Governments everywhere are facing a big challenge: children are spending more time online, but many platforms were not built to protect their safety, privacy, or development. Social media can expose young people to harmful content, addictive features, cyberbullying, sexual exploitation, scams, and pressure from algorithms. In response, many policies now aim to block children from certain platforms or require companies to prove users are old enough.
However, this solution is creating a new privacy issue. If children and teenagers are asked to prove their age everywhere online, the next big privacy debate may not focus on passwords or screen time, but on children’s digital identity.
Age checks might ask for IDs, selfies, facial scans, parental consent, behavioral profiles, platform verification, or controls on the device itself. These systems are meant to protect minors, but they can also lead to new databases filled with sensitive information about children and their families.
Age Restrictions Are Spreading Quickly
The push for child social media restrictions is no longer limited to one country.
Reuters reported that Australia became the world’s first country to ban social media for children under 16, blocking them from platforms including TikTok, YouTube, Instagram and Facebook. Companies failing to comply with Australia’s law could face penalties of up to A$49.5 million, or about $34.9 million.
Other countries are moving in the same direction. Denmark said it would ban social media for children under 15, while parents could give access to some platforms for children down to age 13. Spain planned to require platforms to implement age verification systems as part of a proposed social media ban for minors under 16.
It is clear that policies are moving toward regulating children’s online experiences with age gates. The real challenge is figuring out how these age gates should work.
Proving Age Means Collecting More Data
Age verification sounds simple, but in practice it can require deeply personal information.
The Australian Human Rights Commission said platforms may ask users to upload ID, submit a selfie for a facial scan, or be verified through “age signals” such as when they log in, their location, who they follow, and what they post. That means a child safety rule can become a system for checking everyone, not only children.
This is why the issue is bigger than one teenager trying to open an account. Broad age checks can create “vast new datasets” about how people live and interact online, shifting the internet from data for advertising to data for permission. The Australian Human Rights Commission described this as a move from data for advertising to data for permission, where users may need to be profiled in order to participate.
For minors, the risks are even greater. Children’s data can last much longer than their childhood. A copied ID, facial scan, location history, parental relationship signal, or guessed age profile could still be valuable to companies, governments, advertisers, fraudsters, or data brokers long after the child grows up.
Age Assurance Is Not One Technology
A common mistake is treating age checks as one tool. In reality, age assurance is a family of technologies with different risks. A 2026 research paper titled Assessing Age Assurance Technologies analyzed age verification, age estimation, age inference, and parental control or consent as different approaches to online age assurance. The same paper evaluated these systems based on effectiveness, side effects, and acceptance, while warning about privacy, anonymity, bias, discrimination, exclusion, censorship, and circumvention.
These categories are important. Age verification often needs strong proof, like an ID or official document. Age estimation might use a selfie, face analysis, or other clues to guess if someone is old enough. Age inference looks at behavior, contacts, device use, content patterns, or platform history. Parental consent puts responsibility on adults, but it can leave out children who do not have available or supportive guardians.
Each method fixes one problem but creates another. ID checks might be more reliable but are also intrusive. Selfies can be quicker but raise concerns about biometric data. Behavioral inference avoids using documents but can make invisible profiling normal. Parental consent can help some children but may harm those in unsafe, unsupportive, or complicated family situations.
Children’s Rights Can Be Lost in the Design
Researchers have warned that age assurance can fail if it focuses only on blocking access. The article Children’s Rights and Online Age Assurance Systems: The Way Forward found that age assurance is often ineffective in protecting children from online risk of harm and, as currently implemented, can risk children’s rights to non-discrimination, privacy, being heard, civil rights and freedoms, and remedy.
This is the core of the digital identity problem. A system meant to protect children can still harm them if it leaves out the most vulnerable, exposes private information, or takes away spaces where young people find help. For example, a teenager looking for mental health support, sexual health information, disability communities, LGBTQ+ support, or abuse resources may be affected very differently than a child who just wants to watch entertainment videos.
The Electronic Frontier Foundation has made a similar warning from a rights perspective. EFF said age-verification systems that require government-issued IDs or biometric data create serious privacy and security risks for adults and young people. EFF also argued that parental-consent systems can cut off LGBTQ+ youth from support networks if they lack family support.
Safety Cannot Depend Only on Age Gates
UNICEF has warned that age restrictions alone are not enough. UNICEF said social media can be a “lifeline” for isolated or marginalized children by providing access to learning, connection, play, and self-expression. Age restrictions must be part of a broader approach that protects children from harm, respects their rights to privacy and participation, and avoids pushing them into unregulated, less safe spaces.
This warning matters because bans often change behavior instead of removing risk. Children might use shared devices, fake their ages, use VPNs, try different apps, or move to platforms with less moderation. If the safest mainstream platforms become harder to reach, some young people may end up in places with weaker safety and less parental oversight.
A better approach is not just to ask, “How do we keep children out?” but to ask, “How do we make digital spaces safer for the children who are already online?”
The Real Issue Is Identity Infrastructure
Age verification is often seen as a quick way to protect children, but it could become part of a bigger identity system for the internet. Once platforms start checking age, they might also create systems to verify identity, guess maturity, check parental relationships, track behavior over time, and share data with regulators.
This raises a long-term privacy question. Should children need to create a lasting digital identity just to be online? Should private companies keep records of age checks, biometric data, or parental links? Should platforms keep guessing if a user is a child based on their behavior?
The answer should not be a simple rejection of child safety rules. Children do need stronger protection online. But privacy should not be treated as the cost of safety.
So, the next privacy debate is not about whether children should be protected. It is about whether that protection will come from heavy surveillance and identity checks, or from safer design, better moderation, privacy-friendly tools, and digital spaces that respect rights.
A safer internet for children should not mean turning childhood into a permanent record of verification.
