Part H – Parental Consent

Parental consent systems demonstrated technical viability in the Australian context. The Trial found that a variety of parental consent mechanisms were functional and implementable across services and platforms. Core elements - such as parent identification, child linkage and consent logging - were supported using existing infrastructure.

Consent mechanisms offered private, event-driven models flowing from age assurance outputs. In contrast to proactive parental controls, these systems were typically triggered at the point of access and enabled parents or guardians to make access decisions without the need for direct age verification of the child.

Design approaches varied significantly across participating providers. The systems evaluated ranged from lightweight verification (e.g. email loops) to more formalised models involving ID checks or credentialed consent tokens. This variation affected consistency in how consent authority, accountability and revocation were handled.

Most systems assumed conventional family structures and static relationships. The majority of implementations were structured around a single parent-child interaction and did not routinely account for more complex guardianship arrangements or evolving relationships. Systems also generally lacked features enabling child input into the process.

Long-term consent logging practices varied, with implications for privacy and transparency. While some systems used minimal audit trails, others retained detailed consent records over extended periods. In several cases, retention timelines and reuse of consent signals were not clearly bounded by time or context.

Emerging innovations showed potential to support more dynamic consent workflows. Some providers demonstrated credential-based or tokenised models of consent that included features such as time-bounded approval, scope limitation or revocation. These approaches may support more responsive or flexible consent experiences as services evolve.

Alignment with international standards was evident, though implementation maturity differed. Most participants referenced frameworks such as ISO/IEC 29184 and IEEE 2089.1. However, the extent to which consent mechanisms incorporated core elements - such as verifiability, informed action and accessibility - varied between implementations.

Consent was generally positioned as a one-time event, with limited ongoing interaction. Few systems enabled consent to be updated, refreshed or adapted over time as children grew older or circumstances changed. Most designs focused on a single transaction rather than a continuing parent-child-service relationship.