Germany

[DE] KJM approves several solutions for age verification for closed user groups on the Internet

IRIS 2017-6:1/33

Ingo Beckendorf

Institute of European Media Law (EMR), Saarbrücken/Brussels

Since June 2015, the Commission for the Protection of Minors in the Media (KJM), an organ of the federal states media authorities in Germany, has approved several solutions for the age verification (AVS submodule) of German companies for closed user groups in telemedia. These include the modules "IDnow Video Ident" of IDnow GmbH from Munich and "Postident by Videochat" of Deutsche Post AG, but also the "DE-Mail" system of 1 & 1 De-Mail GmbH.

Due to the Interstate Treaty on the Protection of Minors (JMStV), pornographic content, certain listed (indexed) content and content which obviously seriously impairs minors may be distributed in the internet only on the condition that the provider ensures that access to the content is possible only for adults by means of a closed user group. In order to provide legal and planning security to the telemedia providers, KJM offers the companies to check whether their concepts for technical media protection meet the legal requirements.

The systems of IDnow GmbH and Deutsche Post AG are two modules (partial solutions) at the level of identification, which enable a "face-to-face control" via webcam. Whoever wants to use the respective offerings of the companies in the telemedia must go through a series of safety levels. Thus, besides the mere identification via webcam as an initial age check additional backup measures are taken for a repeated usage process, which offer a sufficient reliability according to the KJM guidelines. The user is identified by a combination of the transmission of the customer data by the content provider and the input of the personal identification data in the identification system.

Subsequently, the identity of the user is verified in a video conferencing with trained employees of the companies, in which the identification document and the conformity of the data are checked. Thereafter, a TAN is sent to the customer, through whose input the identification is completed. Only if all steps have been successfully completed and no inconsistencies occur, the user receives the access key for the product he wishes.

After the examination of the concepts, the KJM came to the conclusion that they are suitable as a partial solution at the level of identification in the sense of the KJM criteria for ensuring a closed user group. However, the modules alone are not sufficient to guarantee a closed user group, they must be applied as part of an overall concept.

The De-Mail system of 1 & 1 De-Mail GmbH is a complete concept for an AVS, which was also approved by the KJM in October 2016. The use of "de-mail" as AVS is achieved by the integration of the function "log-in with De-Mail" in telemedia services, which require a closed user group. Prior to identification, the user requests his / her mailbox by providing his / her personal data and identification data. Afterwards, these data are verified by a face-to-face verification by a certified auditor of an external data processing company either in a shop ("shop ident") or at a location of the users choice ("home ident"). If the personal data of the user were correct, the user receives his individual access data from the 1 & 1 De-Mail GmbH and a password to the deposited e-mail address. The account can only be activated after the input of an mTAN, which was previously sent to the deposited mobile phone number.

In total, there are currently 43 concepts or modules for AV systems positively evaluated by KJM (as of May 2017). In addition, there are currently six overarching child protection concepts with AV systems as subcomponents.