The net tightens


On 2nd September the Financial Times reported on a remarkable letter which had appeared that day in the Sunday Telegraph. Because it is behind a paywall, I reproduce the text of the epistle here:

SIR – The Government launched its Green Paper on internet safety last year, with an objective “to ensure Britain is the safest place in the world to be online”.

The internet is an overwhelming force for good, but like all media it also risks creating harm – from the extremes of child exploitation to the threat to democracy that the Digital, Culture, Media and Sport Select Committee has identified in “fake news”. The Chief Medical Officer has also highlighted growing concerns around the impact on children’s mental health.

We represent diverse media or communications companies and collectively invest significantly in British infrastructure and content. We pay high and fair levels of tax, and we are all regulated by Ofcom. And we have one more important point in common – we all agree with Sharon White, Ofcom’s Chief Executive, that the argument for independent regulatory oversight of major online players has never been stronger.

We do not think it is realistic or appropriate to expect internet and social media companies to make all the judgment calls about what content is and is not acceptable, without any independent oversight. There is an urgent need for independent scrutiny of the decisions taken, and greater transparency. This is not about censoring the internet: it is about making the most popular internet platforms safer, by ensuring there is accountability and transparency over the decisions these private companies are already taking.

The Government, regulators and industry must now work together to address all potential online harms, many of which are exacerbated by social media. The autumn White Paper on internet safety is a golden opportunity to get this right.”

Jeremy Darroch, Chief Executive, Sky

Lord Hall of Birkenhead, Director-General, BBC

Carolyn McCall, Chief Executive, ITV

Alex Mahon, Chief Executive, Channel 4

Gavin Patterson, Chief Executive, BT

Tristia Harrison, CEO, TalkTalk

To have brought together all of the above must count as an achievement of some sort. In the Daily Telegraph it was described as an “extraordinary coalition”.

Add this to the comments made by Home Secretary Sajid Javid in his speech the following day. According to The Guardian (and me because I was in the room), he said he was (only for the moment?) “holding off naming and shaming” guilty parties.

It is not hard to see why the level of expectation in the UK about how  internet governance is about to shift has risen to an all-time high. With so few friends in Parliament the social media companies operating in Britain must know the times they are a-changing. We wait with bated breath.

 

Posted in Default settings, Facebook, Google, Internet governance, Regulation, Self-regulation

Another big step forward – well done Google

Today Google are announcing the release  of a new tool which they are making available at no cost to relevant NGOs and industry partners. Here’s the problem it is addressing.

Microsoft’s Photo DNA is brilliant. It works at scale to find images that have already been identified and determined to be CSAM and then have made it into a database that is used to scan  repositories of images looking for matches. Matches can rapidly be deleted as steps are taken to locate the victim and bring the perpetrators to book. Photo DNA will continue to be an essential element in the ongoing fight to rid the internet of these images and help the child victims.

But what about those images that have not yet been found and classified? Any new image that is located is likely to be linked to current or recent sexual abuse, abuse that may still be ongoing. This is where Google’s new Content Safety API can step in.  It deploys AI to sift through, identify and classify images which are most likely to contain child sex abuse material. From the millions of images residing on  a server it can flag and prioritize those that need to be looked at. This is a huge step forward which will complement Photo DNA and greatly enhance the global effort to make the internet a better and safer place for children.

Well done Google. Three gold stars.

Posted in Child abuse images, Google, Internet governance, Microsoft, Regulation, Self-regulation | 1 Comment

Rule of the oligarchs?

Where does ICANN’s money come from? It is easy to find their annual accounts  and estimates.  These give the big numbers.  Finding out which individual companies or organizations are behind the numbers is harder,  although admittedly not much harder if you know the lingo.

ccTLD Registries

The latest year for which complete data are available is the twelve months ended 30th June 2017. This link shows  financial contributions made in that period by Registries that administer country code Top Level Domains (ccTLDs) e.g. .uk, .de, .fr and so on.

In the UK our ccTLD is Nominet. Nominet, like many other ccTLDs, is a not for profit. ccTLD Registries hold their positions by virtue of a contract awarded to them by the national government of the jurisdiction concerned. Some ccTLD Registries may even be inside a Government Department or they are run by a Government agency.

The published information on ccTLDs is easy to assimilate. The list is well short of two pages and the entries are presented pretty much alphabetically by country. Yet only about 100 countries are mentioned while there are around 200 ccTLDs. I gather there is no requirement for ccTLDs to subscribe so the mystery is why any of them do. It’s not obvious what they get for their money.

In the year ended 30th June 2017 the financial contribution made by all the ccTLDs combined was just over US$ 1,200,000. If they were to  be counted as a single business they would not be in the top 10 of all contributors.  The highest single contribution by a ccTLD was US$ 225,000. Power players in ICANN politics they are not.

gTLDs

This second link is to a page showing contributions made by Registrars, a couple of other types of ICANN affiliates and the Registries  for gTLDs. The huge preponderance of ICANN’s year on year income comes from these sources. This is the bit that matters. Overwhelmingly, the entities here are conventional businesses although there are some not for profits e.g. The Public Interest Registry. It runs .org.

More complicated than it needs to be

As you will see, the published list for this constituency is anything but easy to understand. It is 49 pages long, containing over 3,700 individual entries. They are listed alphabetically. Nothing wrong with that but, did you know, for example, that “Binky Moon”,  one of  the largest contributors to ICANN, is the business that trades as “Donuts”?

There are hundreds of entries from two particular Registrars: one called  “Camelot LLC” and the other called “DropCatch.com LLC”.

Aside from Camelot and DropCatch there are lots of entities with multiple entries. In addition to the individual ones, couldn’t they all be grouped together under whichever is the ultimate beneficial owner? That way we could easily see the total net contribution made to ICANN’s funds by each business or organization.

By converting the published pdf to an Excel spreadsheet I was able to work out a number of things without an enormous amount of effort but, memo to ICANN, in future why don’t you do that? Make it your aim to present these data in a way that is as easy as possible for anyone interested to find, analyse and understand from any and every angle that is likely to be of interest. Embrace the light.

Domination by the few not the many

In the year ended June 2017 ICANN’s total core income was US$ 137, 245, 623. Of this US$ 42,818, 745 comes from one company – Verisign – Registry of, inter alia, .com and .net. That is 31.2% of ICANN’s entire year on year income coming from one source.

Lest we forget, .com and .net are where the vast majority of child sex abuse materials are found on the open internet and much that is now on the dark net will have originated there. Shame on Verisign and shame on ICANN for not doing anything about it.

GoDaddy, a Registrar,  is next in line in terms of the size of their engagement with ICANN’s piggy bank: a “paltry” US$ 9,789, 485. That’s 7.1% of the total. Very close behind is DropCatch at US$ 9,364, 624 (6.8%).

There were a few entries from entities that looked like they were probably linked to DropCatch but I excluded them from my calculations just in case I was wrong. However, if they were added in DropCatch would probably edge out GoDaddy from the No. 2 spot.

Either way in 4th place we have “Binky Moon” at US$ 5,043183 (3.6%).

Thus, four companies between them provide just shy of 50% of ICANN’s entire income. The top 21 entities provide 63% of it and if there is a further round of consolidation and takeovers  ICANN’s dependency on an even smaller number of businesses will grow ever more pronounced. This cannot be healthy for ICANN or the internet.

Things you need to know about ICANN for the pub quiz

In Q1 2018 there were 333.8 million domain names in existence. That’s up 0.4% on Q4 2017. The annual rate of growth in registrations continues to be about 1%

.com and .net accounted for 148.3 million registrations, or 43% of the total. The combined total for all ccTLDs in the same quarter was 146.3 million, although it seems this category is growing at a faster rate: 2.2% per annum.

After .com the next largest domain is .cn i.e China. No surprises there.  It checks in at 21.4 million. However, the number three domain in the world is .tk, with 19.9 million registrations. tk belongs to Tokelau. Tokelau consists of three atolls in the South Pacific. They are a dependent territory of New Zealand. The population of Tokelau is 1,500.

.tk domains are free. That probably helps explain their meteoric rise and maybe the faster rate of growth for ccTLDs as a whole. If I was a competing Registry I might be annoyed but why should anyone else worry? Just relax. ICANN obviously has the situation completely under control.

 

 

Posted in ICANN, Internet governance, Privacy, Regulation, Self-regulation

A review of the obscenity laws

The Crown Prosecution Service has announced a review of the guidance it issues to prosecutors concerning obscene materials.  It closes on 17th October.

This could be a great opportunity to correct a number of anomalies which have arisen since, and been magnified by, the arrival of the internet. Ditto in respect of the operation of those bits of the Digital Economy Act 2017 which address commercial porn sites.

To recap

Under the Digital Economy Act’s provisions on commercial pornography sites, qualifying commercial porn sites must do two things:

  1. Make sure they have a robust age verification (AV) solution in place.
  2. Make sure that, even behind the age gateway, there is no “extreme pornography”.   If you click the link you will see this category was established under earlier legislation.

The privacy and competition laws also matter

All web sites must comply with our privacy laws and our competition laws so while these are not specific to porn sites they have an obvious significance in this context.

The role of the Regulator

The regulator/enforcer for the Digital Economy Act in relation to porn sites is the BBFC. They have no direct locus in respect of enforcing the  privacy and competition laws although, for example, as they investigate and determine whether or not particular AV solutions  are working well enough to keep kids out, I imagine the BBFC is unlikely to approve a solution that is known to break privacy or competition rules so, to that extent, they are indirectly involved.

Definitions matter

When the Digital Economy Act was going through Parliament  the Government acknowledged that the definition of “extreme pornography” was not wholly satisfactory. In fact, as I recall, initially they also included a proposal to create a new and extra class of “prohibited material” which they later withdrew. Unusual, but not unheard of.

They promised they would revisit  the issue of definitions. Once the Bill had got underway the constraints imposed by the Parliamentary timetable meant it was impossible to open up a wider consideration of matters of this kind. If people had insisted the risk was we would have lost everything in the Bill on porn sites.

Enter the CPS

We also said at the time, and the Government appeared to accept, that the CPS had to do the same with its (outdated) guidance to prosecutors in respect of obscenity laws.  But the Government is always reluctant to instruct the CPS to do anything so we had to wait until the CPS decided to do this in its own good time. Well now it has.

The Government reminded us that, AV or not, there should be no illegal material of any kind on  any web site. The Digital Economy Act did not create a licence to publish illegal material as long as it was behind an age gate. This is why the CPS guidelines matter. OK they are not “the law” as such, but they are extremely important in shaping practice and a review of this kind can act as a spur to legislative change.

Not sure whether or to what extent this CPS  review obviates the need for or will count as the “extreme pornography” review the Government promised. I suspect it won’t entirely but we shall see.

One of several things we didn’t like about the definition of “extreme pornography” is that  highly sexualised Manga  images featuring very young people were clearly excluded. Could the CPS review correct that? Maybe. Maybe not.

 

 

 

 

 

Posted in Age verification, Child abuse images, Default settings, E-commerce, Internet governance, Pornography, Regulation, Self-regulation

The dangers of digital piracy

With the school holidays upon us, here is a great report from Internet Matters on the dangers of digital piracy.

This is not just about your children getting used to the idea that it is OK to rip off other people’s work, it also explains some of the terrible things that can happen to their devices, personal data and that of the rest of your household.

 

 

Posted in Advertising, E-commerce, Regulation, Self-regulation

Final version of the letter to the NTIA

The  UK children’s charities sent this in to the NTIA on 17th July, 2018.

Dear NTIA,

Thank you for this opportunity to submit comments on the future of the US Government’s international internet policy priorities.

One in three human internet users is a child

One in three human internet users is a child. In parts of the developing world this can rise to around one in two.  In the higher income countries the proportion hovers around one in five. Thus, whatever else one might believe, imagine or want the internet to be it is a hugely important medium for  hundreds of millions of children. This may not have been anticipated in the early days, when many internet governance institutions were established but, unquestionably, it is a fact today.

Multistakeholderism has failed children

Multistakeholderism is said to be a core operating principle for internet governance institutions. Below we give examples of how multistakeholderism has egregiously failed to ensure children’s interests are taken into account. The main focus is the IGF and ICANN.

The IGF forgot about children

NETmundial was an IGF sponsored initiative of considerable importance.  It took place in Brazil in 2014.  In the final communiqué  there are references to three international treaties:  the Covenant on Civil and Political Rights, the Covenant on Economic, Social and Cultural Rights, and the Convention on the Rights of Persons with Disabilities. The Convention on the Rights of the Child did not feature. There is not one word about children in NETmundial.

There were not enough children’s voices at NETmundial to press for their rights or concerns to be recognised and while doubtless no one present in São Paulo wished any harm to come to children when they go online, neither were children’s interests front and centre of why anyone made the trip. Why were there not enough children’s voices? Partly for a very practical reason: money. Or rather the lack of it.

ICANN takes no account of children’s best interests

In 2012 ICANN decided to expand the number of available generic Top Level Domains (gTLDs). This resulted in the creation of over 1,000.  ICANN agreed “.kids” would be  one of them. For .kids in the English language there were three bidders: Amazon, Google and the .Kids Foundation. Six years later a decision on who should be awarded the contract to be the Registry for .kids in English has still not been taken. This gives some indication of the priority attached to children’s interests within ICANN.

Yet .kids has been let in Cyrillic script. The following questions were put to the Moscow-based entity that won the contract to be the Registry:

Do you make any stipulations about who may buy a .kids domain name e.g. nobody with criminal convictions, or convictions for child sex offences? And if you do, do you carry out any checks to make sure the people meet those criteria?

Answer: No.

Do you make any stipulations about who may work for a business or organization operating a .kids domain name e.g. nobody with criminal convictions, or convictions for child sex offences? And if you do, do you carry out any checks to make sure the people meet those criteria?

Answer: No.

At the time of writing there is no information suggesting anything untoward has happened with any Cyrillic .kids websites, but it should be noted that the volume of sales so far has been low (1,500 at the last known count).

Concerns of the kind alluded to in the questions above should never have been left open in the way they were. This is because a domain such as .kids is guaranteed, sooner or later, to attract the attention of paedophiles. They go where children go. That being so ICANN’s failure to insist on and insert in the Registry Agreement even the most rudimentary safeguards, commonly found elsewhere and not infrequently required by law, is shocking.

Moreover, stipulations about ownership and operations have nothing at all to do with the nature of any content that might appear on a website. No free speech concerns arise.

No advice about children’s best interests was sought

In correspondence ICANN has acknowledged that when it came to deciding who would be awarded the contract to be a .kids Registry, and on what terms, they did not seek or consider any expert advice in relation to what might be in the best interests of children.

Neither were any extra or specific requirements imposed within the application or assessment processes used to decide who might become the .kids Registry. In effect .kids was looked at in the same way as .grocery, .London, .cruise and .baseball.

The GAC nevertheless offered advice

ICANN’s Governmental Advisory Committee (GAC) , on its own volition, offered quite specific advice on children’s interests in respect of the new gTLDs being created.  This was ignored. True enough it was issued after the process had started but it was still well within a timescale that would have allowed ICANN to act, were it so minded.

It was different for .bank, .pharmacy and .insurance

As part of the same process that created .kids, .pharmacy, .bank and .insurance also became new gTLDs. However, here, fearful of the consequences of bad actors being able to buy and run websites which implied a link to legitimate pharmaceutical, banking or insurance related activities, interested businesses combined to establish what are now known as “Verified Top Level Domains”. To buy a domain within any of these categories, individuals or entities must first go through a pre-approval process to determine they are fit and proper.

How did banks, pharmacies and insurance accomplish this?

The banking, insurance and pharmaceuticals industries had an established presence within ICANN. They had developed expertise in the substantive issues and become familiar with ICANN’s arcane procedures. Crucially, they had the wherewithal to employ the necessary lawyers, lobbyists and staffers to deliver what, for them, was a highly desirable outcome.

The children’s organizations had and have no similarly endowed or entrenched interlocutors and no one within ICANN accepts that they have or had any kind of obligation to ensure children’s interests are or were properly safeguarded. They could, for example, have stepped in and insisted .kids be created as a  Verified Top Level Domain. They didn’t.

Child pornography

Down the years the lion’s share of child pornography on the internet has been found within just two domains: .com and .net.

In 2018 the IWF reported that around 70% of all child pornography reported to it in 2017 was found within .com and .net. Those proportions were similar to the levels reported in 2016 and many previous years. .com and .net are both owned by the same company, Verisign, based in Virginia. Verisign is the largest single contributor to ICANN’s funds.

Astonishingly, among the new gTLDs established under the 2012 process the IWF also discovered that over 1,000 domains appeared to have been created solely to distribute child pornography. This was up from 272 the year before. These are relatively small numbers but any one of these domains could be responsible for distributing millions of illegal child pornographic images.

ICANN chose money over the safety and security of children

It was open to ICANN to decline to expand the number of available domains under the new gTLD process until they were satisfied they could not be misused in precisely the way they have been. They didn’t choose that route. They chose to bring in more cash and in so doing added to the well-known problem of child pornography being distributed over the internet.

If only WHOIS worked as intended

It is hard to believe even one web site would be engaged in distributing child pornography if the identities and contact details of the persons buying or operating the domain had been robustly verified.  This is what is supposed to happen but ICANN turns a blind eye. This helps crooks to harm children.

The offer of a PDP

In correspondence and discussions ICANN officials would not accept they had any specific or particular responsibilities towards children. They merely suggested the children’s organizations should try to initiate a “Policy Development Process” (PDP) within which our ideas could be discussed by the wider ICANN “community”.

PDPs are the traditional way in which policies are aired and debated within ICANN prior to the ICANN Board reaching a determination.

An ICANN PDP can last several years. It was pointed out the children’s organizations simply do not have the resources that would allow them to engage in one. ICANN appeared unmoved.

More importantly, the obvious implication of a PDP is ICANN believes it has a discretion in relation to the position of children. The contrary view, advanced here, is ICANN has a legal obligation to act in ways which take account of the best interests of children. That is an obligation which, hitherto, ICANN has conspicuously failed to discharge.

Principal recommendation

The US Government should use its influence to ensure multistakeholderism works as originally envisaged and in ways which guarantee children’s interests are fully represented and supported at all stages and levels in key internet governance institutions. Alternatively, if the US Government concludes that this is not possible within current frameworks, it should look for and promote an alternative model.

Yours faithfully,

 

 

Posted in Age verification, Child abuse images, Consent, Default settings, ICANN, Internet governance, Pornography, Self-regulation

Problems with consent

Elizabeth Barrett Browning wrote a wonderful sonnet which opens with this famous line

“How do I love thee? Let me count the ways”

She then lists eight or nine.

Here is the Oxford English Dictionary definition of “consent”

Permission for something to happen or agreement to do something.

I tried to concoct a Browningesque rhapsody to consent but my muse deserted me. Instead, as I often do at such moments, I turned to the GDPR. When describing the lawfulness of data processing, in Article 6 there appears to be three different sets of words  in play, all of which describe what is essentially the same thing, namely

Permission for something to happen or agreement to do something.

Common or garden consent

Article 6(1)(a) refers to situations where the data subject consents to their data being processed. No issues there. A widely and well understood idea. Elsewhere there are references to informed consent but that is really only a way of emphasising what is anyway implied. However, Article 6(1)(a) also has an important tie in with Article 8.

Under the GDPR a child is anyone below the age of 18 but Article 8 lays down conditions which apply to children aged 15 or less.  Here, in a given country, if 6(1)(a) is relied upon the only consent actually required is that of the child’s parent or carer. Such consent must be verified. Expensive? Messy. Troublesome, although some would say not a bad thing because it seeks to engage a parent or carer in their children’s online life.

Only in those countries that have adopted 13 as the minimum age is there no prima facie  reason to obtain the consent of a parent or carer. The UK is one of those, along with nine others e.g. Denmark,  Sweden, Estonia and Poland.

Contracts

Article 6(1)(b) refers to contracts or steps taken preparatory to entering into a contract. As far as I know in every jurisdiction consent is an essential component of a contract.  In fact in some contexts the word “consent” and “contract” can be interchangeable.

The striking thing about using 6(1)(b), however,  is it allows the company to sidestep the necessity to obtain parental consent, verifiable or otherwise.

It also opens up the intriguing possibility that if the service on offer does not specify a minimum age or, even in a “13 country” like the UK, if the minimum age  stated by the service is below 13, which it could be for any service that is not US-based, any child with a way of paying could properly engage with the service without even a theoretical GDPR legal requirement for there to be any form of involvement by the parent or carer.

There are other aspects of using 6(1)(b) which raise interesting questions. These are discussed below as a footnote.

Legitimate interest

Article 6(1)(f) refers to situations where the company judges it has a legitimate interest in  processing your data and it simply asks you to agree to their stated terms as the basis on which the service is offered. Note that word. “Agree” is  a synonym for “consent” according to the English language’s most authoritative source.

Again the notable consequence of using 6(1)(f) is it, too, allows the company to avoid having to seek the consent of a parent or carer. Facebook have used legitimate interest to create what is, in effect, a whole new class of membership – one that does not require a parent or carer to agree to anything.

US companies appear always  to be governed by COPPA, with its floor of 13, but non US companies have no such constraint.

Narrowing the scope for parental engagement

On one reading of children’s rights it is possible to see how, where legitimate interest or contract are the basis for data processing, children are being given greater agency but I have yet to hear a company argue that as a reason for going down either of those paths. That is probably wise because most people will see it as an undesirable, even surprising, route by which businesses are allowed to reduce the scope for parental involvement in the online lives of their children.

To put that slightly differently, I doubt many people will readily believe that online businesses were intentionally striking a blow for children’s rights when opting for legitimate interest or a contract as the basis of processing children’s data.

Ambiguity as irony

The simple truth is Article 6 delineates three different types of consent and anyone who wishes to argue otherwise has to embrace a series of linguistic contortions. Am I alone in thinking there is something mildly ironic about this in an instrument that enjoins the rest of us to use clear and accessible language?

Do we have a hierarchy of consent from a child protection perspective?

Is it the case that under 61(a), (b) and (f) the child should receive an identical and high level of protection? I raise this point in part because in (f), uniquely,  the data controller needs to consider whether anything they are doing could

(override)…. the interests or fundamental rights and freedoms of the data subject…. in particular where the data subject is a child.

Every data controller is required to carry out a risk assessment for every part of their data processing activities but as far as I can see where legitimate interest is used as the basis of processing data the burden placed on the data controller to “get it right” is higher.

If that is a correct reading of the regulation could someone explain what is the justification for having lower child protection standards which apply to the other two categories?  And why is it that the GDPR only requires parental consent in one out of the three methods by which a child can engage with an online service? What was the thinking behind that?

And is it allowed for a company just to say they are using all three bases allowed in Article 6, without being more specific than that? Don’t they have to explain what the legal basis is for them processing your data? Can they just say “here is a list of laws which allow us to process your data but we are not sure, or we are not going to tell you which one we are using to process this particular piece of data?”

Is consent all it is cracked up to be anyway?

Lots of people in the privacy community argue that consent has been hugely abused by commercial entities. It sounds great – who could be against asking for someone’s consent in respect of anything which affects them? However, the argument goes that “consent complexity” and “consent fatigue” have  actually made “consent” a refuge for scoundrels. Look at  the number of fifty thousand word Ts&Cs in dense legalese that no one does, and very few can, read or understand. The GDPR is an attempt to smoke out the scoundrels. We will see in the coming years how well it succeeds.

Thus, while of course always preserving a person’s right to object to or withdraw from all or part of a service,  or to withdraw their consent from anything they previously agreed, perhaps what we should be looking towards is a law, for both free and paid for services, which says companies are allowed to collect defined categories of data and are allowed to process the data in defined ways. That sets the default. Any deviation from the default would only be lawful if the company can show it has engaged directly with the individual concerned. Tick boxes not allowed. Special attention would need to be given to the ways in which trackers and third party apps operate.

Some companies have always been transparent, some achieve transparency, the rest, the majority, have transparency thrust upon them.

Footnote

Contracts present a particular source of  potential confusion

Very large numbers of children now have their own means of paying for things, online and off, so it is wholly illusory to believe that parents are involved in making a great many purchasing decisions with or for their children.  Whether or not we wish it were otherwise is another matter. It is nonetheless the reality.

Yet if you were to ask someone  if they knew the age at which a young person can enter into a contract,  in three out of the four countries that make up the UK most would say 18 straight away. As far as I can tell the same is pretty much true in most EU Member States.

But in England, for example, while there are some  legally binding contracts  (for “necessities”) which persons below the age of 18 can enter into, most of the contracts a minor is likely to enter into online will be what lawyers call“voidable”. That means the child can enforce them if it is to their benefit but they cannot be enforced against the child. Again most EU jurisdictions have similar provisions.

Anyway my point is that the common understanding is that 18 is the age for  “proper”contracts so I think many parents will be astonished to discover that the “voidable route” is being used by companies under Article 6(1)(b) of the GDPR. They will think it is a sneaky lawyer’s trick which they will resent, particularly when they learn that, in practice, it also cuts them out of a particular aspect of their children’s online lives.

We would all benefit from greater clarity and certainty about the scope companies have to enter into  commercial relationships with minors in the online world. When we have got that perhaps we will want to amend Article 6(1)(b).

Posted in Age verification, Consent, Default settings, Internet governance, Regulation, Self-regulation