The Information Commissioner’s Office (ICO) has once again urged that more needs to be done to ensure that online service providers implement effective age assurance measures.

The call came as the ICO reported on the lack of progress being made by platforms to review and strengthen their age assurance measures, despite being prompted to do so. The ICO notes that it does “not yet have confidence that appropriate measures are being put in place, and we are concerned that underage children’s data is still being processed on platforms they should not be on or able to access”.

The ICO also adds that unless progress is made – soon – it is ready to use the full range of its regulatory powers, including formal investigations and sanctions, warning that “Our message to platforms is simple – modern technology is at your fingertips. If you determine that your service is only suitable for children over a certain age, you must have effective age assurance measures in place”.

The importance of effective age assurance measures is a theme that emerges from the ICO’s response to the Government’s consultation on keeping children safe online (discussed here), which has been published.

Whilst it doesn’t take a view on the wisdom of banning social media outright, or on limits being placed on certain functionalities, the ICO is clear that for any restrictions to be effective, they must be accompanied by robust age assurance requirements. In its view, that means the Government setting clear standards for age assurance that “maintain regulatory coherence across both the data protection and online safety regimes”, and considering whether to develop and mandate certification systems for age assurance providers.

The ICO’s response also pours cold water on proposals to raise the age of digital consent, arguing that it would deliver only limited benefits. In particular, it notes that such a change would have no effect on online services that rely on lawful bases other than consent (such as legitimate interests) when processing personal data.

Beyond the immediate issue of children’s online safety, the ICO also uses its response to advocate for wider reforms to the regulatory framework. For example, it argues for changes to the courts and appeals process to shorten the time it takes to obtain important judgments, such as following the approach taken for other regulators, whereby appeals against enforcement or monetary penalty notices begin in the Upper Tribunal rather than the First-tier Tribunal.

To read more, click here.