Gone are the days when a simple “are you over 18?” checkbox would suffice to comply with age verification due diligence. This is particularly worrying given that, according to one study conducted by OLX, 60% of parents admit that they do not monitor what their children do online. Realizing how unrealistic it is to rely on parental oversight of children’s internet use, many countries have stepped up efforts to apply new legal pressures on providers of online services and products such as cannabis, alcohol, e-cigarettes, gaming, and dating. In fact, one survey (Society for Prevention Research, 2018) found that 75% of legal online marijuana dispensaries in the United States do not include any form of age verification. Researchers found that even when sellers do include verification, it often consists of a simple checkbox. In this article, we will explore some trends in the legal KYC landscape and what age-restricted services can do to navigate safely. Verifying the challenges of the KYC process In a joint study cited by Forbes in 2021, Johns Hopkins and Boston universities found that underage drinkers accounted for $17.5 billion or 8.6% of alcoholic beverages sold in the United States during 2016. Fast-forward to today, and you can bet that figure is significantly higher. In the post-pandemic era, online alcohol sales can also be counted on to account for a significant proportion of illegitimate sales to minors. And it’s not just age-restricted substances that are being put under a stricter legal lock. According to a recent NY Times article, in Japan, a document proving age is required to use the dating app Tinder. In Germany and France, new laws require pornography websites to check the age of visitors. For age-restricted products and services, the penalties, and consequences of not covering the new KYC loopholes can be endless. The data clearly shows that companies are responding to regulations. An Oxford Internet Institute report by Nash and colleagues shows that, in the case of social gaming, the lack of age verification procedures is certainly a reflection of the absence of regulatory requirements in this area. In contrast, where standards exist, and their enforcement is effective, the uptake of age verification is high. This is not surprising considering the costs, both in terms of potential fines and other sanctions, and the high risk of reputational damage for companies that do not comply with best practice requirements. Let us examine some changing legal trends that are subjecting the KYC process to increased pressure and scrutiny. The age verification policy landscape When people think of age verification, they typically think of adult-only products and services. That narrow definition is broadening, and for good reason. In the past, underage consumers had to physically be on the premises of a business to try to access it. Today, everything can be ordered online, and so the “gateway” protecting underage consumers must be at the digital entry point. Should a child be able to open an account on a marketplace or financial service? What about ridesharing? Social networks are full of adult content – what is the point of limiting minors’ access to content when they can access it through multi-sharing? Will legislators go so far as to require age verification in every instance of content sharing? Each country must decide where to draw the line and how to implement and regulate minors’ access to content, products, and services. The trend is clear: the need for autonomous age verification is growing. New laws protecting underage consumers worldwide
- US federal law sets the legal age for purchasing alcohol and tobacco at 21.
- In the European Union, a new law requires video and audio services to protect underage consumers, and age verification of users is becoming commonplace. YouTube currently checks the age of users within the EU by asking for their ID or credit card details.
- A recently passed law in the UK, called the Children’s Code, is influencing the way other nations approach the protection of minors online. An interesting guideline in the Children’s Code requires websites and apps to apply the highest possible privacy settings for minors by default. In addition, digital services may only collect “as little information as possible”. Some wording of the UK legislation is intentionally vague and only time will tell how the law is applied.