Joint Statement on Children’s Data Protection

At the end of October 2024, the Access to Public Information Agency (AAIP) and five other data protection authorities worldwide issued a joint statement establishing standard principles for online service providers to verify the age of their users and tailor the user experience accordingly.

Before addressing the principles, the joint statement defines age verification as the process of establishing, determining, and/or confirming either an age or an age range of a natural person. Age verification can be used to protect people—and, particularly, children—from harms arising from the processing of their personal information online, and ensure this information is not used to serve children content they should not be accessing due to their age.

Some of the most relevant principles established in the statement are:

1. Age verification must always be implemented in compliance with data protection requirements, on a risk-based and proportionate way, to reduce the risk of harm to users, particularly to children.
2. Any age verification system implemented should be in the overriding interest of the child, while guaranteeing all users' fundamental right to access information through the internet.
3. Providers should establish with reasonable certainty whether children are likely to access their platform or website. When a website is inappropriate or unlawful for children, providers should focus on deploying effective means of age verification to prevent children from accessing the site.
4. Providers should be aware that where there is a high data protection risk to users, then relying upon self-declaration alone as a method of age verification is unlikely to be appropriate as the method can be too easily circumvented.
5. While age verification is one potential technical solution, it is not the only tool available to protect children online. Parental filters on devices, public education, and awareness campaigns, or applying data protection by design and default principles can potentially, together with age verification methods, play an important role in protecting children online.