Proposed model for a balanced age insurance in social media in the EU and Norway

DSA mandates age insurance for social media platforms

The EU’s Digital Services Act (DSA), which Norway is expected to adopt in the coming years, prohibits personalized marketing to children. Under this law, social media platforms must provide a more child-friendly service for users under 18.

Social media platforms are therefore required to distinguish between minor and adult users, necessitating age insurance systems to ensure DSA compliance.

DSA mandates enhanced protections for users under 18. There is also a separate privacy age that gives parents the right to decide whether their children should share personal information. In Norway and Sweden, that age is 13. In Denmark, it is 15.

Norway is actively working to raise its privacy age to 15 and enforce it legally, effectively blocking social media access for those below this age.

In any case, social media must comply with at least two age limits. This also means that it may be necessary that platforms must implement two distinct checks:

• Child-friendly access (“DSA mode”)
• Adult version access

Today, social media is free to use various forms of age recognition or age verification. Several platforms currently use facial recognition, ID verification, AI scanning, etc. Barnevakten think that the authorities should force platforms to verify age, and that the solutions must be balanced and ensure that children’s rights in the apps are in accordance with the UN Convention on the Rights of the Child.

Some important questions about the type of age check

• Must platforms record exact birthdates from IDs, or are estimates sufficient?
• Should personal data be collected by the social media during age checks?

Barnevakten’s view is:

• Some form of age check is necessary, otherwise DSA could become wishful thinking, at least partially.
• An age check must be required by law.
• Social media should not get the age of the user in the mandatory age check, they should only get information whether the age is within the age limit or not.
• There is privacy-friendly solutions.

Child-friendly social media

Due to DSA, social media must offer a more child-friendly version for children. With DSA, apps must check whether the user is over or under the age of majority.

This means that the app must go through two rounds of age check. First, the app must check whether the user is over the age of privacy and the terms of the app. A few years later, when the user are older and wants to use the adult version of the app, the app must check whether the user is over the age of majority or not.

The Convention on the Rights of the Child

The UN Convention on the Rights of the Child gives children the right to seek, receive and share information. This can be interpreted to mean that the children should have access to the internet and social media. At the same time, the Convention gives children the right not to be harmed by media content. A balance must therefore be found between these rights. The DSA must be interpreted within this balance.

Barnevakten believes that this is a fair balance:

• In the app’s terms and conditions, the lower limit is 13 years. In some countries, a higher absolute age limit may be introduced. No child should have access under the age limit.
• Between the ages of 13 (or higher) and 18 (age of majority), social media must offer child-friendly services to children.
• Over the age of 18 (age of majority), users can get full access to all functions.

Different words for age check

It is necessary to ensure that a feasible solution ensures that children’s rights are fulfilled. Today, different terms are used to explain technical solutions. Here are the different definitions:

Age verification = The age is set correctly via ID check. But this does not necessarily mean that the social media gets to know the exact age.

Age assurance = The age is estimated without the use of ID. This is not as accurate as age verification. Here too, it does not mean that the social media get to know the specific age from the solution.

Barnevaktens proposal for a solution to age check

We believe that social media must be required by law to ensure that users are above the legal age limits, this must be done through age verification or age assurance where the framework is determined by the authorities.

The law should state that users of the app/platform must be given at least two different ways to carry out age check:

• One of the solutions must be based on digital ID or digital wallet.
• One of the solutions must use AI and facial age calculation.

The two solutions mentioned above should not be carried out by the social media itself, but by a neutral company that is approved and supervised by Norwegian authorities or EU in EU-states.

By requiring that apps must offer these two solutions as a minimum, privacy is ensured and it is made easy for the vast majority of users.

Two of the premises that should be included in regulations for new legislation:

• Files and images used in the age check must be deleted immediately after the check has been performed.
• Social media should only receive a yes or no from the neutral party if the user is old enough.

There is much more to say about this, we tell more in our report in Norwegian.

Privacy-friendly age check

Barnevakten believes that the solutions mentioned above protect privacy. Social media only gets to know if the person is over the age limit. No age is revealed, no personal data is revealed.

With digital ID, a neutral intermediary station can check the age, and only notify the social media that the age is within the age limit.

The other option for the user is to use an age app, for example of the Yoti type or similar. Then the user takes a selfie through the age app where artificial intelligence makes the age probable. In this solution, the social media also does not get to know anything more than that the age is within. The social media does not get to know the exact age. The age app deletes the selfie as soon as the check has been completed.

Facial age is not completely accurate. Therefore, we believe that if the facial age ends up being a couple of years above or below the age limit, the user must go through a more secure form of control, i.e. ID-based age control.

Is age check too easy to bypass?

A argument against age check is that it is possible to bypass all solutions, even those based on digital ID. We know the weaknesses, but we believe that our solution will result in many children under the privacy age limit will not being allowed into social media, which is a big improvement from today where ten-year-olds are contacted by strangers or see horrific war footage.

Avoid monopoly

Barnevakten is positive that a digital wallet or digital ID can be used in age check. But we are skeptical that it should be the only solution, and we are skeptical that such a task should be given to only one company. The risk increases with monopolies. If there are several players that can be used, any hacking, leaks or poor customer service will be less important in each case.

The age verification should not take place in the phones operation system, because Apple and Google should not be given more power than they already have.

What are the advantages of this solution?

The proposal presented here attempts to take into account the balance between freedom of expression, privacy and protection against harm. We also argue that the solution is possible to implement in a reasonably short time, because there are already apps that verify age based on a selfie. The solution also takes into account that refugees come to Norway who do not have the opportunity to get their own ID card.

In Barnevakten’s experience, there is a certain risk that users (children) will move to unregulated platforms if strict regulations are imposed on the most used platforms. There are many unregulated social media sites that do not have any form of moderation and where extreme political views, hate speech and disturbing videos circulate freely. The organization of such social media makes it difficult to find an owner to whom one can make claims.

Although there is much criticism of the major social media, there are worse offers that users should avoid being directed to. Therefore, age check and rules should be balanced and manageable for both users and app companies. This is one of the reasons why Barnevakten recommends 13 years of age as the entry point to a DSA-influenced social media.

It is not certain that the laws in the EU are enough to make social media completely child-friendly, it is possible that additional rules need to be added. But as far as we understand, there is anyway a need to check the age, and that it must happen at least twice in the child’s life.

You shouldn’t leave control to social media

In Australia, social media has been asked to find a solution for age verification or age assurance. Barnevakten think it is better that the authorities set guidelines and rules for how a mandatory age check should be organized.

The main idea is that for children between 13 and 18 years old, social media must ensure that they receive a child-friendly service. We envision this model for Norway:

Perhaps the EU can be inspired by this model.

What is Barnevakten?

Barnevakten is a Norwegian foundation with a vision that children and young people should be safe and aware online. The organization is part of the Nordic Child Tech Policy Alliance (Nocta). The alliance works for children’s rights in the digital environment with a particular focus on influencing legislation in the EU in the field.

Barnevakten will be 25 years old in 2025 and has built up good contact with parents, children, schools, authorities, professionals, non-profit organizations and app companies.

Written by Leif Gunnar Vestbøstad Vik (CEO) and Sjur Jansen (editor).  April 8, 2025. 

Photo: Shutterstock / Primakov.