The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Risk-based age checks and parental or guardian consent

Your organisation has effective systems in place to conduct risk-based age checks and, where required, to obtain and record parental or guardian consent.

Ways to meet our expectations:

  • Your organisation makes reasonable efforts to check the age of those giving consent, particularly where the individual is a child.
  • You have a reasonable and effective procedure to determine whether the individual in question can provide their own consent, and if not, an effective way to gain and record parental or guardian consent.
  • When providing online services to children, your organisation has risk-based age checking systems in place to establish age, with an appropriate level of certainty based on the risks to children's rights and freedoms.
  • When providing online services to children, if the child is under 13, you have records of parental or guardian consent which are regularly reviewed, and you make reasonable efforts to verify that the person giving consent has parental responsibility. You give particular consideration when a child reaches the age of 13 and is able to provide their own consent.

Can you answer yes to the following questions?

  • Do staff and individuals agree that you have a reasonable and effective way to conduct risk-based age checks, gain parental or guardian consent and review what’s in place?