Age verification for kids could expose millions to data leaks, experts warn

**TL;DR** Governments proposing age verification measures for minors on social media could inadvertently increase the risk of exposing sensitive personal data through broader collection and potential breaches. Experts warn that mandates requiring age data sharing with numerous third parties create new cybersecurity vulnerabilities for children.

Governments worldwide are increasingly pursuing age verification for minors on social media platforms, aiming to enhance child safety online. Australia led this movement by enacting a social media ban for users under 16. These legislative efforts seek to control access, but they also introduce complex cybersecurity challenges. Implementing such policies often requires users to submit personal data, including government IDs or facial scans, linking online accounts to real-world identities.

This data collection model creates a centralized target for cyber adversaries. A 2025 Discord breach demonstrated this risk directly, exposing government ID photos of approximately 70,000 users worldwide. This incident stemmed from a third-party vendor handling age-related appeals, illustrating how sensitive age verification data can be compromised. Furthermore, efforts to integrate age verification at the app store level raise additional concerns. Google warned that this approach would necessitate sharing detailed age data with millions of developers who do not require it, posing significant risks to children's privacy and security. Teenagers also frequently bypass these controls, using false dates of birth or older individuals' details, often leading them to less secure platforms or exposure to data-harvesting scams.

The practical implication for organizations is a substantial increase in sensitive data requiring stringent protection, directly impacting security teams. A child's compromised personal data, including government IDs, can fuel identity theft, fraud, or targeted exploitation on illicit marketplaces. Policymakers face a critical balance: protective measures must not inadvertently create larger data honeypots that attract sophisticated attacks. The focus must extend beyond bans to robust data security frameworks and comprehensive digital literacy education for both children and parents. Watch for ongoing debates between governments and tech companies regarding scalable, privacy-preserving age verification technologies.