Age Verification: Policy Ideas for States

The evidence is increasingly clear that social media is harming young people. As a result, both states and the federal government are considering strategies to better protect kids online. The effectiveness of any policy solution, whether raising the age of social media or requiring parental consent, among others, will hinge on effective age-verification—the ability to determine if a user is above a certain age threshold in order to keep underage individuals from access. This paper examines that topic for policymakers. 

To date, “age gates” commonly used by alcohol and gambling websites to limit access to underage individuals—i.e., drop-down menus directing a user to enter a date of birth, which deny access to underage users—are easy to circumvent. Users need only be willing to lie about their age to gain access. This is also true of the toothless age verification approach used by social media companies like TikTok.

Dissatisfied with such lenient approaches, legislatures have already begun imposing more robust requirements. Most notably, in March 2023, Utah Governor Spencer Cox signed into law S.B. 152, a bill that would require both age verification for Utah-based social media users and parental consent for users under the age of 18 to open or operate an account. The law directs Utah’s Division of Consumer Protection to make the rules to establish the means by which a company may meet the age-verification requirements.

Some technologists and industry-aligned groups have fiercely criticized proposals like S.B. 152. The Electronic Frontier Foundation alleges that “[a]ge verification systems are surveillance systems,” which “would lead us further towards an internet where our private data is collected and sold by default.” Raising similar privacy concerns, industry group NetChoice alleges that under an age-verification regime, “[e]veryone would be required to hand over a form of identification to tech companies to verify age and identity every time you access websites.”

However, these claims need not be true, as our paper will explain. It is important, though, to acknowledge that any age-verification system will entail tradeoffs. The question is which tradeoffs, in the judgment of elected or appointed policymakers, are worth making. One prominent decision point with age-verification involves deciding where to land between the level of effectiveness of the method and its level of intrusiveness to the individual user. 

In developing age-verification legislation or policy, lawmakers will have to formulate answers to two central questions:

1. What information needs to be collected for age verification purposes?
2. What entity will be tasked with actually performing the age verification and handling the associated personal data?

The answers to these two questions will necessarily form the core of any age-verification strategy. And each can be answered in a number of different ways, as this policy memo will discuss. Once a core framework has been decided upon, other relevant considerations, like possible enforcement mechanisms, can then be incorporated.

Download the full policy brief here.