If you are a gamer in the UK or Ireland, you may have recently received an email from PlayStation asking you to verify your age. Sony has begun rolling out age verification for users in the UK and Ireland, which is part of the UK’s Online Safety Act and will be mandatory starting June 2026. This is just the beginning of a much larger trend sweeping across the digital world.
The Rise of Age Verification Laws
Digital regulators aren’t taking chances anymore. The UK’s Children’s Code requires online services to use strong privacy settings for children and minimise data collection, while Australia’s Online Safety Amendment plans to ban under-16s from social media, enforcing this via age verification and imposing heavy fines on platforms.
Ireland’s Online Safety Code, adopted in October 2024, requires video-sharing platforms like YouTube, Facebook, TikTok, and Instagram to enforce age-verification procedures before users can view adult or harmful content, with measures based solely on self-declaration no longer considered effective.
Starting from July 25, millions of Britons need to prove their age before accessing certain websites or content, with sites displaying adult-only content required to use robust age checks under the Online Safety Act.
The Methods: From ID Scans to Facial Recognition
Age verification systems today use multiple techniques to confirm whether users meet platform age requirements. These methods range from simple mobile carrier checks to advanced facial recognition and government ID verification.
Facial Age Estimation (AI Recognition)
Users submit a selfie or live video, and AI estimates their age by analysing facial structure, skin texture, and other biometric markers. While convenient, this method collects highly sensitive biometric data that could potentially be reused for surveillance or tracking purposes. Studies have also shown accuracy issues, especially across different skin tones and age groups.
Government ID Verification
Platforms may require users to upload passports, driver’s licences, or national IDs. OCR systems extract personal information such as full name, birth date, address, and ID numbers for verification. The biggest concern is long-term storage of these documents, as breaches could expose permanent identity information that users cannot change.
Bank and Mobile Carrier Checks
Some systems verify age using banking records or mobile carrier databases. Instead of collecting biometrics, platforms receive confirmation that a user is above a required age threshold. These methods are generally considered less invasive, although they still create data-sharing relationships between platforms, banks, and telecom providers.
Email and Data Broker Verification
Certain services estimate age using historical data linked to an email address. Data brokers analyse previous records, social media activity, and public databases to infer a user’s age. Critics argue this approach strengthens the data broker ecosystem while relying on information that may be inaccurate or outdated.
Photo ID Matching and Liveness Detection
More advanced systems combine ID verification with live facial scanning. Users submit both a government ID and a live selfie, while AI checks whether the person matches the document and confirms they are physically present. This creates one of the most privacy-invasive verification models because it combines identity documents, biometric data, and behavioural analysis.
Zero-Knowledge Proofs (Emerging Privacy Tech)
Newer privacy-focused systems aim to verify age without exposing personal identity. Using cryptographic proofs, users can confirm they meet age requirements while keeping their actual data on-device. The EU is currently exploring broader adoption of these systems, with wider implementation expected between 2026 and 2027.
Effectiveness vs. Privacy: A Contradiction
A concerning paradox emerges: protecting children online may require companies to collect more personal data than they otherwise would and potentially subject themselves to additional privacy requirements and consumer concerns.
Age verification schemes often rest on the premise that there is consensus on the nature of content that young users must be restricted from, but this consensus doesn’t exist, moreover, there is no one-size-fits-all system for protecting children in online spaces.
Concerns from Digital Rights Organizations
Digital rights advocacy groups worry that age verification restrictions could chill certain types of speech, including whistleblower reports, employment experiences, and reports of sexual abuse.
The Regulatory Balancing Act
Governments are attempting to find middle ground. Ireland’s Online Safety Commissioner has stated that age verification measures must be “robust, privacy-respecting, and holding data for no longer than it is necessary”.
The Federal Trade Commission issued a policy statement announcing that the Commission will not bring an enforcement action under COPPA against certain operators that collect, use, and disclose personal information for the sole purpose of determining a user’s age via age verification technologies.
However, regulators insist the rules must operate under strict privacy and security safeguards, with companies bound by existing consumer protection rules governing data minimisation, retention, and security.
What Should Parents and Users Know?
- Age verification is expanding globally – It’s not just a UK/Ireland issue anymore
- Your biometric data is at risk – Many systems collect facial recognition and ID information
- Data brokers are involved – Third parties may retain information longer than necessary
- Alternative methods exist – Not all verification requires biometric data
- Regulation is still evolving – The rules are changing rapidly across different jurisdictions
How You Can Stay Private
If you’re concerned about your privacy during these age verification processes, consider these steps:
- Review privacy policies carefully before completing age verification
- Use VPNs to protect your online activity from third-party monitoring
- Opt for non-biometric methods when age verification allows choices
- Monitor data collection practices by platforms you use
- Keep your kids informed about what data they’re sharing and why
PureVPN’s Stance: Privacy and Protection Can Coexist
At PureVPN, we believe protecting children online and preserving user privacy should not be treated as opposing goals. While age verification can help reduce harmful content exposure, many current methods rely on excessive data collection, including facial scans and government IDs.
We advocate for privacy-first verification systems that collect the minimum amount of data necessary. Less invasive methods like mobile carrier checks and zero-knowledge proofs should replace biometric surveillance wherever possible.
Platforms should also enforce strict data retention limits, remain transparent about third-party verification providers, and ensure users can delete their data. Most importantly, age verification data should never be used for advertising, profiling, or tracking.
Child safety matters. But history has shown that temporary security measures often evolve into permanent surveillance systems. The future of online safety should focus on privacy-preserving innovation, not mass data collection.
The Bottom Line
Age verification laws represent an important attempt to protect children from harmful content online. However, we cannot ignore the legitimate privacy concerns they raise. The most effective approaches will be those that are robust yet privacy-respecting, collecting and holding data only for as long as necessary.
As these regulations continue to evolve globally, staying informed about what data you’re sharing and with whom has never been more important.
