Back to Blog
LegalTech & IA

Age Verification: The ICO's Bold Move to Make the Internet Safe for Kids (Without Creeping Them Out)

NakedPact Editorial Committee
Reviewer: Carmelo G.
Comitato Editoriale NakedPact
July 2, 2026
10 min read
Age Verification: The ICO's Bold Move to Make the Internet Safe for Kids (Without Creeping Them Out)

What Did the ICO Just Announce?

The UK's Information Commissioner's Office (ICO) has published a statement on age verification, committing to making the internet a safer, more privacy-respecting place for children. The guidance explains how organizations can implement age assurance systems that comply with the GDPR and the Data Protection Act 2018. In short: they want to verify age without turning the web into a surveillance state.

Featured Snippet Bait: The ICO's new guidance requires age verification to be proportionate, privacy-friendly, and not overly intrusive. Organizations must use the least data necessary to confirm age, and cannot use age verification as an excuse to collect extra personal data for profiling or advertising.

Why Age Verification Matters (and Why It's Tricky)

Let's be honest: age verification online is about as fun as reading the Terms and Conditions of a social media app. But it's crucial. Kids are exposed to adult content, gambling, and data-hungry platforms daily. The ICO wants to fix that without making everyone feel like they're applying for a mortgage every time they visit a website.

The challenge? Balancing safety with privacy. No one wants to upload their passport just to watch a YouTube video. The ICO's guidance pushes for solutions like estimation (e.g., AI guessing your age from your face) or third-party vouching, rather than hard ID checks.

What the Guidance Actually Says

Proportionality is Key

Organizations must use the least intrusive method possible. If you're a gaming site, you might only need to know if someone is over 13, not their exact birth date. The ICO warns against collecting excessive data 'just in case'.

Privacy by Design

Age verification systems must be built with privacy in mind from the start. That means data minimization, encryption, and no sharing with third parties without consent. The ICO also says organizations should consider using anonymized or pseudonymized data.

Transparency

Users must be told exactly what data is collected, why, and how long it's kept. No hidden clauses. The ICO suggests using clear, child-friendly language for younger users.

What This Means for You

If you run a website or app that might attract under-18s, you need to review your age verification methods. The ICO can fine you for non-compliance. For users, expect to see more age gates, but hopefully ones that don't ask for your life story.

For parents, this is a win. The ICO is essentially saying: 'We want kids to be safe, but we also want them to have privacy.' It's a delicate balance, but the guidance provides a roadmap.

The Bottom Line

The ICO's statement is a step toward a safer internet that respects privacy. It's not perfect, but it's a start. If you're implementing age verification, follow the principles: use the least data, be transparent, and design for privacy. And if you're a user, keep an eye on those privacy notices – they might actually start making sense.

For more details, read the full ICO statement here.

FAQ

Is age verification required by law in the UK?

Yes, under the Age Appropriate Design Code (Children's Code) and the Data Protection Act 2018, organizations must take reasonable steps to verify age if they process children's data. The ICO's guidance clarifies how to do this lawfully.

Can age verification be done without collecting personal data?

Yes. The ICO encourages methods like age estimation (e.g., AI analysis of facial features) or using third-party age verification services that don't share your data with the website. The goal is to minimize data collection.

What happens if a company doesn't comply?

The ICO can issue fines up to £17.5 million or 4% of annual global turnover, whichever is higher. They can also issue enforcement notices requiring changes to practices.

📊 Age Verification Methods: Privacy vs. Accuracy

How do common methods stack up? (Higher is better)

Hard ID (e.g., passport)Accuracy: 10/10
Privacy: 2/10
Credit Card CheckAccuracy: 8/10
Privacy: 4/10
Age Estimation (AI)Accuracy: 7/10
Privacy: 9/10
Self-DeclarationAccuracy: 3/10
Privacy: 10/10

Checklist for Compliance:

  • Use least intrusive method
  • Minimize data collection
  • Be transparent with users
  • Implement privacy by design
  • Don't share data without consent
NakedPact Logo

NakedPact Editorial Committee

Article created by the NakedPact editorial team. Our mission is to analyze, simplify, and expose unfair terms and hidden risks in everyday contracts to protect citizens and consumers.

Do you own a website?

Do you own a website?

Want to communicate your data processing transparency to your users? Dynamically use our badge and showcase your platform's compliance.

🛡️ Protect your rights with one click

Don't risk signing abusive clauses. Install the free NakedPact extension for Chrome or Firefox and instantly analyze any contract on the web.

Don't trust, verify.

Now that you know the risks, don't sign blindly. Upload your contract to NakedPact and let AI find the hidden clauses for you. It's 100% free.

Analyze Your Contract Now

Rispettiamo la tua privacy

Usiamo i cookie per migliorare la tua esperienza e personalizzare gli annunci. Scopri di più.

NakedPact Logo

Estensione Chrome

Analizza i contratti e i Termini di Servizio direttamente sul tuo browser con l'estensione NakedPact.