Jump to main content keyboard shortcut 2 Jump to navigation menu keyboard shortcut 1 Jump to search keyboard shortcut 5


Published 22.05.24

Oh how good that nobody knows … Anonymity and Age Assurance on the Internet

Jutta Croll & Torsten Krause, SDC

Anonymity is a premium value that the German government has also enshrined in the coalition agreement for the use of digital services. As in the physical world, it should also be possible to search for information, communicate with other anonymous people, express an opinion, or purchase products online without revealing one’s identity. If age verification is required in the shop or at the cinema box an ID document can be presented. A quick glance at the date of birth and a comparison of the photo with the person presenting it is then sufficient; no data is stored. The situation is different in online services: Here, the use of an ID card is generally accompanied by the risk of a breach of anonymity. If a scan is transmitted or an ID card is shown digitally, all discernible personal data can be read and potentially stored. Moreover, it is not always possible to check whether the person presenting the ID actually matches the person named on the document. This is why the certification of age verification procedures, as provided for in Section 5 of the Interstate Treaty on the Protection of Minors in the Media (JMStV) to prevent children and young people from accessing content that is harmful to their development, is subject to strict requirements.

However, age assessment is not only an issue of youth media protection, but also an instrument in many areas of life for granting age-related benefits or taking precautionary measures, such as those provided for in Section 24a of the German Youth Protection Act. At the first Global Age Assurance Standards Summit (GAASS) from 8 to 12 April in Manchester, more than 600 experts discussed the potential of different methods of age assessment both on site and online. These methods can essentially be categorised into two groups. Age can be verified using official documents such as an ID card or driving licence. In addition to the critical aspects of anonymity and data minimisation mentioned above, such processes may exclude people who are not in possession of such a document. In this context, the CitizenCard from the United Kingdom was presented as an exemplary solution. Here, trustees such as teachers, doctors or social workers vouch for the accuracy of the information to be documented. Thus, people who cannot prove their details officially, e.g. by means of certificates, are given access to a verifying document.

In both digital and analogue environments, however, procedures are increasingly being used to determine the age of users based on biometric characteristics. In most cases, the face of the person who wants to access a service or product in the online or offline world is measured and compared with extensive databases in order to estimate their age. Other characteristics, such as voice, are sometimes processed to determine age. Corresponding methods, such as those from Yoti or Privately, were presented at the GAASS in Manchester. In addition to possible reservations on the part of users regarding their data being processed, providers are faced with the challenge of improving the precision of their services. Test runs and practical applications sometimes lead to results that do not correspond to reality. In addition, further inaccuracies can occur depending on the region of origin and the skin colour. The existing systems therefore work with tolerances that can currently lead to an older person having to verify their age with a document, for example, if the system cannot determine their age precisely enough.

In addition to the methods mentioned above, age verification systems are also currently being developed that use a neutral service provider for digital proof of age, which builds up the necessary large sets of personal data. The service provider creates a proof of age for users, which they then transmit in encrypted form to the online service to be used. The service provider does not find out which service the proof of age is for and the person remains anonymous to the online service to be used (double blindness). Such an offer was presented in Manchester by Opale.

In the knowledge of what has already been achieved and the existing challenges, the experts at GAASS agreed on a final communiqué, which formulates the requirements and potential of age verification procedures as follows:

„If deployed proportionately and effectively Age Assurance represents an opportunity to enhance the fundamental rights of children in a digital age, in addition to protection the anonymity and the freedoms of adults to enjoy online goods, content and services.“

The prerequisite for this is the definition of and compliance with international standards for age assessment procedures. The following four guiding principles were formulated at the summit as a basis for standardisation:

  1. Age Assurance should be based on the rights and best interest of the individual
  2. Age Assurance systems should be based on the principle of data minimization
  3. Age Assurance systems should be based on the principle of transparency and accountability
  4. Age Assurance should be based on the principle of cooperation and participation
Jutta Croll & Ann Skelton

Jutta Croll handed over a copy of the communiqué, which is also based on General Comment No. 25 on the rights of the child in the digital environment, to the Chair of the UN Committee on the Rights of the Child, Ann Skelton, during her visit to Berlin at the end of April.

Against the backdrop of the requirements of the Youth Protection Act and the Digital Services Act to offer their users age-appropriate precautionary and protective measures, the German Government has also pursued the issue of age verification for several months. In doing so, it is guided by the principle of data minimisation, preserving the anonymity and personal rights of users as well as the practicability of the process and is thus in line with the communiqué now adopted in Manchester. On 15 May, Parliamentary State Secretary Sven Lehmann presented the current state of work of the Federal Ministry for Family Affairs (starts at 01:15:50) to the relevant expert committee of the German Bundestag. According to this, users of a high-risk service should be asked by the service to prove that they belong to an age cohort by means of verification when opening or updating an account. For this purpose, the service provider automatically provides the user with a random number that subsequently allows the correct assignment of the proof to the appropriate account without gaining knowledge of the user’s identity. The random number is transmitted to a body authorised for verification, which in turn only confirms belonging to an age cohort on the basis of the data it has already stored, without learning for which online service the proof is being used. The previously transmitted random number is provided with proof of the age cohort and an authorising signature, encrypted and then forwarded to the online service provider by the user. The service provider uses the random number to recognise the assignment to the selected account and the signature to confirm that an authorised body has confirmed that the user belongs to the specified age cohort. On this basis, the service provider can offer users of its service age-appropriate settings and options; the service does not know which organisation has generated the verification.

Parliamentary State Secretary Sven Lehmann referred to the conformity with existing procedures certified by the KJM for proving the age of majority and, with a view to minimising the collection of new data, named registration authorities, banks, and the school administration as examples of bodies that already have the necessary personal data.

In order to determine the practicability and user-friendliness of the process described, the Federal Ministry for Family Affairs, in consultation with other relevant Government departments, issued a tender for the development of a demonstrator in spring 2024 and subsequently commissioned the Fraunhofer Institute for Secure Information Technology SIT. The focus is on demonstrating that the procedure described above is fit for purpose to fulfil the requirements of anonymity and data minimisation. At the same time, the German government also intends to introduce this model into the European discourse. A procedure based on international standardisation should be sought both for future users and for globally operating service providers.

The seemingly irresolvable contradiction between anonymity and age verification procedures and the associated controversies could - if the demonstrator currently being developed on behalf of the German government proves its potential - soon be a thing of the past. After all, if providers know which age cohorts their users belong to, this will enable the anonymous, age-appropriate provision of online services and products. And the Internet community can still happily proclaim with Rumpelstiltskin: "Oh, how good that nobody knows who I am and what my name is".