The Age Verification Conundrum: Protecting Minors vs. User Privacy


Digital natives are the most technologically advanced human population but also, the most vulnerable section of today’s society. According to UNICEF, 71% of the youth in the age group of 15-24 years of age are the most connected age group compared to 48% of the global population. A UK survey found that 18% of children registered in social media platforms are below 11 years. In fact the children enter the online space even before being born as parents post pregnancy pictures hence, creating a digital footprint for their child even before they are born. That’s why the online world is native to this generation and are called Gen Z and Gen Alpha. For them, online space is the prime platform to interact, participate and assert some power.

Children in their initial ages are less equipped to deal with challenges of the online world as they struggle to differentiate between online and offline world. Mobile phones have been a facilitator of ‘bedroom culture’ where everyone can access the internet in private with less supervision and anonymity in the internet, increasing the chances that they will fall prey to criminals on the internet.

Children are at high risk of accessing age-inappropraite content like sexually explicit content, porn videos, self harm, suicide and anorexia. There is a high probability that they fall prey to cyberbullying, for instance, 85% Indian children have been cyberbullied, highest in the world, all these negative experiences leaves a deep negative imprint at this tender age.


Children are not well equipped to handle the consequences of their behaviour online. Further, platforms have adopted hooking techniques to ensure children remain hooked to their platform. One of the tools to protect children from this unusual and traumatising experience is age verification mechanisms. Different platforms apply different regime of age verification mechanisms in order to bar minors from accessing age-inappropriate content on their platforms.

But this age verification mechanism has also been criticised because of the dilemma that exists to protect children online while also ensuring their right to privacy with security. Governments all around the world are pressuring online platforms to take measures to protect children from harmful and illegal content. The EU's General Data Protection Regulation (GDPR), the golden standard in the field, explicitly recognized that children need to be protected and hence, online platforms shall take parents' consent before processing personal data of the children. The USA came up with the Children's Online Privacy Protection Act in 1998 and now COPPA 2.0 to strengthen the legal provision to protect children. As President Biden acknowledged the gravity of the situation saying, ‘strengthening children’s privacy online as part of mental health initiative’. California in has come with the Age Appropriate Design Code Act with the objective to keep in mind the ‘best interest of the child’.

Age Verification Mechanisms

Different platforms restrict access to their products and services to meet regulatory requirements and do not offer services to certain age groups of people. Instagram restricts access to users under the age of 13 years. But many researchers have found that all these traditional mechanisms to verify age are of no use as they are usually bypassed by the children of the digital age. Platforms currently adopt different ways to check the age of the users with certain deficiencies.

Self Declaration: the age by agreeing to terms and conditions or by entering the date of birth. This method is the easiest to bypass. According to study 45% of the children aged below 13 years use Facebook.

Identity Documents: Verifying users by matching identity like voterId, Aadhar with the database, however it creates a honeypots for cybercriminals to breach the data security and access personal and sensitive users of the platform. Thereby, it amounts to higher degree of risk to personal data.

Parental Consent: This method to verify is something which has huge social implications because it will further restrict the use of the internet for a girl child as due to social settings in India and in places in the world they might not get permission to access and explore the internet. This way of verification is also prone to be bypassed through providing fake consent by children.

Credit Card / Debit Card: Used mainly by the banking and finance related platforms. However, children nowadays have easy access to debit cards of parents and have potential to be misused.

Biometrics: This new technique is more intrusive and possesses several security risks as it collects data like iris scan, fingerprints and face recognition technology.

Analysing Patterns: system works on inferences, like understanding the patterns of internet browsing or analysing their maturity by means of questionnaire or polls, Google uses this method to identify the browsing pattern.

Digital Identity Apps:They utilise a third party effective age verification method where it will collect personal information from the phone and generate a QR or link to connect with the app, allowing age attributes to be shared with the app user wants to access. Example, France will soon be required to use a government licensed digital certificate app to access online pornography, the details are yet to be finalised. Recently, Instagram also, in a bid to verify users age effectively tied up with Yoti, identity verification tool provider company and specialising in age verification online. It verifies age based on facial patterns and features. Photos and data related to it are deleted by both Meta and Yoti, once the age is verified.

Social Vouching: is used when the platform asks for three mutual followers to confirm how old they are but this can also be bypassed by the users and tech savvy children easily.



India does not suggest age verification mechanism and recent laws also failed to understand the importance of the issue as the verification carries different implications for different sections of the society. Digital Personal Data Protection Bill, 2022, puts obligation on data fiduciaries before collecting personal data of children to obtain verifiable parental consent. New Online Gaming Rules, 2023 mandates Self Regulation Organisation (SROs) to include in its framework some mechanism to verify online gaming intermediary, measures to safeguard children, including measures for parental or access control and classifying online games through age-rating mechanism, based on the nature and type of content. However, it left the scope of mechanism to be explored by online gaming platforms.

The Conundrum

Age verification alone is not the solution to the problem of children's access to unrestricted products and services; therefore, there is a need for educational resources to inform and create awareness amongst parents of the risks and harms associated with online gaming.

Every age verification mechanism carries with them some level of invasiveness and risks to privacy and those which are less pervasive are easily bypassed by the tech-savvy kids. Technology solution companies must acknowledge this dilemma and suggest robust technological solutions which balances safety, security and privacy but at the same time supplementing efforts with the educational and awareness campaigns is necessary to develop a holistic approach for the issue.


Recognized bodies should certify the age verification providers, who provide mechanisms to online platforms to verify age. Also, a single audit body can be specified to investigate, audit, monitor and assess the age verification regime of various online platforms and constantly check their compliance. Big techs are also required to follow the rule of proportionality and local community standards and shall ensure that they evolve with time. This conundrum between protection of children and privacy is a delicate balance that needs to pass the test of proportionality in an effort to protect children.