
























Canada’s privacy regulator has opened a public consultation on how websites and online platforms should use age checks to protect children online, while warning that age assurance systems themselves can create new privacy risks if deployed without safeguards. The consultation will remain open until August 4, 2026.
Philippe Dufresne, Privacy Commissioner of Canada, launched the guidance on May 4 during the International Association of Privacy Professionals (IAPP) Canada Symposium in Toronto as part of Privacy Awareness Week 2026. The Office of the Privacy Commissioner of Canada developed the framework after conducting an earlier public consultation on age assurance technologies.
The regulator said organizations should not make age assurance “the default condition for accessing the Internet” and should use it only where the law requires it or where children face a specific risk of harm.
When platforms may need to use age checks: The document identifies two broad situations where platforms may need to differentiate users by age: when they restrict access to certain services or content, and when they change platform features or data practices for younger users.
The guidance says companies blocking access based on age should be able to show either that the law requires them to do so or that children face a clear risk from accessing the service. Examples mentioned include pornography, gambling, dating services, and products with age restrictions.
At the same time, the regulator warned against excessive data collection in the name of child safety. It said platforms must ensure that any age assurance system collects information that is “proportional to the risk being addressed.”
Concerns over profiling and data collection: The guidance also highlights risks linked to modern online platforms, including detailed profiling, behavioural advertising, unrestricted private messaging, and systems that encourage children to share sensitive personal information.
Instead of forcing all users through age checks, the regulator asked companies to first consider less intrusive alternatives. It suggested measures such as disabling behavioural advertising for suspected child users, using child-safe defaults, or limiting risky features without requiring identity verification from every user.
The document also stresses that companies should not use age assurance data for advertising, profiling, or linking user activity across services. “Age assurance systems should be designed in a way that relying parties are not able to use age assurance results to correlate multiple visits by the same user,” it said.
The regulator further said platforms must provide appeal mechanisms to users denied access because of an age check and, where possible, offer multiple privacy-protective methods to prove age.
Children’s Privacy Code and wider policy push: The guidance comes as the Canadian privacy regulator is also preparing a broader Children’s Privacy Code. The Office said it has separately consulted businesses, researchers, and young users on online privacy, child safety, and digital harms to help shape future policy recommendations.
Commissioner Dufresne said, “Age assurance can be a valuable mechanism to advance the goal of reducing potential harms experienced by children online. In providing this new guidance on age assurance, my aim is to help organizations to implement age assurance in ways that mitigate the impacts on privacy.”
Read more:
For You
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。