Digital Services Act: Age Verification and Protecting Children Online

The Digital Services Act (DSA) is a new EU legislation aimed at creating a safer digital environment by regulating online platforms and digital services.

The DSA officially came into effect on February 17, 2024 for all digital platforms operating within the EU.

A part of the DSA focuses specifically on the protection of children under the age of 18.

In this blog post, we will discuss what DSA is, how it aims to protect children online, and the potential challenges of age verification.

Why was the DSA introduced?

The goal of the DSA is to protect online users from illegal or harmful content, products and services, and disinformation. Through a set of requirements for digital services, the DSA aims to provide more transparency and create a safer online environment.

It also aims to create a level playing field for all digital players while upholding fundamental rights such as freedom of expression and privacy.

The DSA was approved on July 5, 2022 and was the first updated piece of legislation to address online safety since the Electronic Commerce Directive in 2000. The DSA was introduced to bring outdated legislation into line with the new digital environment and technology.

Who does the DSA apply to?

The DSA applies to online platforms and digital service providers operating within the European Union. This includes social media platforms, online marketplaces, search engines, and other digital intermediaries that facilitate the sharing of content or the provision of online services.

Since August 23, 2023, the DSA has applied to Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) that have over 45 million users in the EU (10% of the population). Some of the VLOPs are platforms like Facebook, Amazon Store, and YouTube. The affected VLOSEs were Google Search and Bing.

As of February 17, 2024, all platforms that provide an intermediary service in the EU have to comply, regardless of size. This also applies to platforms or search engines that reside outside the EU.

Ambition for protecting children online

Some inappropriate online services, content, and people can potentially be dangerous or harmful to children. Therefore, the DSA aims to provide a list of measures platforms and search engines can follow to create a digital environment where children feel safe.

The DSA specifically aims to provide:

  • The “best interest of the child” principle
  • The right to protection for the child
  • The right to freedom of expression
  • The right not to face discrimination
  • The right to protection of personal data
  • A high level of consumer protection

Platforms need to ensure that their online services focus on safety, security, and privacy for children. Some measures that are enforced to protect children are:

  • Prevent ads targeting children based on profiling
  • Ensure terms and conditions are understandable to children
  • Interfaces designed with privacy, security, and safety measures in mind. Specifically, DSA forbids dark patterns, which are interfaces that trick users into making decisions they didn’t intend to make.
  • Availability of parental control to help parents limit access to online services.
  • Simple methods of reporting illegal or harmful content.
  • Systems that securely verify a user’s age before granting access to a service.

Let’s now take a closer look at the topic of age verification and its potential challenges.

Challenges with age verification

There are certain business benefits in introducing secure age verification. It’s also a way to comply with industry regulations and protect minors from age-restricted content and products.

However, implementing an age verification system is easier said than done. 

There are at least two important challenges to consider.

Challenge #1: Deciding on an age verification

It’s difficult for digital platforms to verify a user’s age.

For instance, most social media platforms use self-declaration as an age verification method.

Self-declaration is easy to bypass. In the absence of proper age verification, users can choose to lie about their age, which may in turn affect their experience on the platform.

Take targeted ads as an example: How can social media platforms and search engines be certain the user is above the legal age? Currently, Snapchat, Google, YouTube, Instagram, and Facebook disallow advertising toward children. This is consistent with DSA guidelines, but these platforms must be able to know with certainty whether a user is a minor or not.

To arrive at acceptable guidelines, the EU established a task force on age verification. This task force aims to foster cooperation with national authorities and identify best practices and standards in age verification while taking current initiatives into account.

Each EU member state should consider systems that are secure, privacy-preserving, and easily accessible to their citizens. Finding a unified method can seem challenging, since there are vast differences between countries in terms of technological infrastructure and digital maturity of citizens. Some countries already utilize national electronic identities (eIDs) or physical ID scanning to verify a person’s age.

However, both eIDs and physical IDs include details other than your age, which may expose more personal information than necessary. This can be seen to be against the spirit of the DSA’s ambition to ensure privacy and protection of personal data.

Challenge #2: Sharing personal information

The DSA emphasizes children’s right to online privacy. When platforms decide on age verification methods, they must consider how much data children are required to share and how to protect this data.

The challenge thus becomes effectively verifying the age of users without infringing on privacy rights. Platforms must find reliable and user-friendly methods to ensure the age of their users without forcing them to reveal too much information.

For example, it should be sufficient to know that a user is above or below the appropriate age, without having to share their identity or exact age.

A potential solution is the use of digital wallets and verifiable credentials. A digital wallet is where you store your verifiable credentials that can be used to cryptographically verify certain information about yourself.

It’s the digital equivalent of a physical wallet where you store your physical IDs.

Verifiable credentials can help protect users’ privacy in several different ways:

  • Selective disclosure allows users to only share their age and nothing else. 
  • Zero-knowledge proofs allow individuals to verify their age without having to provide it. Such a verification process would only confirm whether the person is old enough.

Conclusion

The Digital Services Act represents a significant step toward creating a safer and more transparent digital environment. By addressing issues such as age verification and child safety, the DSA promotes trust and innovation while upholding fundamental rights within the digital single market. By collaborating and adopting best practices, the EU can ensure that online platforms and digital services operate responsibly and in the best interest of all users.

With the DSA come some obvious challenges. The EU must decide on an age verification framework that can be adopted by the member states. All potential methods must be secure and easily accessible while maintaining users’ privacy.

Age verification is already used in various countries for accessing age-restricted products online. In Scandinavia, buying alcohol, tobacco, or OTC medicine online often requires a form of age verification by law.

Want to learn more about age verification? 

Here are some of our other articles on the topic:

Author
Our blog

Latest blog posts

The latest industry news, interviews, technologies, and resources.

Criipto Connect 2024: Key Takeaways and Highlights
What are the next steps for digital wallets in Europe? On November 13th, 2024, we hosted our live conference, Criipto Connect, at Bremen Teater in...
BankID BankAxept Acquires Criipto

We’re pleased to announce BankID BankAxept as the new owner of Criipto!

The Nordic market leader from Norway is acquiring Criipto to create a...

Zero-Knowledge Proofs: A Beginner's Guide

Zero-Knowledge Proofs (ZKPs) are powerful cryptographic tools with a wide range of practical applications.

In this article, we’ll provide a simple...

View all posts

Sign up for our blog

Stay up to date on industry news and insights