






















Note: The discussion was held under the Chatham House Rule. All quotes have been edited for clarity, brevity and anonymity.
“The only hurdle to a ban is a technical implementation measure. If you can fit what used to be an entire university’s computing department into this tiny phone, you can implement technical measures,” argued a speaker at MediaNama’s roundtable discussion on ‘Age Verification and Restricting Social Media for Children,’ held on 15 May in Bengaluru.
Several speakers at the discussion disagreed, arguing that age verification is technically unfeasible at scale, easily circumvented, and may create more problems than it solves. During the roundtable, speakers debated the technical mechanisms available for age verification, which layer of the digital stack, OS, app, or telecom, should carry enforcement, and whether any of these could work given the reality of shared devices and proxy access.
The issue of shared devices and OTP: Several participants questioned whether app-store level age verification would work in India’s shared-device reality, arguing that children already access services through parents’ phones and accounts. One speaker said “every child basically knows how to use their parents’ phones and has unlimited access”, adding that children frequently use unlocked family devices where “parents are not checking for what OTPs are arriving”. The speaker argued that any app-store or platform-level age check would end up authenticating the parent instead of the child because “it’s the parent’s ID that’s going into their age-based check”.
Another participant said the problem was already visible during the pandemic, when schools required students to create Gmail accounts for Google Classroom. “Most of those were created with fake ages,” the speaker said, arguing that the ecosystem was already built around inaccurate age declarations.
Facial estimation fails too: “Someone put up a Barbie doll instead of their own face and the AI guessed their age as 102,” said a speaker, describing a widely circulated incident involving a facial recognition age-check tool.
A speaker said they would not be comfortable with any company or government running facial recognition on a child. “I use DigiYatra quite frequently myself. But I’m trading convenience for this. We need to look at building resilience in the child against the harms, because the harms are not going away,” they said.
Safeguards in the OS layer: A speaker argued for pushing enforcement to the OS level from the point of device manufacture. “If you’re buying a new device for a minor, you need to have an age-based token granted to that child. At the OS level, you hash out any application or website access a child should not be accessing,” they said, adding that the government should regulate hardware manufacturers to build this in.
“I don’t need DigiLocker. It’s already solved as a problem. And it is solved by a problem by a better technology implementation than anything coming out of India,” said a speaker, arguing for OS-level solutions over identity verification.
Telecom layer, and circumvention: Nikhil Pahwa, Editor MediaNama, noted that both Apple and Google’s app stores are considering building parental controls into the OS, and listed telecom operator checks among the mechanisms being considered. “Children don’t necessarily have their own SIM card. There is multi-SIM and multi-account usage, so you can’t use mobile numbers anyway. Telecom operators get more money when they do verification, they get money for every verification they do,” he said.
He also cited data from the UK, where 32% of children had circumvented age checks, 26% of parents said they allowed it, and Proton VPN found a 1,800% increase in daily sign-ups within three days of the Online Safety Act coming into force. A speaker cited Australia’s experience, where 70% of under-16 teenagers who were supposed to be restricted were still on platforms, VPN usage had risen 170%, and many minors had migrated to entirely unregulated platforms with no oversight whatsoever.
“Any technical measure is capable of circumvention,” said a speaker. Another added: “I think it is extremely hard, pretty much impossible, to implement age verification in hardware or software without circumvention.”
Who pays for hardware mandates? A speaker proposed that hardware devices should include silent face and liveness checks to passively verify the user’s identity without requiring a physical check. Pahwa asked who would bear the cost. “Why not society? If you spun up an application yourself, who’s to say that your kid cannot spin up 10 different applications, cannot create 10 different Snapchats?” the speaker said.
“I would not be comfortable with a hardware company, any kind of company, or government for that matter, running facial recognition on my child, irrespective of where I’m working or what my allegiances are,” said a speaker in response.
DPDPA and children’s data: Nikhil Pahwa raised the question of whether the centre’s graded access framework could even be legally implemented under India’s Digital Personal Data Protection Act (DPDPA). “Till the age of 18, you’re not legally allowed to process that data. So if the centre’s looking at a graded approach, doesn’t that go contrary to the DPDPA?” he asked.
A speaker clarified: “They don’t say no processing, they say no processing without parental consent. You can still process data and give services to the child, but you can’t do it without the parent knowing. You cannot track or do behavioural analysis.”
Pahwa pushed further, noting that identifying a child who has lied about their age involves processing behavioural data. “That’s not on the data fiduciary. If the child lies, that is the biggest loophole in the entire DPDPA child consent provision, because it’s self-declaration,” the speaker said.
Who bears the cost? “Some cost needs to be borne by schools. Some by handset manufacturers. Some by operating systems. Some by platforms. Who bears the cost, what is the distribution of that cost, is the conversation,” Pahwa pointed out.
“Regulatory effectiveness has to take a multi-modal approach of fixing accountability and responsibility. Who’s closest to the child? Who is in a position to determine and address harms? Who can supervise harmful content? The first responsibility is on the parent,” said a speaker.
Furthermore, Nikhil Pahwa warned against treating verification as a neutral technical fix. “To verify who’s a child, they’ll have to verify everyone who’s using a service. Once that verification mechanism comes in, it will be used for everything,” he said.
Note: This discussion was organised with support from Meta and Snap. Community partners for the event included Pacta, Design Beku, and The Pranava Institute.
Read MediaNama’s whole coverage of this discussion here.
Also read
For You
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。