The digital landscape has become an integral part of our lives, and social media platforms are at its heart. While these platforms offer undeniable benefits in connecting people and fostering communities, they also pose significant risks, especially for children. Exposure to inappropriate content, cyberbullying, and the addictive nature of social media have raised serious concerns among parents and policymakers alike. In response, countries are grappling with how best to protect kids online, and the debate over age verification is taking center stage.
These initiatives are well-intentioned but have drawn criticism for potentially infringing on privacy rights and failing to address the root causes of the issue. To create a safer digital space for children, we must critically evaluate these measures and explore privacy-friendly alternatives that balance protection with education.
Global Initiatives to Regulate Kids’ Access to Social Media
Driven by the need to shield minors from online harm, several countries have announced plans to implement age restrictions on social media platforms. Australia has approved legislation that would require social media companies to take “all reasonable steps” to verify the age of users and obtain parental consent for users under 16. Greece is also mulling a ban on social media access for children under 15, with age verification as a key component. Similarly, Italy’s communications and media authority is looking to adopt new age verification requirements around adult-themed products and content. This global trend underscores a growing recognition of the need to protect kids in the digital realm.
What GDPR and DSA Say About Protecting Kids Online
The General Data Protection Regulation (GDPR) and the Digital Services Act (DSA) in Europe provide a framework for protecting children’s data and online safety.
GDPR requires platforms to obtain verifiable parental consent for processing the data of children under 16, although member states can lower this age to 13. Most EU countries have opted for placing the barrier at the age of 15.
The DSA complements GDPR by placing obligations on online platforms to mitigate systemic risks, including the protection of minors. Article 28 of the DSA mandates that online platforms implement measures to ensure a high level of privacy, safety, and security for minors. It emphasizes the need for age-appropriate design and the prohibition of targeted advertising based on the personal data of minors.
Both regulations emphasize the importance of protecting children online but leave the specific methods of age verification open to interpretation.
What Is Age Verification?
Age verification is the process of confirming an individual’s age to ensure compliance with legal regulations and to restrict access to age-sensitive content, products, or services. However, it is essential to explain that age verification is different from age assurance.
Age assurance is an umbrella term encompassing various techniques to determine or estimate a user’s age or age range. It includes methods like self-declaration, age estimation through AI analysis of facial features, and age verification. The goal is to apply an age-appropriate experience for users, with varying levels of confidence depending on the method used.
On the other hand, age verification is a subset of age assurance and involves confirming a user’s age with a high degree of certainty, typically through official documents or reliable data sources. This method ensures compliance with legal requirements for age-restricted content or services.
In summary, while age verification provides a definitive confirmation of age, age assurance encompasses a broader range of methods with varying levels of certainty to determine or estimate a user’s age.
Age Verification Options and Their Drawbacks
While the concept of age verification seems straightforward, its implementation presents significant challenges, particularly concerning privacy and user experience.
- Identity Document Uploads: Platforms may request users to upload government-issued IDs to verify their age. While this method is reliable, it raises concerns about privacy and accessibility. Collecting sensitive data increases the risk of breaches, while not all children possess valid IDs.
- Credit Card Verification: Requiring a credit card for age verification is another option. However, many minors and their families do not have access to credit cards. In addition, credit cards can be shared, undermining the verification process.
- AI-Based Age Estimation: AI systems analyze facial features to estimate a user’s age. While innovative, this approach has drawbacks, too. AI tools can make errors, particularly with diverse demographics. There are also privacy concerns since facial data collection risks misuse or unauthorized access.
- Parental Consent Mechanisms: Platforms can require parental consent for younger users. In this case, challenges include the complexity of ensuring the legitimacy of parental consent and the burden placed on the parent’s shoulders.
- Self-declaration: This is the simplest method, but it’s easily circumvented by children.
Digital Identity Wallets: A Privacy-First Solution
Digital identity wallets, such as the European Digital Identity (EUDI) initiative, offer a promising alternative. These wallets enable users to store verified credentials, such as proof of age, in a secure and decentralized manner. Key benefits include:
- Privacy Protection: Users share only the necessary information, such as age verification, without revealing additional personal data.
- User Control: Individuals maintain control over their data, reducing the risk of misuse.
- Interoperability: Digital identity wallets can be used across multiple platforms, streamlining the verification process.
By leveraging such technologies, governments and platforms can implement age verification without compromising user privacy. However, EUDI wallets are not projected to be widely adopted before 2026. According to the project timeline, throughout 2025, Member States are expected to make the first versions of their national EUDI wallets available to citizens and residents. Ongoing feedback from pilot projects and early adopters will inform further refinements. By 2026, public and private services across the EU will be required to accept the EUDI Wallet for authentication purposes.
Is Banning Access the Right Solution?
While banning children under 15 from social media platforms may reduce their exposure to harmful content, it does not address the underlying causes of online risks. A ban risks pushing children towards unsupervised and potentially unsafe online spaces. However, there are some more questions to consider.
How do we ensure that teens adopt responsible practices when using the internet after they have become 15 years old? By banning their access to these platforms, do we just postpone the emergence of these issues for some years without really addressing them? And what about parents, who are digital immigrants and do not fully comprehend this technology?
It is evident that a more balanced approach is needed.
The Greek Commission for Bioethics and Technoethics has issued an announcement highlighting that “children’s wellbeing should be fostered by raising family and community awareness through digital media and information literacy programs, promoting critical thinking and healthier social interactions and social media diet, as well as through multi-stakeholder initiatives to build a repository of real-life scenarios of social media’s risks for children along with good practices and recommendations.”
Therefore, the following initiatives must be considered and implemented:
- Digital Literacy Education
Teaching children about safe online practices empowers them to navigate the digital world responsibly. Schools, parents, and platforms should collaborate on awareness campaigns that highlight the risks of online content and promote critical thinking and responsible usage.
- Parental Guidance
Encouraging parents to actively engage in their children’s online activities fosters trust and accountability. The combination of adults’ diligence and teens’ enthusiasm can promote discussions and debates that ultimately will promote safe practices for all – kids and parents.
3. Listen to the Kids Themselves
Finally, it is equally important to listen to what kids and teens have to offer to the whole debate, in accordance with Article 12 of the UN Convention on the Rights of the Child (UCNRC) on children’s right to have a say on matters that affect them. After all, it’s about how they interact and communicate with their peers.
Building a Safer Digital Ecosystem
To truly safeguard children online, we need a multi-faceted approach that combines regulation, technology, education, and awareness. Age verification methods must be designed with privacy at the forefront, leveraging innovations like digital identity wallets. At the same time, fostering digital literacy and listening to the views from all stakeholders, including the kids, are essential to addressing the issue at its root.
Anastasios Arampatzis is a cybersecurity content strategist, writer, and consultant with expertise in cybersecurity, digital identity, and regulatory compliance. Tassos has a strong background in creating thought leadership content, marketing materials, and strategic communications tailored to CISOs, security professionals, and business leaders. He has contributed to various cybersecurity publications and collaborates with organizations to develop compelling, insightful content that addresses industry challenges. He is a privacy advocate and a member of the ISC2 Hellenic Chapter. Before joining Bora, Tassos was an Hellenic Air Force Officer with a solid background on IT and Infosec.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.