To ensure that the comments section of your website complies with the Child and Adolescent Statute (ECA) in the digital environment, as well as respecting the Internet Civil Framework and the General Data Protection Law (LGPD), you will need to implement access barriers and clear policies.
Restricting the reading and posting of comments only to those over 18 years old requires a combination of legal and technical strategies. Here is a step-by-step guide on how you can do this:
1. Update the Terms of Use and Privacy Policy
Before any technical change, the rule must be clear in the "contract" between you and the user.
Explicit rule: Add a clear clause in the Terms of Use stating that the comments section is strictly prohibited for minors under 18 years old.
Liability notice: Make it clear that ideological falsehood (lying about age) is a crime and exempts the platform from liability if the user fraudulently circumvents the rules in bad faith.
2. Implementation of an "age gate" (age filter):
The most basic form of protection is an age verification pop-up before the user can access the comments page.
How it works: A visual screen block that asks: "Are you over 18 years old?" with "Yes" and "No" buttons, or requests the user to enter their date of birth.
Limitation: It is easy to bypass, but it demonstrates the site's good faith in trying to prevent minors' access, being the standard for alcohol-related websites, for example.
3. Login requirement (mandatory registration):
To more effectively prevent reading and posting, comments should not be public (open to non-logged-in visitors).
View blocking: Hide the comments section behind a notice: "Log in to read and participate in the discussion".
Date of birth collection: In the registration form, make the "Date of Birth" field mandatory. If the system detects that the person is under 18, the registration (or access to the comments module) must be automatically blocked.
4. Strict verification (CPF validation):
Attention: If your website's content is sensitive (such as gambling, adult content, or violent themes), simply asking for age is not sufficient for Brazilian law. You will need proof of identity.
Database validation: When creating the account, require the user's CPF. Use a verification API (such as services from Serpro, ClearSale, or idwall) to cross-check the name, CPF, and date of birth with the Federal Revenue Service.
Why do this? This ensures with very high accuracy that the owner of that account is, in fact, of legal age.
5. Extra caution with LGPD
When collecting birth dates and CPFs to comply with the ECA, you encounter the LGPD.
Purpose and Minimization: You must collect this data exclusively for the purpose of age verification and protection of minors.
Security: This data must be stored with encryption and enhanced security, as leakage of CPFs can result in heavy fines for your website.