Data protection of age verification services under scrutiny: How are personal details being utilized?
In recent news, the European Union has been implementing stricter age verification measures across several countries, including France, the United Kingdom, Germany, Spain, and Italy. One of the age verification providers used by several pornographic websites, AgeGO, has come under scrutiny for its data storage practices.
AgeGO, a service used by Xvideos, XNXX, and Tnaflix, sends user data like webcam streams, IP addresses, and age confirmation to Amazon Web Services (AWS) program Amazon Rekognition. However, it's not clear what AWS does with the data once it is received, and AgeGO, Amazon, and the three pornographic sites have not responded to requests for more information.
In an interview with Le Parisien, ARCOM, the French regulatory authority for audio-visual communications, stated that they are working on a report regarding AgeGO's data storage practices. The report found that AgeGO collects emails, which may not be necessary for age verification, constituting a 'dark pattern' under EU regulation.
Vincenzo Tiani, EU senior policy counsel at the Future of Privacy Forum think tank, suggests that any data collected by a third-party age verification service provider should be deleted as soon as it's verified. He also considers a digital wallet, like It'sMe, the safest way for users to provide data for age verification, as it shares only the necessary data with the provider and not all personal information.
Under French regulations, identity documents can only be stored if the user has chosen to store their data for future login attempts. Data can sometimes be delayed but should not be kept for more than 30 days, according to Tiani.
Other age verification services provide data such as the user's age confirmed via official IDs (e.g., electronic ID cards, passports), bank KYC procedures, or AI-based behavior analysis assessing user activity and content preferences to estimate if they are over 18, often using anonymized or cryptographic proofs so that the exact birthdate remains undisclosed.
As age verification systems become more prevalent, concerns about data privacy and storage are on the rise. Searches for Virtual Private Networks (VPNs) have skyrocketed in the UK after new online age verification rules were enacted. Providers working with foreign companies like Amazon, based in the US, have conducted a data protection impact assessment.
The European Union plans to roll out European Digital Identity Wallets (eID) by the end of 2026, which may help alleviate some of these concerns by providing a standardized and secure method for age verification.
Recently, France's regulator ARCOM issued formal notices to five pornographic sites to comply with new regulations to put in place age verification. The report comes a month after these notices were issued. Tiani suggests that other age verification sites may be handling user data similarly to AgeGO, making it crucial for users to be aware of the data they are sharing and with whom.
Read also:
- Internet users in Hyderabad suffer as power utility disables broadband cables: COAI reports
- Top 15 Pivotal Risks to Mobile Application's Security
- Quarterly Market Review Q2 2023 Update
- Revising the title: Redefining "Bring Your Own Device" Policies for a Secure and Flexible Workspace in the Hybrid Work Environment
