Age Assurance – Policy Note

The appropriate role for, and use of, age assurance is a hotly debated topic. On the one hand, it is generally recognized that some measures are needed to reduce the potential harms experienced by children online – and that age assurance can play a key role in advancing this goal. On the other hand, concerns have been expressed about age assurance introducing privacy harms, including potential requirements for individuals to divulge sensitive personal information to get access to information or online services.

The Office of the Privacy Commissioner of Canada (OPC)’s guidance documents on age assurance set out the ways in which the goal of creating a safer and more appropriate online experience for children can be advanced while mitigating potential adverse impacts on privacy.

1. OPC Positions on Age Assurance

The OPC takes the following positions on age assurance, including its development and use:

Overall: Age assurance can be a valuable mechanism toward the goal of creating a safer, more privacy-protective online experience for children. This goal can and must be advanced without creating an undue impact on privacy rights.
Age assurance is one tool among many: Age assurance is a mechanism to be used in appropriate circumstances. Complementary or alternative means of advancing the goal of a safer, more privacy-protective online experience for youth should also be considered or adopted. These could include education campaigns about safe use of online services, or privacy-by-design measures that do not require age differentiation (as all individuals are given adequate protection).
Neither age verification, estimation nor inference^{Footnote 1} are inherently more (or less) privacy-protective: The privacy impacts of an age assurance system will depend on its design and use. For example, the nature and extent of information collected during an age verification process could pose greater privacy risks than that collected during an age estimation process, or vice versa. As well, based on the work of groups such as the UK’s communications regulator (OfCom)^{Footnote 2} and the Australian Age Assurance Tech Trial^{Footnote 3}, we accept that it is possible for age verification, age estimation, or age inference to be implemented in a way that is highly effective (a key consideration with respect to the appropriateness and proportionality of any collection of personal information).

2. Privacy Considerations for Age Assurance

It is well-established that some content and online services are potentially harmful to children, as are some collections and uses of personal information on websites and online services. However, there is also significant social benefit to be had from individuals being able to access information and services online without encountering barriers, and particularly without being tracked or identifiable. Innovation in the space of online child protection – including the adoption or mandating of age assurance systems – must prioritize privacy to ensure that any benefits are not offset by disproportionate harms.

In our opinion, the following are the more significant potential privacy risks associated with age assurance. These risks are not inherent to the use of age assurance, and with our guidance, we have sought to identify key mitigation strategies.

Breach of information used in the age assurance process: Most forms of age assurance rely on the collection of personal information. This could include government-issued identification, facial images, or other potentially sensitive information. Without appropriate safeguards and limits on retention, there is a risk that this information could be breached – particularly given that such information could be a high-value target for attackers.
Tracking or profiling an individual’s online activities: Improperly designed, an age assurance system could allow an organization to learn information about an individual’s online activities across one or multiple websites or online services. Moreover, given the nature of the content typically subject to age restrictions, such tracking could allow organizations to infer sensitive information about an individual, such as their sexual preferences or orientation.
Disproportionate collection of personal information: Currently, many websites and online services do not require users to provide personal information to access content. Age assurance – particularly where its use is mandated – risks creating a situation in which organizations may be required to collect more information about all users, even where potential harms may be low.
Unequal collection of personal information or access restrictions: There is significant risk that some groups of individuals will be impacted by age assurance more than others. For example, if an age estimation system is less accurate for individuals in some population groups, or an age verification system relies on credentials that are not held by a significant portion of individuals, those individuals will either have to provide additional personal information as part of a secondary age assurance check or forego accessing the website or service. Often, individuals impacted in this way will be members of equity-deserving populations.

These risks create impacts beyond privacy. As stated by the European Data Protection Board, “[a]ge assurance poses specific risks to data protection with the potential to adversely impact not only natural persons’ right to the protection of their personal data, but also other rights and freedoms such as the right to non-discrimination, the right to integrity of the person, the right to liberty and security, and the right to freedom of expression and information.”^{Footnote 4} For instance, it is likely that some number of individuals would forego access to certain content or services if there were a likelihood that such an access would be tied to their identity.

3. Contextual Considerations

The use of age assurance cannot only be considered in the abstract; it is also important to understand the overall environment into which it is being launched. To that end, we note the following contextual considerations that have impacted our thinking on this topic.

3.1 Need to build trust

Public trust in technology companies is currently quite low. In the OPC’s most recent polling, 71% of Canadians stated that they had “not much” or “no” trust that “Big Tech” companies would protect the personal information shared with them, while 86% said the same of social media companies.^{Footnote 5} This suggests that without a way to establish the trustworthiness of age assurance systems, many Canadians will likely be uncomfortable providing their personal information for such a process and may opt to instead forego accessing content or online services.

The OPC believes that age assurance systems can be designed and used in a way that protects privacy and that privacy-protective design decisions can play a crucial role in helping to instill public trust. In line with this, any policy or regulation requiring organizations to implement age assurance should clearly outline measures to ensure that Canadians’ privacy is protected. Organizations developing or using age assurance should also demonstrate to users that the system is privacy-protective. As noted in the 2025 G7 Data Protection and Privacy Authorities Roundtable Statement, Promoting Responsible Innovation and Protecting Children by Prioritizing Privacy, “when individuals have confidence that their data is protected and used lawfully and responsibly, trust exists; where trust exists, innovation is embraced.”^{Footnote 6}

3.2 Current age assurance environment in Canada

At the time of writing, there is no means of proving one’s age online that has been broadly adopted in Canada. For instance, though we have seen some voluntary, limited-scope provincial digital wallet initiatives (including in Alberta^{Footnote 7} and British Columbia^{Footnote 8}), there are no government-issued digital credentials in wide use that could be used for age assurance. Other infrastructural supports for a robust age assurance environment, such as standards, are also relatively new with publications from Canada’s Digital Governance Standards Institute (DGSI)^{Footnote 9} and the International Organization for Standardization (ISO)^{Footnote 10} having been issued in the past year. Similarly, we are not aware of any age assurance mechanisms (beyond basic “I am over 18” self-declarations) that Canadians would regularly encounter.

Some of our positions may change as this environment continues to evolve. For instance, if a trusted digital credential becomes widely adopted in Canada, it may be inappropriate for an organization to refuse to accept it and require individuals to undergo a different form of age assurance. Similarly, if industry standard practices for privacy-protective age assurance emerge beyond those described in our guidance, the OPC would assess and update our guidance as needed.

4. Conclusion

Children and their privacy rights must be better protected online, and the OPC believes that age assurance can be a privacy-protective mechanism to support this. We also believe that it should be deployed – or mandated – with caution, acknowledging that the potential privacy risks associated with its use be addressed and mitigated.

Footnotes

Footnote 1

Per ISO/IEC 27566 (s.3.1.1): age verification is an age assurance method based on calculating the difference between a verified year or date of birth of an individual and a subsequent date; age estimation is a method based on analysis of biological or behavioural features of humans that vary with age; and, age inference is a method based on verified information that indirectly implies that an individual is over or under a certain age or within an age range.

Return to footnote 1 referrer

Footnote 2