The debate over age verification on the internet is becoming increasingly heated worldwide. What used to mainly concern gambling sites or pornographic content now extends to social networks, messaging apps, streaming services and, in some cases, even general online platforms. Governments usually cite the protection of minors as their rationale: children and young people should be better protected from problematic content, manipulative algorithms, addictive mechanisms or psychological stress. This is, of course, a desirable and important goal in its own right.
However, the more specific the technical measures become, the greater the criticism of them. This is because many of the proposed systems only work reliably if platforms collect significantly more personal data about their users – including ID details, facial scans or other biometric information. The debate has therefore long since moved beyond the issue of child protection alone. Increasingly, it centres on a much more fundamental question:
How anonymous will the internet still be in the future?
Age verification often involves the collection of biometric data
Australia has recently been the focus of particular attention. From December 2025, young people under the age of 16 will no longer be allowed to have accounts on platforms such as TikTok, Instagram, Snapchat or Facebook. The law is one of the strictest sets of social media regulations in the world. [1]
This puts platform operators under considerable pressure: companies face heavy fines if they fail to effectively exclude minors. However, this creates a fundamental technical problem. To ensure that someone is actually over a certain age, platforms will inevitably have to introduce new forms of age verification. Critics therefore point out that the actual debate is rapidly shifting: away from the protection of minors – and towards the digital identification of all users. [1]
Many modern age verification systems now rely on biometric methods. These systems (which often now use “AI” to carry out checks) analyse facial features, for example, to estimate a person’s approximate age. Other systems require identification documents or video identification procedures. At first glance, this seems practical. However, it gives rise to significant risks in terms of data protection law. [2, 3]
The debate is currently particularly heated in the United Kingdom. There, the so-called Online Safety Act requires platforms to better protect minors from harmful content. In practice, this means that many providers are having to introduce significantly stricter age verification measures. Critics, however, warn that this could effectively lead to mandatory identification requirements for large parts of the internet. Activists and data protection organisations in particular see this as a dangerous precedent: if platforms are required to verify age reliably, they will inevitably need more and more information about their users’ identities. [4]
The debate is also gaining momentum within the European Union. As part of new digital legislation and ongoing trilogues, discussions are taking place on placing greater obligations on platforms to verify users’ ages. Data protection advocates are warning in particular against a potential requirement for identity verification across large parts of the internet. The main criticism is that sensitive identity data could increasingly be linked to everyday online activities. In this context, Netzpolitik.org refers to a potential infrastructure that, in the long term, could extend far beyond the protection of minors. [5, 6]
Platforms are already experimenting with facial scans
This trend towards the normalisation and active use of biometrics is by no means merely a theoretical debate about the future. Several major platforms are already testing specific biometric age verification systems. Spotify, for example, has introduced age verification in the UK via the provider Yoti. Users may be asked to have their face scanned to confirm their age, which has in some cases been a requirement for using the platform. [7]
Discord has also recently been testing biometric verification systems in certain regions. The response has been overwhelmingly critical in some circles, particularly due to concerns about data protection and surveillance, especially as a large proportion of its user base consists of minors. This shows that the technical infrastructure for digital age verification is already being developed – gradually and often without much public attention. [8]
An Australian report, as covered by netzpolitik.org, has already warned that providers of such age verification systems could store and process large amounts of sensitive biometric data. The problem here is fundamental: biometric data is permanent and unchangeable. A compromised password can be changed. A compromised facial scan or fingerprint, on the other hand, remains linked to a person for life. This is precisely why data protection experts warn against establishing biometric systems as ‘normal’ internet infrastructure. [2, 3]
Furthermore, data collection is being extended to all users, rather than being limited to the group that is supposedly being protected. The restriction of a platform which is, in principle, understandable, for example in the case of minors for the sake of protecting young people takes on a dubious undertone due to the way it is technically implemented, as it leads to the unwarranted collection of data and surveillance of all users, regardless of whether they fall into the group in question or not.
The main criticism levelled at many age verification systems is therefore not that the protection of minors is unimportant. Rather, it concerns the long-term consequences of the technical infrastructure set up for this purpose. This is because age verification systems automatically create new opportunities for identification, tracking and data collection. And once such systems are socially accepted, the question inevitably arises as to whether their use will be expanded in the long term: to other platforms, other content or other digital services.
It is precisely this development that means age verification is no longer viewed merely as a technical or educational issue – but is increasingly becoming a matter of social and data protection policy.
Conclusion: More than just the protection of minors
The debate over age verification highlights just how rapidly the internet is changing at present. Whilst supporters see stricter rules as a necessary safeguard for minors, critics warn of a creeping loss of digital anonymity. The real question, therefore, is not only how we protect children online, but also whether the internet should, in the long term, remain a space that can be used without the need for constant identification.
Sources
- Reuters – Australia and Europe move to curb children’s social media access
- Netzpolitik.org – Anbieter von Alterskontrollen horten biometrische Daten
- The Conversation – Facial recognition data is a key to your identity
- BBC – UK Online Safety Act and age checks
- Netzpolitik.org – Warnung vor Ausweispflicht für weite Teile des Internets
- Netzpolitik.org – Fachleute blenden Gefahren von Alterskontrollen aus
- 404 Media – Spotify UK age verification using Yoti
- GIGA – Discord Altersverifizierung und Datenschutzkritik