face fines of up to four per cent of their global turnover – £1.67 billion in the case of Facebook.
The code also aims to stop web firms bombarding children with harmful material, a problem highlighted by the case of Molly Russell, 14, who killed herself after Instagram allowed her to see self-harm images.
Experts claim it will have a ‘transformative’ effect on social media sites, which have been accused of exposing young people to dangerous material, bullying and predators. It includes rules to help protect children from paedophiles online.
Facebook will be forced to ensure its pages and settings are child-appropriate but in Google’s case it is not clear if the age checks will relate to all websites found via the search engine or only ones people have to subscribe to.
Under the new code:
Once the new rules are implemented, children could be asked to prove their age by uploading their passport or birth certificate to an independent verification firm.
- Tech firms will be banned from building up a ‘profile’ of children based on their search history, and then using it to send them suggestions for material such as pornography, hate speech and self-harm;
- Children’s privacy settings must automatically be set to the highest level;
- Geolocation services must be switched off by default, making it harder for paedophiles to target children based on their whereabouts;
- Tech firms will not be allowed to include features on children’s accounts designed to fuel addictive behaviour, including online videos that automatically start one after the other, notifications that arrive through the night, and prompts nudging children to lower their privacy settings.
This would then give them a digital ‘fingerprint’ which they could use to demonstrate their age on other websites.
Alternatively, the tech firms could ask children to get their parents’ consent, and have the parents prove their identity with a credit card.
If the web giants cannot guarantee the age of their users, they will have to assume they are all children – and dramatically limit the amount of information they collect on them, as set out in the code.
At present, a third of British children aged 11 and nearly half of those aged 12 have an account on Facebook, Twitter or another social network, Ofcom figures show.
Many youngsters are exposed to material or conversations they are too young to cope with as a result.
Websites will be forced to introduce strict age checks on their websites or assume all their users are children under plans being unveiled by the Information Commissioner’s Office
ICO deputy commissioner Steve Wood said: ‘We are going to be making it quite clear that there is a reasonable expectation that companies stick to their own published terms and policies, including what they say about age restrictions.’
Baroness Beeban Kidron, who tabled a House of Lords amendment which ensured the new code was drawn up and put into law, added: ‘I expect the code to say: ‘You may not, as a company, help children find things that are detrimental to their health and well-being’. That is transformative. This is so radical because it goes into the engine room, into the mechanics of how businesses work and says you cannot exploit children.’
The rules will come into force by the end of the year, and will be policed by the ICO, which has the power to hand out huge fines.
It will also use its powers to crack down on any web firm that does not have controls in place to enforce its own terms and conditions.
Companies that say they ban pornography and hate speech online will have to show the watchdog they have reporting mechanisms in place, and that they quickly remove problem material.
Companies that don’t guarantee they know the age of their users face fines of up to 4 per cent of their global turnover – £1.67 billion in the case of Facebook (file photo)
Firms that demand children are aged 13 or above – as most web giants do – will also have to demonstrate that they strictly enforce this policy.
At the moment, web giants such as Facebook simply ask children to confirm their age by entering their date of birth without demanding proof.
A spokesman for the ICO, which is headed up by Elizabeth Denham, said: ‘We can confirm that websites seeking consent for sign up to online services aimed at children must seek parental consent if the child is under 13.
‘We’ll also be clear in the code that organisations must be held to account for the age limit policies policies on their sites and how they implement them, when it is connected to collection and use of personal data.
‘The code will also set out the importance of implementing the design standards for all users it they cannot verify the ages of children likely to use their service.
‘These are new steps forward and we will consult on how they will work in practice. It’s important to stress the consultation.
Trusted and (at some point in the future, certified) third parties can also provide age verification services to allow people to prove their age and identity without providing information directly to the service.
‘One such example of the concept is the Governmnent’s Verify service.’
Source: Read Full Article