This Pride, we’re answering all your digital rights questions in season two of our initiative,
LGBT Q&A
.
You Asked:
I live in the UK, and we have age verification now on a bunch of websites (including Reddit) and now on iPhones. Can you explain what sort of data companies are actually collecting when they check for age and whether there are any real threats to my safety?
EFF’s Answer:
Age verification is a
process
where a website or service checks your age to determine whether a user is over a certain age, in the UK this age is 18.
As of
July 2025
, all platforms in the UK that host content considered by the UK government and the country’s telecommunications regulator Ofcom to be
harmful
are legally obligated to check that their users are over the age of 18. If not, users cannot access the content.
There are various
privacy implications for data sharing
with age verification. Unfortunately, because services may use different methods to verify users’ ages, you’ll usually have to do a little digging to learn how each provider you have verifies their users, and consider
what information might be harmful
to your personal safety:
The data itself:
What info does each method require users to disclose?
Access:
Who can see the data during the course of the verification process? Does anything other than the age result leave your phone or device? Is the provider told your date of birth, or just if you’re over 18? Which third party services see the information you send?
Retention:
Who will hold onto that data after the verification process, and for how long? Sometimes it’s deleted immediately. Sometimes it hangs around forever, waiting for a data breach.
Audits:
How sure are we that the provider’s stated claims around data access and retention will happen in practice? For example, are there external audits confirming that data is not accidentally leaked to another site along the way? Ideally these will be in-depth, security-focused audits
