Is Digital Age Verification the End of Privacy?

New age verification laws are popping up on every corner of the internet, and they’re quickly becoming a threat to digital freedom as a whole. 

The intention, and desired effect, is to restrict access to mature content, and protect under 18s from digital spaces they shouldn’t be in or exposed to. This seems like a good, if not necessary, step —but the road to hell is paved with good intentions.

Age-gating puts your privacy on the chopping block, and could change how we use the internet for the worse. To understand why this is a huge and severe problem, we need to head down a deep, dark rabbit hole. Buckle up, it’s going to be a bumpy ride.

Age-Gating Is Older Than You Realize

It’s practically a certainty you’ve already experienced age-gating, because most websites, apps, and services have no choice but to implement it. 

It makes sense when the site or service itself deals with age-restricted content or adult services, like pornography, gambling, the sale of alcohol, dating apps, or private chat rooms — but why are seemingly harmless apps like YouTube, Gmail, or Instagram also age-gated? We can thank 90s internet culture, shady practices, and US federal law for it.

The Origin of Children’s Privacy Protection 

In 1995 at the dawn of home internet, the now defunct website, KidsCom, launched. It was one of the only websites intended exclusively for children, and used sneaky means — namely competitions, a pen pal system, and registration forms — to gather information about its users. 

According to the Center for Media Education, KidsCom’s data collection practices were concerning, as it never asked for consent. In 1996, the CME filed a petition with the Federal Trade Commision to place KidsCom under investigation.

The FTC obliged, and in 1997, published their findings as the KidsCom Letter. This report established KidsCom’s practices were deceptive and violated US privacy laws. The FTC also noted collecting the data of children was a wide-spread practice, and promised to “monitor such practices and recommend future enforcement actions as appropriate.”

This led to the creation of the Children’s Online Privacy Protection Act (COPPA) in 1998, and set the stage for the storm we’re headed into today.

How COPPA Changed the Internet

COPPA was put into effect in 2000 to protect children younger than 13. Under it, all websites and online services designed for children of this age bracket must:

• • Disclose their intention to collect user data, and what it will be used for
  • Acquire parental consent to collect user data
  • Give parents the choice to opt out of all non-essential data collection
  • Ensure collected data is easily accessible to parents upon request
  • Maintain the confidentiality, security, and integrity of collected data
  • Collect data that is reasonable or necessary only

These rules extend to websites or online services that collect data from general audiences (because they might include children), and third parties in collaboration with websites or services aimed at minors. 

COPPA is a US Federal Law, but it applies — and can be enforced — internationally if the website or service is accessible to American children.

Compliance is a hassle, and many operators would rather avoid the red tape, so they do the alternative — bar kids from their websites. This is the sole reason you have to confirm you’re older than 13 to use most websites and apps, from Facebook to Discord.

It might sound like a win-win because children are protected and websites don’t have to jump through hoops of fire to avoid fines and lawsuits. In theory it is — but there’s one glaring oversight.

Age-Gating Doesn’t Work

Typically, websites will ask politely if you’re old enough to access their content, and if you say yes, you’ll be allowed in — no questions asked. Little to nothing is stopping kids from falsifying their ages and accessing all the inappropriate content we’re trying to keep them away from. To combat this, operators have come up with laughable means of age verification. 

Some websites require you to input your date of birth, but this is no better than the Yes/No pop-ups. It’s an honor system few people take seriously enough to abide by, and it’s all too easy to lie. Attempts to scout out a user’s age through questionnaires have also failed miserably. Children could simply learn the answers, guess, or ask an adult.

In China, your activity is linked to your ID, and the government has used this system to impose a slew of frustrating controls. Under 18s are only permitted to play video games for up to two hours a week, and only on weekends or public holidays. The Chinese government is now trying to limit internet access as a whole for children. Although it’s stringent, children can still bypass the regulation with co-operative parents, by using their parent’s ID without their knowledge, or with a VPN.

Facial recognition is on the rise, and is believed to be one of the more effective verification methods, because it estimates your age based on your features — something you can’t fake unless you have a fantastic prosthetics artist. The problem is it’s discriminatory, and isn’t as accurate when identifying minorities, gender-queer people, or people with facial disabilities. 

Beyond this, no two faces are the same. Some kids look older than they do, and some adults are forever young. Imagine being locked out of your accounts because AI doesn’t believe you’re as old as you say you are. Even the notion!

Digital Age Verification Is Intensifying

The only way to implement a foolproof age verification system is to create an invasive one where you will have to sacrifice personal data to authenticate your identity. It sounds like a dystopian future, but it’s happening right now. 

Australia Dodged a Bullet

In January 2022, the Online Safety Act went into effect in Australia. Under the new legislation, the government attempted to impose age verification on citizens in an effort to prevent children from accessing restricted content, with emphasis on pornography.

The government then enlisted eSafety Commissioner to draft a roadmap (PDF) detailing how the ministry could effectively enforce their idea. The roadmap remained objective and addressed all aspects of both child safety and privacy. It recommended a pilot for age verification before mandating it, and suggested more holistic approaches, like education and awareness.

In response, the Australian government halted all plans to implement digital age verification, stating, “… Each type of age verification or age assurance technology comes with its own privacy, security, effectiveness or implementation issues.” Instead, it pledged to continue working with eSafety to lay the framework for a healthier internet for all.

Belgium’s Push for Control

Belgium has made a few changes to its gambling laws over the last few years and has come under fire for how seemingly extreme they are — going as far as to ban video games which include loot boxes. It seems this regulation was never enforced, or at the very least, game companies disregarded it and faced no consequences.

Now, Belgium has approved mandatory age verification for gambling machines across Brussels, Wallonia, and Flanders. It may not be earth-shattering, and in theory, it isn’t any different to ID checks when buying alcohol or entering adults-only clubs — but it could spell trouble.

Belgian authorities have previously been criticized for mishandling age verification with foreign minors, and have made plans to implement a virtual ID system using a widespread app named Itsme. The lines of privacy in Belgium are blurring, and enforcing digital age verification, albeit for gambling, might be a slippery slope.

Canada Has Entered the Ring

Did you know that Pornhub — one of the largest and most visited sources of adult videos — is a Canadian website? Perhaps because of this, the Digital Governance Standards Institute (DGSI) believes the country’s online child protection measures aren’t up to scratch.

As Canada awaits a decision on the pending Protecting Young Persons from Exposure to Pornography Act, DGSI has urged the government to implement biometric age verification (PDF), and deems other age-gates, like date of birth pop ups and AI age estimation, to be ineffective.

France’s New Laws Are Making Waves

France has turned itself upside down with a bundle of new laws which will oversee how minors use the internet. Authorities claim it’s to protect children from a variety of harms, including cyberbullying, age-inappropriate material, social media addiction, and mental health issues associated with overexposure to unrealistic ideals.

It’s unclear when the new legislation will come into effect, but under it, all social media platforms will have no choice but to implement age verification, and will require explicit parental consent from users younger than 15. 

Websites will also have to include measures to reduce children’s time online, and parents will be able to deactivate accounts on behalf of their children.

Germany Is Updating Its Methods

Germany has had mandatory age assurance on all adult websites since as far back as 2002. Previously, the only acceptable means of verification was face-to-face validation. 

Almost twenty years later, the country revisited how it enforces these rules, and opted to make it easier for providers to comply. Now, providers can implement digital means of verification — including age estimation and biometrics. Although it’s less effort for everyone concerned, it’s  more of a privacy risk. 

India’s Uncertain Future

India recently replaced outdated privacy laws with the Digital Personal Data Protection act. The new legislation includes regulation for children’s data privacy — something India previously overlooked.

Now, operators must obtain verified consent from a parent or guardian before collecting data of under 18s. Websites are prohibited from processing children’s data if it will have a negative impact on the child, and tracking, monitoring or targeting ads to children is outlawed.

Here’s the problem: there’s no word as to how these laws will be enforced. Since age-gating is ineffective, but age verification could easily overstep boundaries, the country will have to wait and see what comes of the new legislation. One theory is India will make use of third party validation software.

Saudi Arabia’s All-In-One ID is Bad News

Saudi Arabia began implementing a digital ID system in 2020, with the intention to improve security, safety and convenience for citizens. The smart ID not only functions as official identification, it’s also intended to store the carrier’s biometric data, records, medical information, credentials and even a digital signature.

In my research for this article, I stumbled upon more than a few opinion pieces revering Saudi Arabia for its stringent regulation of age-inappropriate media. It seems most overlook the fact that Saudi Arabia has one of the lowest internet freedom scores in the world, and with its rule over the web, comes a world of oppression and censorship.

In a country with little to no online freedom, forcing citizens to use digital identification is most likely another way to monitor civilians — a huge problem when the government can and will imprison you for disagreeing with them.

South Korea Has Eased Some Regulations

Probably the country you least expected to find on this list, South Korea has had a few outlandish laws when it comes to content on the internet. 

Back in 2004, the country adopted the Real-Name System, which required all internet users to associate their activity with their true identity. This forced website operators to collect and disclose personal user data, which some believe had the adverse effect of what was intended. Rather than quelling cyber-bullying, harassment and misconduct, it made users more vulnerable by revealing personal data.

The law became associated with South Korean actress Choi-jin Sil after she committed suicide. Cyberbullying, harassment, and an onslaught of nasty rumors she once endured were ultimately blamed. South Korea revoked the real-name law in 2012, but it still enforces age verification for restricted media.

Pornographic material is banned for the most part, and only users aged 19 and older are permitted to access mature content on the internet, including Google and YouTube.

The UK Hopes to Keep Kids Off Social Media

Similar to the origin of age-gating in the US, the UK is going to enforce age verification on all social media websites accessible to British children, no matter where the operators are based, with the Online Safety Bill.

It’s meant to reduce exposure to harmful content, and to ensure websites abide by age restrictions. No child under the age of 13 will be permitted to use social media websites, with or without consent from parents or guardians, and adult websites will require rigid ID verification before access is granted.

Website operators who do not comply will face hefty fines — up to £18 million, or 10% of the website’s annual turnover, whichever is higher. 

The US Is Implementing Porn IDs

A handful of US states have opted to enforce ID verification before users can enjoy explicit content. 

Early in 2023, Utah’s new age verification law came into effect, restricting access to pornographic websites to all under 18s. Although the intention was to prevent children from accessing such media, providers like PornHub chose not to bother and blocked the entire state. Some adult entertainers attempted to fight the law, but their case was thrown out.

Texas was set to follow suit, but ultimately rejected the idea. Louisiana and Arkansas chose to adopt it, while many more states, including Arizona and South Carolina are taking strides to implement similar regulation.

Internet Freedom Is at Stake

It’s easy to understand why so many countries hope to clean up the internet and keep children innocent. It’s also a good thing when entities and institutions consider other online plagues like fraud, cyberbullying, harassment, or even exploitation. Even so, placing us all in an episode of Black Mirror is not the way to tackle such problems. 

Australia makes a great case for education over control. People will always find a way around regulation, and it’s up to us to use the internet responsibly and teach youngsters to do the same. 

Governments should never have the right to control what you see, no matter how old you are. Dictating how netizens use the web could fast track us to totalitarianism. It’s a system that’s never worked, and only ever ended with authorities weaponizing cyberspace.

It’s up to you to decide which is the lesser of two evils — filtering the internet at the expense of privacy, or the internet itself — but CyberGhost VPN stands for an open internet, and always will.

We’re headquartered in privacy-friendly Romania where surveillance cannot be enforced. Our No-Logs Policy guarantees we will never spy on you or demand, monitor, store or share your activity. 

Protect your data with 256-bit AES encryption, or hide your activity and location behind thousands of IPs. We have servers in 100 countries, so you can safely access all corners of the internet no matter where you live, or how controlling your government is. 

What you do online is no one’s business but your own. We’ll help you keep it that way.

Want in? Download CyberGhost VPN risk-free with a 45-day money-back guarantee.