IGF 2024 DC-CRIDE & DC-IoT Age aware IoT - Better IoT

The Internet of Things offers many opportunities to make our everyday lives more convenient, safer and more efficient. Due to the advancing use cases, digital applications will be omnipresent in the future and also offer the benefit of being at our side almost unnoticed. However, this can also result in risks, such as unwanted data processing, the provision of information that may be inappropriate or even harmful to individuals or the initiation of processes that are based on false assumptions. These risks can be countered by identifying the users. If the devices in the surroundings know who the user is, the Internet of Things can work adequately according to their needs and with specific measures and serve the user. One area of identification is the verification of age or assignment to an age group. Knowing this, smart speakers would, for example, generate information in child-friendly language for very young users or sensors that check whether older residents have fallen and may be lying helplessly on the floor would not be triggered incorrectly if a child is playing on the carpet in the living room.

According to the DC IoT Internet of Things Good Practice aims at developing loT systems, products, and services taking ethical considerations into account from the outset, in the development, deployment and use phases of the life cycle, thus finding an ethical, sustainable way ahead using loT to help to create a free, secure and rights enabling based environment: a future we want.

DC CRIDE based their understanding on the findings of the Global Age Assurance Standards Summit held with about 700 participants from around the world in Manchester in April 2024. The Summit’s Communiqué sets out the assumption that age assurance is a way to create a safe environment for users of all ages where they can exercise their rights and securely enjoy also the benefits of new and emerging technologies.
In the following we will outline how age assurance contributes to the four IoT subjects as key to tackle in the joint session:

1. IoT Data governance: IoT especially AI-enhanced is relying heavily on data and at the same time, guarding privacy is a clear priority. One of the questions the session shall address is: How can we ensure the reliable usage of necessary data and safeguarding privacy of users in a world that is full of IoT devices, many of which are connected via a global Internet, and increasingly governed by AI systems? While knowledge of the user’s age or simply to which age cohort they belong can help to shape digital services according to age specific needs of the user. The date of birth of a user counts as sensitive data in the sense of the GDPR and thus needs to be handled carefully. DC CRIDE is exploring how age assurance systems can be designed to ensure both adherence to the principle of data minimization AND privacy protection. When IoT goes hand in hand with such age assurance systems also IoT good practice data governance will benefit.
2. IoT Labelling and certification: At the level of devices, there need to be robust mechanisms for finding, labelling, authenticating and trusting devices (and classes of devices). Labels provide a powerful tool; many countries have developed and adopted IoT trust marks, and the time has come to start working towards their international harmonization. For all age-related decisions in the use of IoT reliable and trustworthy age assurance mechanisms could be an additional criterion to label IoT devices as good practice.
3. The impact of AI on IoT systems: The convergence of AI and IoT, often referred to as AIoT (Artificial Intelligence of Things), is driving innovation across various sectors. With AI, IoT systems can make autonomous decisions based on real-time data. This reduces the need for human intervention and can lead to more efficient operations. While such AIoT operations need to be trained by reliable non-biased data the quality and efficiency of autonomous decisions taken by the system will benefit from data provided by reliable age assurance mechanisms, f. e. an AI driven cashier system will be able to decide autonomously whether a client shall be allowed to buy alcoholic beverages or not due to their respective age.
4. IoT Capacity Development: IoT has been coming up rapidly, and good practice applications can inspire use of IoT systems and services around the world – also in the regions where IoT application is currently lagging. At the same time age assurance has become a rapidly evolving issue and systems are being developed or already in place to ensure users of all ages get the best service appropriate to their age. Thus, a common understanding is beginning to spread that age assurance is not a tool to restrict access to and usage of a service but to improve the appropriateness of services according to the age of the user. Therefore, capacity building for IoT could and should go hand in hand with capacity building for meaningful implementation of age assurance systems.