.svg)
Implementing the best methods to verify user age and obtain parental consent can be complex. Many existing solutions fall short, either compromising user privacy or delivering inconsistent results. However, businesses that fail to address this challenge risk legal penalties, reputational damage, and loss of consumer trust.
On January 17, 2025, the Federal Trade Commission (FTC) of the US announced a groundbreaking settlement with the developers of the popular game Genshin Impact. As part of this ruling, the company must pay a $20 million fine and is now prohibited from selling lootboxes to children under 16 without parental consent.
While the ruling specifically targeted lootbox mechanics in gaming, its implications extend to any business offering digital services or products. Companies across e-commerce, social media, content platforms, and digital services must now carefully consider how they verify user age and obtain parental consent.
Similar rulings in the U.S. and the European Union have already set the stage for stricter enforcement of age assurance and parental consent requirements across industries: Epic Games' $520 million FTC settlement in 2022 over Fortnite's privacy violations and dark patterns, Meta's €390 million fine by Irish regulators in 2023 for GDPR violations related to underage users, and TikTok's multiple penalties across jurisdictions.
These regulatory penalties signal a clear shift in expectations: companies must implement robust age assurance systems to protect young users and comply with evolving digital privacy standards. Inadequate age assurance measures can result in significant financial penalties and operational restrictions. Therefore, the key question facing executives is no longer whether to implement age assurance, but how to do so effectively while maintaining user experience and privacy standards.
What is the best approach for Age Assurance?
But what can be considered robust and adequate age assurance? Most recently, the UK's Ofcom has published its long awaited guidance on age assurance. Significantly, Ofcom has declared traditional methods such as self-declaration of age, general payment methods, and terms and conditions as "not capable of being highly effective" – putting companies relying on these outdated approaches at risk. Instead, among a few other alternatives, Ofcom explicitly endorses facial age estimation technology as "capable of being highly effective" at determining whether a user is a child.
Meeting Compliance Through Privately’s Advanced Age Estimation Technology
Privately’s privacy-first age estimation technology stands out as the most appropriate solution, particularly when dealing with potentially underage users:
- Immediate verification without exposing sensitive data: Unlike credit card checks or photo ID matching, users don't need to share any personal or financial information that could be compromised.
- No dependence on documentation: Many young teens may not have photo IDs or bank accounts, making traditional verification methods inaccessible.
- Protection against identity borrowing: While teens might borrow a parent's credit card or mobile phone, facial age estimation provides real-time verification of the actual user.
- Frictionless user experience: No need to interrupt parents at work to verify bank details or provide documentation - the verification happens in seconds.
- Continuous verification capability: Unlike one-time checks through mobile networks or credit cards, facial age estimation can be reconfirmed as needed to prevent account sharing between an adult and a child.
At Privately, we specialize in cutting-edge age estimation technology that helps businesses comply with regulatory requirements while safeguarding user privacy. Our FaceAssure product is:
- Privacy-Preserving: Designed with advanced encryption and data minimization principles, ensuring user data is protected at every step. No photos or videos of users are ever sent to servers, as all sensitive data processing happens on users’ devices. It is UK-GDPR certified.
- Highly Accurate: Our technology has been independently verified to achieve an EAL-3 certification, with a mean age error of 1.02 years. This makes it one of the most reliable solutions for businesses seeking to protect young users while maintaining regulatory compliance.
By integrating our solution, businesses can not only meet FTC and similar regulatory requirements, but also demonstrate their commitment to creating a safer online environment for children.
The Time to Act is Now
With regulatory bodies increasingly focused on digital age assurance, proactive implementation of robust solutions has become a business imperative. The FTC's recent action demonstrates that the cost of non-compliance far exceeds the investment in proper age assurance technology.
Don't wait for regulatory action to protect your business and your users. Contact Privately today to schedule a demonstration of our privacy-preserving age estimation solution.
