Neil Brown

The ICO and Ofcom have now published the anticipated "Joint statement from ICO and Ofcom on age assurance"

https://ico.org.uk/media2/5ybpmabf/ofcom-ico-joint-statement.pdf

This is quite important, since both regulators seem to want a piece of the online safety pie.

#OnlineSafetyAct

Mar 25 at 2:52pmWeb
Show thread[384992] Ellie Winters   1d ago

@neil havent even opened the document yet and i feel like this is going to be horrible

time to localsend this to my tablet to view

Show thread[384992] Ellie Winters   1d ago
@neil also im curious where they getting the idea the data protection laws (gdpr) require age verification for enforcing minimum age limits, but i could just be slow too
Show threadNeil Brown1d ago
@ElliesSurviving If I understand your question correctly, I think the answer is that, in the ICO's view, the controller might lack a lawful basis for processing the personal data of children and so must not engage in such processing, meaning they must do age verification to stop that processing activity.
Show thread[384992] Ellie Winters   1d ago
@neil yeah but for the longest time self deceleration of age was just fine for this, and the law hasnt been updated since to elaborate saying they needed full on age verification, it just feels like the ICO are saying things for the sake of it
Show threadNeil Brown1d ago

@ElliesSurviving

My personal feeling is that the ICO is, currently, quite a publicity-hungry organisation, and that there are headlines to be grabbed in terms of online safety and child protection.

There might be more to it than that, but I think that that much is there.

Show threadReg1d ago

@neil

This would suggest that the only data that service providers have the right to retain is a simple boolean value to indicate that the user has attained the minimum required age.

I can't see this being the way that age verification is implemented.

Show threadMatija Å uklje21h ago

@ReggieHere, AFAIK, that is how the EU proposed solution should work. But I have second-to-third-hand info on that, so please take it with a pinch of salt.

That said, even then, it needs something to prevent spamming the question "are you 18 yet" every day until you get a "yes" and therefore know the exact birthday. (again, I don't know if the EU proposal already covers that issue)

@neil

Show threadReg9h ago

@hook

Good point. I'm not sure that I entirely trust companies to only keep a boolean when their own interests are best served by positive ID.

@neil

Show threadLorna Woods1d ago
@neil Presumably an example of the DRCF at work?
Show threadPaul_IPv61d ago

@neil

i am still mystified by govt agencies that *want* to play with the nuclear waste that is online safety...

it reminds me of the US army corp of engineers tables that detailed what level of effectiveness soldiers would have with various levels of exposure to radiation before they succumbed to the effects.

there is no "win" here. just how much damage is done before that next futile attempt dies.

Show threadAndriy Utkin21h ago

@neil thanks for the heads-up, Neil.
It's mind-boggling how they keep parroting about "methods of age verification capable of being highly effective", apparently without even thinking for a minute how little it takes to circumvent each on their list (while a bunch of independent security research and penetration testing projects would be in order to do this properly).

Neil, would you consider giving a talk at @emf and composing an open community letter? Sure we can make it a big wave.

Show threadNeil Brown21h ago
@autkin @emf I am not at EMF camp, I'm afraid.