The honeypot problem of age verification

Jahangir655 · Post by **Jahangir655** » Sat Dec 28, 2024 8:30 am

Platforms would amass vast repositories of Personally Identifiable Information (PII), including names, birthdates, and even images or scans of IDs creating a centralised honeypot of valuable data ripe for
hackers to target.

While the Bill mandates the destruction of data once it is no longer needed, even temporary storage increases the risk of breaches. Cybercriminals are highly incentivised to target repositories like this for identity theft, financial fraud and social engineering attacks.

Vulnerable populations, such as people without government-issued ID, may find themselves excluded from online platforms entirely.

Ambiguous data retention
The Bill requires platforms to destroy proof of age data “when it is no longer required,” a phrase left undefined. Platforms are left to interpret when this data ceases to be necessary, which raises several concerns.

Without clear guidance, platforms may feel pressured to over-retain sensitive data to avoid regulatory scrutiny in the face of potential audits or complaints.

The eSafety Commissioner has broad powers to request information costa-rica mobile phone numbers database from platforms to verify compliance. For example, if a parent complains their under-16 child has an account, the platform may be required to provide proof of age verification. If the data has already been destroyed, the platform could struggle to demonstrate compliance.

Regulatory audits may demand evidence of age verification processes, requiring platforms to maintain
some form of logs or metadata. However, retaining such records could conflict with the Privacy Act’s requirement to destroy unnecessary data.

Ironically, the very mechanisms designed to protect children’s privacy could undermine the privacy and security of the broader population. The Bill’s focus on strict verification measures risks creating a system that could cause more harm than it prevents.

The Bill is just another example of Australia’s tendency to address complex digital challenges with narrowly focused measures that fail to account for their wider implications. Without clear safeguards, this risks becoming another example of a well-meaning policy that falters in execution.