LOS ANGELES — The age verification regulator for the U.K.’s Digital Economy Act, the British Board of Film Classification (BBFC), has advised age verification providers that they will not be certified under the Age Verification Certificate (AVC) if they use a digital wallet in their solution.
According to the BBFC, the AVC is a voluntary, non-statutory scheme that has been designed specifically to ensure age verification providers maintain high standards of privacy and data security. The AVC will ensure data minimization and that there is no handover of personal information used to verify an individual is over 18 between certified age verification providers and commercial pornography services.
The only data that should be shared between a certified AV provider and an adult website is a token or flag indicating that the consumer has either passed or failed age verification.
“A consumer should be able to consider that their engagement with an age verification provider is something temporary,” said BBFC Policy Director Murray Perkins. “In order to preserve consumer confidence in age verification and the AVC, it was not considered appropriate to allow certified AV providers to offer other services to consumers, for example by way of marketing or by the creation of a digital wallet.”
“The AVC is necessarily robust in order to allow consumers a high level of confidence in the age verification solutions they choose to use,” Perkins added.
Accredited providers will be indicated by the BBFC’s green “AV” symbol, which is what consumers should look out for. Details of the independent assessment will also be published on the BBFC’s age verification website, AgeVerificationRegulator.com so that consumers can make an informed choice between age verification providers.
The standard for the AVC imposes limits on the use of data collected for the purpose of age verification and sets out requirements for data minimization.
The AVC Standard has been developed by the BBFC and NCC Group, experts in cybersecurity and data protection, in cooperation with industry, with the support of the government, including the National Cyber Security Centre and chief scientific advisers, and in consultation with the Information Commissioner’s Office.
In order to be certified, AV providers will undergo an on-site audit as well as a penetration test.
Further announcements will be made regarding AV providers’ certification ahead of the July 15 enforcement date.
For more information, click here.
