• home
• about us
  • About Shoosmiths
  • Diversity
  • Our culture
  • Office Information
  • Facts & Figures
  • Corporate responsibility
  • Way we work with clients
• services
  • Services for business
  • Services for you
  • Services A to Z
  • Services for your industry
• news & events
  • Press releases
  • Legal updates
  • Events
  • RSS feeds / twitter
  • Media contact information
• careers
  • Professional recruitment
  • Graduate recruitment
• contact us
  • People search
  • Office information
  • Contact us

Home | News & events | Legal updates | 'Can I see some ID?' Why age verification is a hot topic for online retailers (Part 2)

'Can I see some ID?' Why age verification is a hot topic for online retailers (Part 2)

02 July 2009

In Part 2 of legal assistant Tricia Pearson's look at how children can be protected in the virtual world, she examines 'super databases', biometric verification, and what it all means for online retailers.

Other ways to protect children on the internet

Network level restrictions are often mentioned when considering restricting access to websites. 

These are blocks on sites deemed unsuitable, and which are implemented unilaterally at a national level, by internet service providers.

China and Saudi Arabia both use network level restrictions, but the idea has received, at best, a lukewarm response in the UK.

What is inappropriate or restricted for a seven-year-old is not the same as for a 15 or a 50-year-old. Neither is it foolproof, and can be circumvented by the likes of proxy websites.

Self-regulation is likely to be a preferable alternative to enforced regulation for most website owners. 

In the UK, one collaborative initiative - the Children's Privacy Protection Network - was set up by a number of commercial organisations with the aim of limiting children's access to inappropriate or age restricted websites. As a voluntary collaboration, however, the network has little influence outside its members. 

In all cases - whether retailers are self-regulated or regulated by legislation - the two biggest challenges are that there is ultimately very little that can be done to police international hosts and websites providers, and it is clearly much harder to stop children pretending to be someone older than themselves.

The question then becomes one of parental responsibility. Parents have a desire and a duty to protect their children in both the real and virtual worlds, even if they feel better equipped in one than the other.

Parents have a range of technical tools at their disposal that can help stop underage children making illegal purchases or viewing inappropriate content in the first place.

Parental control software, whether purchased separately or provided by site owners, can ‘whitelist' acceptable sites, apply content filters to restrict the type of sites available to children, monitor internet usage, or manage lists of the specific people or sites children are allowed to access.

Additionally, software is available for parents to limit the time a particular programme is allowed to run, or the time a child spends on a particular site. 

Another way to avoid inadvertent access by children to age-restricted websites or content, is to utilise the safe search option offered by most search engines, which let parents choose the search engine's safety rating.

A strict or high setting will filter out all sites that may contain inappropriate material, while a low setting often only stops access to sites that are blatantly inappropriate, for example by not allowing access to sites that would usually appear in a search using words clearly aimed at reaching inappropriate sites.

Advent of the ‘super database'?

For retailers and users alike, a bigger risk associated with age verification services is the potential to create ‘super databases' of personal information, at both the verification company's premises and at the retailer's.

The Information Commissioner has already expressed concern over the extensive and, in some cases, intrusive collation, storage and processing of personal information already faced by individuals, and these ‘super databases' mean our personal information becomes even more vulnerable to loss or unauthorised use. 

Where children's data is involved, the Commissioner's practice note of June 2007 felt that even stronger safeguards must be in place before processing information collected from children will be deemed fair.

This is because children generally do not always appreciate the effects of giving personal information to third parties. Furthermore, if a child is asked to provide personal information, parental consent is required, unless the person asking for the data is satisfied that the child can clearly understand and appreciate the immediate or future consequences of them providing their personal data.

The key issue is that the Data Protection Act 1998 requires individuals who give their information to third parties to provide informed consent to the ways in which the third party intended to use it. It is probably difficult to argue that a nine-year-old had clearly understood the content or effect of the types of privacy that are standard on most websites.

Biometric verification

Sadly, all this leads to the inevitable conclusion for retailers - and parents - that the only ‘foolproof' ways in which both age and identity can be verified would be the creation of a massive database containing individual, independently verifiable age information, together with biometric identification, such as a ‘plug and play' thumb print scanner.

This is potentially unpleasant, intrusive and - compared to the risks involved in underage sales -   excessive, but is an increasingly obvious possibility following the introduction of biometric passports and identity cards.

What does it mean for online retailers?

It is still the case that retailers - whether online or real world - cannot sell age-restricted goods and services to children.

For other retailers, there is no issue. So there is no need to panic...at least not yet.

Retailers of age restricted goods and services need to continue to consider the commercial risks and realities facing their businesses.

Although enforcement of the current legislation against online retailers is poor, the time is ripe for local authority enforcement campaigns, particularly against well known and well financed online retailers.

Putting due diligence procedures in place and then testing them regularly can be a helpful defence or mitigation when faced with a threatened prosecution for selling age-restricted products and services.

Finally, data protection breaches remain a material risk for all online retailers, with the potential for significant fines and costs to rectify breaches.

Secure storage of data and proper destruction of personal information is crucial. Online retailers choosing to use the services of age verification companies should ensure contractual protection against breaches of the Data Protection Act form a key part of the agreement.

Further legislation is not a silver bullet.

Better enforcement of existing laws coupled with knowledgeable parental supervision is the best way to limit children's access to illegal or age-restricted products.

© Shoosmiths. This page is for general information: it is not legal advice. Please read our full terms and conditions for details of the disclaimers and exclusions which apply.

---

Are any of the issues in this article giving you a headache? If so, we want to know

Name *
Email *
Telephone
Comments*
The information you provide here will be used solely for the purposes of responding to your query for more information see our privacy policy.

 

Search the site

Enter the keywords below to search:

Get in touch

Tricia Pearson

Legal Assistant
T: 03700 86 8415
I: +44 (0)1908 48 8415
E: tricia.pearson@shoosmiths.co.uk