Outline and trial an infrastructure dedicated to the implementation of child rights and protection mechanisms in the online domain

Topic description

Scope:

The objective of the proposed pilot project is to demonstrate an interoperable technical infrastructure dedicated to the implementation of child protection mechanisms (such as age verification) and parental consent mechanisms based on relevant EU legislation such as the Audio Visual Media Services Directive (AVMSD) and General Data Protection Regulation (GDPR). Technical measures will be based on the use of electronic identification (eID) means (in particular, electronic identification schemes notified by Member States under the Regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation)).

The AVMSD requires Member States to ensure that video-sharing platform providers take measures to protect minors when using their services. Such measures include age verification systems for users of video-sharing platforms with respect to content that may impair the physical, mental or moral development of minors (Article 28b.3(f)).

The GDPR specifies the age as of which children may consent to processing in relation to information society services (Article 8(1)). When the child is below the specified age, the GDPR requires controllers to make reasonable efforts to verify that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology (Article 8(2)).

Specific objectives:

The pilot project shall:

1) Undertake a large-scale mapping of existing methods of age-verification and obtaining parental consent in the context of online child protection. This mapping should cover methods used in EU Member States, but should also cover widely-used non-EU solutions, both open-source and propriety.

The mapping should result in a comprehensive overview of existing age verification and parental consent methods, and the different age limits they aim to target. The mapping should also identify relevant good practices, including those ensuring compliance with the AVMSD and the GDPR.

2) Based on an assessment of the mapping presented to the Commission, design, implement and test an interoperable infrastructure for child online protection including in particular age-verification and obtaining parental consent of users of video-sharing platforms or other similar online services, using different approaches, including for example eID. The infrastructure shall take into consideration the relevant articles of the AVMSD and be designed in a manner compliant with the GDPR and cover a minimum of 3 EU Member States/EEA countries.

The infrastructure shall test how it is possible to:

a) perform reliable age-verification checks, to protect or block children from accessing age-inappropriate content on video-sharing platforms or other media / online services that are potentially harmful for the child and to identify cases where the GDPR requirement for parental consent applies;

b) provide reliable consent mechanisms for the holders of parental responsibilities;

c) support the cross-border age-verification of users in a manner that is respectful of data protection principles and rules;

d) ensure children’s interests and wellbeing are at the heart of the infrastructure.

It may also provide links or other access options to content dedicated to children.

In the execution of the above tasks, the pilot project should involve relevant stakeholders in the authentication and validation supply chain and take into account the work of data protection authorities on the matter.

The age-verification infrastructure will make use, among other mechanisms, of electronic identification (eID) means deployed at national level in Member States, by relying on the birth date contained in the eID.

The infrastructure will also allow the cross-border exchange of age-verification information, so that an online content provider in one Member State can use eIDs issued in another Member State to verify the age of users, by integrating the eIDAS nodes deployed in Member States based on the implementation of the eIDAS Regulation.

Expected impact:

The pilot project is expected to demonstrate an interoperable technical infrastructure for child protection, including age-verification and parental consent, which should support the implementation of the child protection mechanisms derived from the requirements in the AVMSD and the GDPR.

For more information please refer to the Call Document.