Governments around the world are passing online age restrictions in an attempt to keep children and teens safe online. While often well-intentioned, age check requirements pose significant risks to people’s privacy, security, and access to an open Internet.
Strong protections and independent oversight are necessary to ensure these policies achieve the goal of improving online safety. Without this, age check requirements become entry points for data breaches and close off people’s access to online services.
The current global patchwork of requirements is also fragmenting the open, global Internet. A lack of common standards leads to incompatible systems across borders, unequal access to online services, and reduced trust in the Internet.
Everyone deserves a safe, secure, and trustworthy online experience. That’s why effective online age restrictions must mitigate these risks for everyone and guarantee young people have access to safe, age-appropriate content. There are three guiding principles for policymakers and regulators.
Protect People’s Privacy and Security
Many age checks require people to provide their government ID or financial account information to verify their identity. The more personal data people are required to provide, the greater the security and privacy risks become.
No service is immune to data breaches, and there is no available age check solution that is fully privacy preserving. That’s why age checks should limit data collection and processing to an individual’s age or age range.
People deserve to choose how their data is used, and age check providers should not be able to identify or track a user. Any data they collect should only be used to complete the age check and deleted when no longer needed.
Even with strong security protections, perceived privacy intrusions still carry risks. For instance, some people, regardless of age, may feel uncomfortable using a web camera to scan their face. This method, known as facial age estimation, has become a common method for determining age.
These privacy fears—real or imagined—can deter people from accessing reputable, age-restricted services. This can also lead them to seek out alternative, often riskier services and workarounds that do not comply with the law.
Some governments are considering restricting the use of virtual private networks (VPNs) because they can get around area-specific content restrictions. VPNs are important privacy tools for individuals, activists, journalists, and businesses to secure their network connections. We must not let governments weaken or ban legitimate security tools to enforce age checks.
Ensure Accessibility for All Users
Age verification laws can make it more difficult for certain populations to access online services. To be truly accessible, anyone should be able to complete an age check, regardless of their personal circumstances, device type, or computer skills. Unfortunately, this is often not the case.
For example, refugees and other migrant groups may not have government IDs or financial accounts. Low-income individuals may not have access to a web camera or a strong enough Internet connection to complete an age check. Some facial age estimation tools have varying accuracy across different racial groups.
Many age check methods also don’t account for people with disabilities. People unable to drive may not have an ID, some disabilities make people look younger, and age checks may be difficult or impossible to complete with assistive technologies.
If age check requirements are in place, everyone must be able to complete them. We believe that people should have multiple options for how they can provide their age or age range, allowing them to choose the method best suited to their circumstances. All age check technologies should be evaluated for accessibility before they are implemented.
Protect an Open and Global Internet
Everyone should be able to easily complete age checks regardless of where in the world they are connecting to the Internet, with confidence that their data and privacy are secure. But a patchwork of different age requirements, types of age checks, and impacted services is fragmenting the Internet.
Fragmentation divides the unified, open, global Internet into smaller, isolated networks that are subject to different rules, regulations, and technical standards. People living in different jurisdictions have increasingly different experiences on the Internet.
Age gates and varying access to online services contribute to fragmentation and threaten the interconnectedness that enables seamless Internet use.
We believe the technology used for age checks should be interoperable and have security protections by default. These requirements should be guided by global standards for user-friendly design, reliable verification, and strong default security, including encryption.
Interoperability across jurisdictions will help uphold the principle of an open and global Internet.