Yoti is weighing in on a recent opinion from the Information Commissioner’s Office (ICO) in the UK. The opinion specifically concerns Age Estimation technology, explaining what it does and whether or not businesses can use it to meet the age verification requirements laid out in the Age Appropriate Design Code. The Code establishes data protection rules for minors, and applies to apps, games, and other digital services that may have age restrictions.
In its response, Yoti praised the ICO for trying to inform business about age assurance technology. However, the company took issue with some of the generalizations in the report, and argued that they are overly broad, overly negative, and do not necessarily apply to Yoti’s own Age Estimation solution.
Most notably, Yoti objected to the ICO’s claim that Age Estimation technology is inaccurate, and therefore not reliable enough for commercial use. Yoti countered that its own offering determined adult ages with 98.89 percent accuracy in independent testing in 2020, and that the solution has already been used to perform more than 500 million age checks in real-world situations. For example, age estimation technology can be used as proof of age when people are purchasing age restricted goods either online or in-person.
Yoti also raised concerns about the ICO’s muddy definition of biometrics, at least as it relates to Age Estimation. The ICO acknowledged that an Age Estimation system is not inherently a biometric one, insofar as a biometric system is strictly defined as a system that can be used to positively identify an individual.
However, Yoti believes that the ICO could have provided more clarity about how a face-based age estimation system differs from a true facial recognition system. The company offered its own Age Estimation system as an example, noting that it deletes each image as soon as it has been processed. More to the point, the system can only determine someone’s age, and cannot figure out that person’s name or any other identifying characteristics. As a result, Yoti’s system is fundamentally different from a biometric system that links a name to an image of a face.
Yoti went on to argue that the ICO opinion should have made those distinctions clearer, since it would help businesses make an informed decision when evaluating age estimation systems. The company also stressed that Yoti Age Estimation is compliant with the latest GDPR regulations, while its Age Portal allows businesses to obtain a user’s consent before getting an estimate. With that in mind, businesses can be confident that they are meeting their legal obligations when they use the platform. Yoti itself recently stated that online businesses need to update their age verification practices to comply with stricter proof of age requirements.