Open Rights Group published the article Online harms: Millions could be forced to use unregulated age verification on the age and identity verification obligations in the UK under the Online Safety Act (OSA), that pretends to protect children.

The article contains important lessons for the EU (EUDI-wallet) and for the EU countries:

Failure to regulate age assurance industry

Open Rights Group has written to the Secretary of State for Science, Innovation and Technology, Liz Kendall MP calling for regulation of age assurance providers operating under the Online Safety Act. The letter was also signed by Age Verification Providers Association (AVPA) and over 600 members of the public.

A ban on social media for under 16s would require everyone to prove their age in order to use social media platforms. The rapid expansion of age assurance risks creating a new layer of digital infrastructure that concentrates power over identity, biometrics and access to public life in the hands of private companies, with limited democratic oversight or public accountability.

Going through an age verification process often involves sending irreversible biometric identifiers into global commercial data ecosystems. There are already examples of platforms using the additional data gained from these processes to target people with harmful online advertising.

The measures announced, including age gating VPNs, AI Chat bots, or features such as infinitive scrolling, would compel millions more people to hand their sensitive bio-metric data over to big tech.

It is platforms, not users, that decide which age verification providers are use. Many users may be unaware of the investors and financial networks behind the identity infrastructure now being embedded into everyday internet use, and the links some of those networks have to wider surveillance, defence, and intelligence ecosystems.

For example, Roblox, Reddit and Discord users have to submit facial scans to the age verification provider Persona, a company that Peter Thiel, co-founder of surveillance and data analytics company Palantir, has heavily invested in.

ORG is asking the Government, ICO, and Ofcom to establish compulsory privacy and security standards for age verification providers to ensure that users’ sensitive data is protected.

NB Microsoft (LinkedIn) is also pressuring users to identify themselves through the Thiel company Persona.