Italy proposes age verification and digital identities for accessing social media
EDRi member Hermes Center sheds light on the current case against TikTok in Italy, where three solutions are circulating on how to make sure that children will not access certain online contents unless supervised by their guardians.
Designed by: @rawpixel.com/Freepik
On 22 January 2021, the Italian Data Protection Authority (DPA) ordered TikTok to stop processing the personal data of users whose age couldn’t be exactly verified by the company. The decision comes after a 10-year-old child allegedly died after taking part in a challenge on TikTok. Although it is still not clear if the death is in fact linked to the platform, the DPA decision sparked an intense debate on technical proposals to find solutions to an age-old problem: how to make sure that children will not access certain online contents unless supervised by their guardians.
Currently, three main solutions have been proposed in Italy: one is focused on using AI profiling to identify children, and the other two make use of the national eID, called System for Public Digital Identity (SPID). Currently, people can use SPID to access online services provided by the public administration.
Unexpectedly, the first one is proposed by one of the members of the board of the Italian DPA, Guido Scorza. According to an interview, Scorza proposes that TikTok should only use data that it already has and “could use this artificial intelligence, that it already employs to profile users, also to prevent access to children.” This is a solution that TikTok has already committed to further evaluate, according to the answer that the company sent to the Italian DPA.
The second solution requires parents to enable their children to have a particular SPID under their management. It was proposed by the then-Minister of Innovation, Paola Pisano. In this way, all users would access social networks via SPID. If identified as a child, the digital identity provider would only share the date of birth of the user with the company. The Ministry of Innovation has said that they have been working on this solution for months and, reportedly, the Italian DPA is currently checking the feasibility and privacy aspects of it.
In the third solution, the child receives a temporary password (a token) that the parent creates with his/her SPID. The platform would not have control over this data and in this way, there would be no sharing of private information: the digital identity provider would not give out any personal details regarding children’s identity, only proof of not being underage. This method should apply also to all the other users.
What next?
At the moment, due to the formation of the new Italian government, it’s not clear if either of these 3 solutions will ever become reality. However, age verification and digital identity will definitely be at the forefront of the European debate. As is already the case: the European Directorate-General for Communications Networks, Content and Technology (DG Connect) launched in May 2020 a call for a pilot project whose objectives are to map “existing methods of age-verification and obtaining parental consent in the context of online child protection” and to “commission, design, implement and test an interoperable infrastructure for child online protection including in particular age-verification and obtaining parental consent of users of video-sharing platforms or other similar online services, using different approaches, including for example eID.” According to the project page, the project should have already started in January 2021.
Setting up a direct channel between social media and digital identity providers, albeit only for age verification, risks opening the opportunity for demanding everyone to use their real identity to access the internet. In fact, the call to forbid online anonymity in order to curb hate speech or online disinformation periodically resurfaces in Italy.