This commit is contained in:
@@ -0,0 +1,69 @@
|
||||
---
|
||||
title: "When does an age check become an identity check?"
|
||||
description: "The EU's age-verification blueprint promises a simple yes-or-no proof. Its success depends on preventing that proof from becoming a reusable tracking handle."
|
||||
published: 2026-07-14
|
||||
editorialOrder: 9
|
||||
reviewed: 2026-07-14
|
||||
author: "Ana"
|
||||
maintainers: ["Ana"]
|
||||
status: developing
|
||||
featured: false
|
||||
homepage: true
|
||||
section: "Identity / Now"
|
||||
frontTone: paper
|
||||
draft: false
|
||||
tags: ["age-verification", "eudi", "children", "privacy"]
|
||||
image: "https://images.unsplash.com/photo-1759215524530-a00b7768ce91?auto=format&fit=crop&w=1600&q=82"
|
||||
imageAlt: "Hands holding a smartphone displaying a social media feed"
|
||||
imageCredit: "Swello"
|
||||
imageCreditUrl: "https://unsplash.com/photos/hands-holding-a-smartphone-displaying-social-media-feed-CkYIMdehoX4"
|
||||
trustPattern:
|
||||
claim: "A person can prove they are above an age threshold without revealing identity or date of birth."
|
||||
trusted: "Users must trust enrollment, credential issuance, wallet software, verifier registration, pseudonym design, revocation, and the availability of non-digital alternatives."
|
||||
failure: "A minimal proof can still become linkable, compulsory in practice, or expanded from exceptional uses into routine access control."
|
||||
---
|
||||
|
||||
In April 2026, the European Commission urged member states to make its age-verification application available by the end of the year. The blueprint can operate as a standalone app or become part of a European Digital Identity Wallet.
|
||||
|
||||
The intended transaction is admirably small. A website asks whether someone is above a threshold. The app answers yes or no. It should not reveal a name, exact birth date or civil identity.
|
||||
|
||||
That is much better than uploading a passport to an adult-content site or asking a teenager to give a social platform another permanent identity document.
|
||||
|
||||
It still deserves cheerful suspicion.
|
||||
|
||||
## Three separate privacy questions
|
||||
|
||||
First: **what does the website receive?** A threshold proof can disclose much less than a document.
|
||||
|
||||
Second: **can the website recognise the same visitor next time?** A presentation that contains a stable or derivable identifier may be minimal and still linkable.
|
||||
|
||||
Third: **can other actors connect the event?** The credential issuer, wallet provider, verifier registry or colluding services may see different parts of the transaction.
|
||||
|
||||
These questions are easily collapsed into "the app does not reveal your identity." That sentence can be true at the visible interface while the system remains useful for tracking.
|
||||
|
||||
The Commission's technical work recognises unlinkability as a goal. Early designs use domain-specific pseudonyms and batch-issued credentials, while zero-knowledge mechanisms remain part of the privacy conversation. The engineering details matter because policy intent does not itself make two proofs unlinkable.
|
||||
|
||||
## Function creep begins with a good use case
|
||||
|
||||
Protecting children is a strong political reason to build infrastructure quickly. It is also a difficult setting in which to contest scope. Once a standard proof is available, other services may ask for it because they can: games, marketplaces, forums, health information, news, dating, messaging.
|
||||
|
||||
The question changes from "where is age legally necessary?" to "why would a responsible service not check?"
|
||||
|
||||
That is how optional infrastructure becomes a practical gate.
|
||||
|
||||
## The test before rollout
|
||||
|
||||
A credible age-checking system should make four promises testable:
|
||||
|
||||
1. the verifier learns only the threshold result;
|
||||
2. separate verifiers cannot collude to follow a person;
|
||||
3. repeat visits do not create an unnecessary stable identity;
|
||||
4. people without a compatible device have a dignified alternative.
|
||||
|
||||
Age assurance is not automatically identity. But the difference will not survive on good intentions. It has to be built into the identifiers, proofs, logs, recovery paths and rules governing who is allowed to ask.
|
||||
|
||||
### Sources
|
||||
|
||||
- [European Commission recommendation, 29 April 2026](https://digital-strategy.ec.europa.eu/en/news/commission-urges-member-states-rollout-eu-age-verification-app)
|
||||
- [Official age-verification technical specification](https://github.com/eu-digital-identity-wallet/av-doc-technical-specification/blob/main/docs/architecture-and-technical-specifications.md)
|
||||
- [EDPS analysis of linkability](https://www.edps.europa.eu/data-protection/our-work/publications/techdispatch/2025-12-15-techdispatch-32025-digital-identity-wallets_en)
|
||||
Reference in New Issue
Block a user