E-Reputation Law - a case study on e-reputation

For further information, please visit the e-reputation law website

E-Reputation Law

What if my e-communication is directed towards minors? (cont’d)

(c) Limiting access to a website: technical restrictions

Given the rules to be observed, and depending on the product, many companies will prefer to prevent minors from gaining access to their website or their content on social media.

The question is then how to do so. Indeed, it is often difficult, even impossible, to determine whether minors visit a website.

One manner of doing so is to ask the web user to indicate his or her age or date of birth. This method, which is often used by beer brewers, relies upon the web user’s honesty.

It is worth noting that Facebook requires web users to indicate their date of birth when creating an account. One may reasonably assume that web users with a Facebook account have indicated their true date of birth, such that Facebook can easily determine whether the web user is (or at least pretends to be) an adult or not. As it has realised how useful this could be for companies, Facebook allows them to limit access to their Facebook page depending on the age of the web user  [Note: Access to content can thus be restricted to those of over 17, 18, 19 or 21 years of age (see Facebook restrictions).].

Facebook also permits the use of this system on non-Facebook web pages, through implementation on the company’s website of a Facebook login system. Web users visiting the company’s website are then encouraged to login using their Facebook username and password, and this system checks whether the web users are adults before allowing them access to the content  [Note: In practice, the company creates a ‘Facebook application’ (on the Facebook application page for developers) through which it can decide whether access to the content must be available only to persons of over 17, 18, 19 or 21 years of age or whether there is free access.].

Finally, there are other methods that are linked to filtering. The company can inform ‘rating’ agencies that its website is only meant for adults; it can also integrate code on its website to facilitate the filtering of its website  [Note: It is worth noting that the filtering of websites is highly controversial for various reasons, amongst other things given the high number of ‘false positives’ that are blocked, i.e. websites that are wrongfully blocked by the filtering system. Another closely related reason is the risk of violation of freedom of expression.] when parental controls are active  [Note: See for instance www.rtalabel.org].

The issue with all of these systems is that of effectiveness, first and foremost because of the risk that minors might be able to bypass them, as they often are more proficient with computers than the previous generation  [Note: For an in-depth explanation, see for instance N. PERLROTH, “Verifying Ages Online Is a Daunting Task, Even for Experts”, The New York Times, 17 June 2012 (available online)].

For instance, filtering systems can be bypassed through deactivating parental controls (which are sometimes put in place with the minor’s help), through using proxies, etc.

It is even easier to set aside any request for a date of birth.

The system offered by Facebook is not a miracle solution either, as it is possible to change one’s date of birth on Facebook and as one can always create a fake account to gain access to the content in question.

There is one alternative whose effectiveness may be far greater in relation to all Belgian residents: eID. Indeed, there are ways to develop eID applications  [Note: See //findlaw/doc=eid-dev-fr]. Tax-on-web is a good example of the integration of eID on a website, and there are sets of code online that allow such an integration  [Note: See for instance https://code.google.com/p/eid-applet/]. The obvious disadvantages of this system are the geographical restrictions in terms of audience and the need for the web user to use an eID card reader.

Consequently, there is no easy and ideal solution for limiting access to content to adults only (or in general to a specific age group). Each system can nevertheless be of some use to companies that wish to limit the risk of access to their content by minors, whether for legal reasons or just in terms of best commercial practices.

A specific decision of the Jury on Ethical Practices in Advertising (JEP) illustrates the kind of behaviour that is to be avoided  [Note: JEP, decision of 2 Septembre 2011, Alken Maes Brasseries – Maes (in French, in Dutch).]. In the context of an advertising campaign, a company had restricted access to its website, requiring the web user to indicate his or her age. Above the tool for selecting one’s date of birth, the company had added the following text:

You don’t choose your age. But if you’re younger than 18 years old, there are still plenty of fun things to do. Creating little men in play dough, making nice coloured pictures or disguising yourself as a magician. Make your choice!  [Note: Rough translation.
French text: "On ne choisit pas son âge. Mais si tu as moins de 18 ans, il y a encore plein de chouettes choses à faire. Fabriquer des petits bonhommes en pâte à modeler, des jolis coloriages ou te déguiser en magicien. Fais ton choix !"
Dutch text: "Je leeftijd heb je niet te kiezen. Maar als je jonger bent dan 18 zijn er nog genoeg leuke dingen om te doen. Figuurtjes maken met brooddeeg, kleuren met wasco of je verkleden als tovenaar. Kies maar!"]

The JEP held that the tone of the text encouraged minors to submit a fake date of birth and was also belittling for minors, as it only described activities for young children. The JEP considered that the advert did not display a good measure of social responsibility and therefore requested the company to modify or remove the text in question.