Youth Online Safety – Are Social Media Age Bans a Solution? – WS 06 2026
27 May 2026 12:30h - 13:30h
Youth Online Safety – Are Social Media Age Bans a Solution? – WS 06 2026
Summary
The discussion focused on how to protect children online in Europe, especially in debates over social media age bans, age verification, and platform responsibility [4-5][171-176]. Diya Aravinthan argued that protecting children is a shared goal, but said the key issue is finding approaches that are effective, proportionate, and aligned with how digital environments actually work [4-5]. She warned that blanket age bands can oversimplify a complex problem and may push young people toward workarounds such as VPNs or shared accounts, making risks harder to monitor rather than reducing them [6-9].
Several speakers stressed that social media also serves important functions for young people, including access to news, safe communities, friendships, creativity, learning, and civic engagement [12-15][82-83]. Diya therefore called for layered protections instead of a simple access/no-access model, highlighting age-appropriate design, stronger privacy defaults, limits on profiling, and safer platform features for minors [16-19]. She and others also argued that the deeper issue is not only access but the design of platforms, especially recommendation systems that can steer minors toward harmful or addictive content [24-31]. Carmela Troncoso similarly concluded that improving platform and content safety is a better response than trying to separate users by age with current technologies [118].
Lennart Wetzel said platforms carry major responsibility and must continually invest in safety by design, age-appropriate safeguards, moderation, and parental tools [50-57]. At the same time, he argued for risk-based, evidence-based regulation under frameworks like the Digital Services Act, noting that not all services pose the same risks [57-63]. He also pointed to Australia’s restrictions as an example showing that young people may migrate to other or less safe services, while age assurance technologies remain imperfect and can wrongly exclude users [64-74]. Stefanie Quintao added that youth voices are often missing from the debate and said policymakers should learn from Australia while aiming for a harmonized European approach across platforms [207-216].
Troncoso emphasized the technical and privacy limits of age verification, arguing that stronger anti-circumvention measures often require more data collection, can exclude users without suitable IDs or devices, and may push children toward less safe tools or services [97-110]. Andrea Tognoni placed any possible restrictions in a broader EU policy context, citing DSA enforcement, Article 28 guidelines, the AI Act, audiovisual regulation, and safer internet initiatives, while stressing child rights and child participation [136-168]. Audience interventions reinforced that the issue is not just technical but social, calling for clearer distinctions between regulating access and regulating content, stronger governance scrutiny for age-verification systems, and much greater investment in digital literacy and education [263-272][277-292][325-337]. The session closed around a broad synthesis that blanket bans are too simplistic, privacy and proportionality must remain central, and more effective child protection likely requires harmonized, multi-layered regulation combined with safer platform design, digital literacy, and meaningful youth participation [382-395].
Keypoints
– Speakers argued that blanket social media age bans or rigid age bands oversimplify a complex problem and may not reduce harm, because young people often bypass restrictions through VPNs, shared accounts, or other workarounds, potentially pushing them into less visible or less safe spaces online. [6-10][68-74][97-103][111-118]
– A major theme was that protecting minors should focus less on binary access restrictions and more on platform accountability, age-appropriate design, and safer-by-design systems. Participants highlighted measures such as stronger privacy defaults, limits on profiling and targeted advertising, and reducing or rethinking personalized recommendation systems that amplify harmful or addictive content for minors. [16-19][24-31][53][61][118][142]
– The discussion repeatedly emphasized that age assurance and age verification raise serious technical, privacy, accuracy, and inclusion concerns. Speakers warned that current systems are imperfect at scale, may normalize unnecessary data collection on minors, can be inherently privacy-invasive when based on biometrics or behavioral data, and may exclude users who lack IDs, hardware, or digital skills. [20-23][70-78][104-110][267-272]
– Participants stressed that child safety online is not only a technical or access problem but also a broader social, educational, and regulatory issue. Several speakers called for digital literacy, parental empowerment, and meaningful youth participation, arguing that young people use digital services for communication, learning, creativity, and community, so policy should prepare and support them rather than simply exclude them. [12-15][79-83][160-167][207-215][249-252][277-292]
– Another key point was the importance of a harmonized, risk-based European approach rather than fragmented national rules. Speakers pointed to the Digital Services Act and related EU initiatives as an evolving framework, while also noting concerns that uneven national legislation could create inconsistent standards and single-market fragmentation; they argued that bans or delays should be considered in the wider context of existing EU enforcement and child-protection measures. [57-63][75-79][136-159][171-176][181-196][222-246]
The overall purpose of the discussion was to assess how Europe should protect minors online-especially in relation to social media bans, age verification, and platform regulation-and to identify approaches that are effective, proportionate, privacy-preserving, and aligned with children’s rights. [4-5][57-59][83][136-150][382-395]
The overall tone was serious, policy-focused, and constructive throughout. Early remarks were reflective and cautionary, especially about the risks of blunt restrictions and technical overreach. As the discussion progressed, the tone became more analytical and debate-oriented, with participants probing enforcement, platform responsibility, technical feasibility, and governance. It ended in a collaborative, synthesizing tone, with the moderator and rapporteur drawing out broad areas of agreement rather than confrontation. [4-5][49-59][119][171-180][222-242][376-401]
Speakers
– Jutta Croll — Moderator/chair of the discussion.
– Diya Aravinthan — Youth speaker/panelist; presented the youth perspective on protecting children online.
– Lennart Wetzel — Senior Manager for EU Public Policy at Snapchat.
– Carmela Troncoso — Technical/privacy expert; focuses on building and deploying secure and privacy-preserving systems that minimize societal harms, and on critically analysing technologies with respect to the protection they provide.
– Andrea Tognoni — Case handler in the Digital Services Act Protection of Minors and Other Societal Risk Unit at DG CONNECT, European Commission; also involved in organizing the special panel assembled by Ursula von der Leyen.
– Stefanie Quintao — Representative from TikTok; previously worked in child protection against child sexual abuse online with WeProtect.
– Desara Dushi — Rapporteur/summarizer for the session.
– On-site participant — Audience intervention label used for several floor speakers/questions.
Additional speakers:
– Isa — Introduced Diya at the start of the session.
– Liliana — NGO representative from North Macedonia.
– Frederik Taas — Member of the Internet Society Belgian Chapter; champion of the Internet Society; member of EURALO (European At-Large Organization for Representing Users in ICANN).
– T. Kraus — Associated with Stiftung Digitale Chancen; asked a question via relay.
– Stephen — Student in Datification, Digital Literacy and Internet UNESCO; spoke in personal capacity.
– Alexander Pitsch — From the Internet Society Switzerland Chapter.
The session examined how Europe should protect minors online, especially in the context of proposals for social media age bans, age verification, and stronger platform obligations. Diya Aravinthan framed child protection as a shared objective, but argued that the central policy question is how to do this in ways that are effective, proportionate, and responsive to how digital environments now operate [4-5]. This framing recurred throughout the session, as speakers broadly agreed on the goal of protecting minors while disputing whether blanket access restrictions are the right instrument [4-5][57-59][136-150].
A recurring distinction in the discussion was between regulating access to services and regulating harmful content or platform systems. This was raised especially clearly by an audience participant, who asked what problem age restriction was actually supposed to solve and whether the debate was conflating access control with content regulation [262-272]. That distinction also resurfaced in the closing synthesis, which stressed that any discussion of bans or restrictions should be situated within the wider regulatory context and should distinguish clearly between regulating access and regulating content or platform systems [392-395].
Much of the discussion focused on why blanket age bands and broad social media bans are contested. Diya argued that broad age bands may look simple, but in practice they oversimplify a much more complex problem [6-7]. She pointed to evidence from existing restrictions showing that young people do not simply disappear from online platforms when formal access is limited; many instead use VPNs, shared accounts, or other forms of circumvention [8-10]. She also stressed that social media cannot be understood only as a source of risk. Referring to surveys by the University of Canberra on Australian youth after the under-16 social media ban, she said these suggested young people’s media literacy had in some sense stagnated because many access news and current affairs through social media rather than traditional outlets [11-13]. She added that some children find safe communities, maintain important friendships, or depend on online peer networks for support, so restricting access can also remove meaningful sources of safety and belonging [14-15].
Lennart Wetzel echoed these concerns from a platform perspective. He said that when access to selected services is restricted, young people often continue communicating online but move to alternative, potentially less regulated and less safe services [67-74]. As a concrete example, he said Snap had locked or disabled more than 415,000 accounts to comply with the Australian law, while also observing practical difficulties and shifts to other services [67-74]. He also argued that young people use digital services for communication, creativity, learning, and civic engagement, so the shared goal should be to make digital spaces safer and more age-appropriate rather than simply excluding youth from them [79-83]. Later, Stefanie Quintao added that many youth-led and child-rights organisations see bans as a blunt instrument and warn that children may be pushed into less protected spaces online [206-213]. The closing synthesis reflected this broad direction of the debate, stating that blanket age bans risk oversimplifying the issue rather than effectively reducing harm [382-384].
Because of these trade-offs, the discussion repeatedly shifted from access control toward platform accountability and design. Diya explicitly called for moving away from binary “access or no access” thinking and instead building more layered systems of protection for children [16]. She identified age-appropriate design rules as a more promising direction, pointing to the UK’s age-appropriate design code as an example of regulation that does not necessarily remove access for minors but instead changes how platforms operate for younger users [17-19]. In practical terms, she mentioned stronger privacy defaults, limits on profiling for targeted advertising, and redesign of features and feeds as examples of protections that can be built into services themselves [19].
Diya also argued that the core problem is not only who gets access, but what systems children enter once they are online [24-25]. She singled out recommendation systems and feeds such as TikTok’s “For You” page, saying that minors are not merely exposed to content passively but are actively guided toward attention-maximising material that can be harmful, extreme, addictive, and damaging to concentration [26-27]. On that basis, she argued that focusing only on age gates misses a central leverage point and that platforms should instead be held more accountable for the way they amplify content toward younger users [28-31]. Her proposed remedies included limiting or rethinking personalised recommendation feeds for minors by default and requiring safer, less engagement-driven design choices [30-31].
Lennart likewise emphasised that platforms carry significant responsibility and must continuously invest in safety by design, age-appropriate safeguards, content moderation, and tools that support both parents and young people [49-57]. He also highlighted Snapchat’s design choices, including opening into the camera, moderating user content before it can reach a large audience, and not offering live streaming, as part of Snap’s attempt to reduce certain risks [49-57]. Andrea Tognoni later situated this within the EU framework, arguing that the Commission’s Article 28 guidelines under the Digital Services Act already set high standards in areas such as safety by design and age-appropriate design [142-143]. Carmela Troncoso supported the broader emphasis on platform systems, arguing that tackling unsafe content environments and platform design is a better benefit-to-harm solution than trying to separate users by age through verification tools [118].
The debate over age assurance and age verification formed another central strand of the session. Diya accepted that age assurance could play some role, but only if designed carefully and according to a principle of data minimisation [20-21]. In her view, platforms should not need to know exactly who a user is or their exact age; they should be able to apply appropriate protections to younger users without normalising unnecessary identity collection [21]. She noted that emerging EU approaches, including ideas linked to the Digital Services Act, third-party verification, and token-based systems, point in this direction, but also raise unresolved concerns about scalability, trust, and the danger of building infrastructure that normalises unnecessary data collection on minors [22-23].
Lennart took a similarly cautious position, arguing that current age-assurance technologies are imperfect, especially for minors, and that even small error rates can have large-scale consequences, such as wrongly excluding some teenagers while allowing others through [70-74]. He warned that fragmented service-by-service age verification models risk creating additional privacy and cybersecurity concerns [75-78]. For that reason, he supported continuing EU-level work, including on the digital identity wallet and an EU age-verification solution, before shifting toward more far-reaching measures [78].
Carmela Troncoso provided the most sustained technical critique of age verification systems. She argued that if a ban or age-restricted regime is meant to work, it requires technical measures that prevent cheating, yet those measures are already known to be easy to circumvent [97-99]. She cited reports suggesting that even after restrictions in Australia, a large share of minors remained on social media, indicating that the practical benefits may be limited [99-100]. More importantly, she argued that making systems less circumventable usually reduces privacy overall, for example by encouraging the banning of privacy tools such as VPNs or by increasing data collection to detect circumvention [101-103]. She stressed that many age-verification methods are inherently privacy-invasive because they rely on biometrics or behavioural data, such as what users look at or how they behave online [105-107]. While certificate-based or wallet-based approaches might reveal less data, she said they are not fully ready, may exclude people without suitable hardware or digital skills, and could require children to obtain IDs in contexts where they do not currently need them [108-110]. She also warned that such systems can indirectly diminish safety by driving users toward cheap or shady circumvention tools that themselves harvest and sell data [110]. Her overall conclusion was that policymakers risk obtaining only limited benefits while still producing substantial harms, including privacy, exclusion, and security harms [111-117].
Questions of governance and institutional control became more explicit through audience interventions. One participant asked not only whether the issue was really access or content regulation, but also who would govern any age-verification infrastructure, under which laws, across which jurisdictions, and whether private companies would end up controlling both the system and the associated personal data [262-272]. This became one of the sharpest unresolved questions in the session. Andrea also cautioned against collapsing different concepts-such as age verification, age assurance, and age estimation-into one undifferentiated debate, arguing that this weakens discussion of what any future measures would actually require [160-167].
The European policy context was provided chiefly by Andrea Tognoni, who urged participants to move beyond a simple “ban versus no ban” framing [136]. He did not endorse bans as a stand-alone solution; instead, he said any possible restrictions or “delays” should be assessed in context, alongside the EU’s wider regulatory framework and the growing number of national initiatives [136-158]. He described that broader context as one in which several member states are already moving at national level, creating questions about coherence across Europe [138-139]. At the same time, he stressed that the Commission is already active through multiple instruments: implementation and enforcement of the Digital Services Act, the Article 28 guidelines, the AI Act, the Audiovisual Media Services Directive, and the Better Internet for Kids strategy and Safer Internet Centres [140-148]. He also noted that some age restrictions already exist, such as restrictions on pornographic content, gambling, and existing minimum-age rules on major platforms, including the common rule that children below 13 should not be on certain services [151-155].
Harmonisation versus fragmentation was another important thread. Lennart warned that the growing number of national initiatives across Europe around age restrictions risks creating fragmentation and inconsistent standards for protecting minors [75-78]. Jutta Croll later put the same concern in more political terms, noting that neither platforms nor the Commission are likely to want divergent age thresholds across member states, yet Europe may be heading in that direction if national governments conclude that EU-level enforcement is insufficient [198-199]. Stefanie Quintao similarly argued that Europe should study Australia carefully but pursue a harmonised approach that protects children consistently across digital spaces [215-216].
This led into a broader discussion of enforcement under the DSA. Jutta noted that some national governments justify their own legislative activity by arguing that the Commission has not done enough to enforce Article 28 on the protection of minors [171-176]. Lennart responded cautiously, saying it was not for platforms to judge Commission enforcement directly, but he acknowledged a broader perception among policymakers, NGOs, and experts that there has not yet been enough visible change in industry practice [181-184]. He said this perceived ineffectiveness has helped fuel current proposals for social media bans across Europe, which he considered unfortunate given Snap’s support for the DSA’s core principles on transparency, privacy, and user control [185-187]. At the same time, he suggested the framework is not perfect and may need continuous improvement, noting the Commission’s review work and ongoing dialogue with service providers [190-196].
Andrea defended the Commission’s trajectory, arguing that although the DSA only fully entered into force a little over two years ago, enforcement is now accelerating, with more opening decisions, more preliminary findings, and secondary legislation such as the Article 28 guidelines helping to turn broad legal obligations into clearer benchmarks for compliance [222-246]. The legal status of those guidelines was clarified in response to a question relayed from Stiftung Digitale Chancen, which noted that many children and young people feel they are being blamed for online risks and asked whether making the Article 28 guidelines mandatory would create stronger incentives for providers to offer safer services [294]. Lennart replied that Snap already treats the guidelines as part of its ongoing compliance work and is in constructive dialogue with the Commission about them [296]. Andrea added that while the guidelines are not a separate hard-law instrument, they are not casual recommendations either; they express the Commission’s expectations about how platforms can comply with a binding legal duty under Article 28 [297-301].
Alongside regulation and enforcement, many participants insisted that online safety is also a social, educational, and developmental issue. Lennart said sustainable protection of minors requires investment not just in platform safeguards but also in digital literacy, digital skills, parental empowerment, and meaningful engagement with young people themselves [79-81]. Diya made a similar point later in the discussion, arguing that because digital platforms and technologies evolve constantly, regulation can never be an “end-all, be-all” solution and must be complemented by preparing young people to navigate online spaces more critically and safely [249-252]. This educational emphasis was reinforced by an audience intervention using the analogy of teaching children to cross a street: law and infrastructure matter, but children still need guidance, repeated learning, and gradual development of judgement [277-292].
Youth participation was another recurring point of agreement. Diya’s opening remarks explicitly presented a youth perspective [3], and her examples throughout the session illustrated how adult-centred assumptions can miss the ways young people actually use social media for news, connection, and support [11-15]. Stefanie Quintao said youth-led and child-rights organisations often stress that young people’s voices are missing from this debate and should be taken more seriously [206-208]. Andrea responded that child participation is fundamental for the Commission and was central to the development of the Article 28 guidelines as well as to the Commission’s special panel process [160-167][242-246]. This was echoed in the rapporteur’s closing synthesis, which called for child participation, hearing expert voices, and learning from international partners [382-387].
Audience interventions also pushed the debate in a more structural direction. One participant asked Lennart how platforms can claim to protect children while maintaining features and business practices designed to maximise user attraction, including algorithmic curation and revenue-driven engagement systems [304-309]. In response, Lennart defended Snap’s design philosophy, arguing that Snapchat was deliberately built as an alternative to more traditional social media and that potentially risky features should not be judged in isolation but in the context of a service’s wider architecture and purpose [310-320]. Another audience participant then made a stronger intervention, explicitly arguing that this is a social problem rather than a technical one and warning against techno-solutionism [323-337]. In his view, the unsafe nature of mainstream social media spaces for both children and adults stems from platform business models built around surveillance capitalism and attention maximisation, meaning that policymakers should address root incentives rather than merely symptoms such as age access [327-337]. Carmela Troncoso’s later reply partly endorsed that critique, arguing that the issue is not that protective technologies are lagging behind but that harmful technologies are being deployed too fast; in some cases, she said, the only safe response is not to deploy the harmful functionality at all [344-359].
In closing, Jutta accepted the street-crossing analogy offered by a participant but added that education alone is not enough in higher-risk environments; just as dangerous roads need traffic lights, digital environments with greater risks may require platform-specific safeguards and regulation [362-369]. Desara Dushi then presented a draft synthesis of the discussion, identifying four broad messages: first, that blanket age bans oversimplify a complex issue and that child participation and broad expertise are necessary to understand it properly [382-384]; second, that policy must remain focused on privacy, proportionality, accuracy, harmonisation, digital literacy, and meaningful youth engagement [385-387]; third, that technical age-ban measures are privacy-invasive, not yet effective in practice, and may worsen exclusion or push children toward more dangerous environments, whereas regulating platforms is likely to produce a better balance of benefits and harms [388-391]; and fourth, that any discussion of bans or restrictions should take place within the wider European and national regulatory context and should distinguish clearly between regulating access and regulating content or platform systems [392-395].
Overall, the session showed broad agreement on the objective of protecting minors online, but much less agreement that blanket bans are the right instrument [4-5][382-384]. Many speakers argued instead for layered, rights-centred, and risk-based protections focused on platform accountability, age-appropriate design, and safer recommendation systems [16-19][24-31][142-143]. There was also broad caution that any age-assurance approach must be privacy-preserving, proportionate, accurate, and carefully governed, while speakers differed on how far current or near-term technologies can satisfy those conditions [20-23][70-78][105-117]. Digital literacy, parental support, and youth participation were repeatedly treated as essential complements to regulation rather than optional additions [79-81][160-167][206-208][249-252][382-387]. A further unresolved issue was governance: the session raised, but did not answer, who would run age-verification systems, under what law, and with what safeguards over minors’ data [262-272].
Thank you so much, Isa, for that lovely introduction and good afternoon, everyone. It’s definitely so encouraging and inspiring to see so many people here today who are very interested in protecting the young people in Europe and also worldwide. And I’d just like to share the youth perspective. I’d like to start off by saying that I think protecting children, especially online, is definitely a shared goal and it’s not something that anyone disagrees with. But I think that the real question is not whether we should do it, but how do we do it in a way that’s effective, proportionate, and also actually reflects how digital environments work today. And one concern that I wanted to talk about was this idea of blanket age bands.
These are very appealing, obviously, and quite easy to facilitate, but they also risk oversimplifying a much more complex problem that we have today with social media. And evidence from existing restrictions online shows that when access is restricted, young people don’t just disappear from online platforms, but instead they use other ways to access them, such as VPNs, shared accounts, or bypassing age restrictions. So the underlying exposure to the risk that we’re trying to mitigate by implementing these age bands doesn’t necessarily decrease, but it just becomes much more harder to monitor and address, which makes it difficult to… Highlight the issues or the… risks that are being implemented on young children. And I think another important thing to consider is the differences in the use case of social media between various generations.
For example, surveys conducted by the University of Canberra who were targeting Australian youth post the social media ban for under 16 year olds say that actually their media literacy in a sense is somewhat stagnated because they’re not able to access news and learn about current events because they learn about that through social media rather than maybe traditional media sites or newspapers. And so this is just one specific case. There are lots of different cases on social media, for example, children who find a safe community online or those who really rely on friends that they have online. And so restricting social media would essentially restrict them from having a safe space online, which is also another way that social media is used amongst young people.
Which is why… I think that we need to move… away from this very binary thinking of access or no access and instead focus on more layered protection systems for children. So one promising direction would be more age -appropriate design regulation in the platforms and in the apps themselves. And we can already see this in practice in frameworks like the UK’s age -appropriate design code, which doesn’t necessarily remove access for minors, but instead requires platforms to change how exactly they operate for younger users. So this includes the default choice being high in privacy, limits on profiling for targeted advertising, and also adjustments to how features and feeds are designed and presented. And linked to that is also the question of age assurance, like how exactly are platforms able to effectively determine the age of the platform?
And I think that it can definitely play a role, but only if it’s designed to carefully because the key principle should be that platforms don’t need to know exactly, or platforms don’t need to know the age of exactly, or who exactly the person is, but be able to treat young people the same, no matter who they are, just to, no matter who they are, with the priority of protecting them regardless, or inclusive of their age. And so emerging approaches in the European Union include the Digital Services Act, including third -party verification, or maybe token -based systems, and those sorts of ideas point in that direction. But they also raise important concerns about scalability, how can we implement this in other social media platforms, trust, and also ensuring that we don’t end up building infrastructure that normalizes unnecessary data collection of minors.
But I also think that the fundamental issue is not just who gets access, but what systems children are entering. when they’re online. Platform design also plays a much larger role than we think in shaping risk. Recommendation systems such as algorithms and feeds, so on TikTok, for example, the For You page, it plays a much larger role in shaping risk. And so this means that users, especially minors who maybe are not cognitively developed enough to recognize what exactly is harmful content and what is positive content, aren’t just exposed to content passively, but also are actively guided towards content that maximizes attention, decreases attention span, and also this content can include harmful, extreme, or also addictive material.
So I think from a more regulatory perspective, I would argue that focusing only on age gates and these very binary restrictions on under 16 -year -olds cannot use social media and over 16 -year -olds can. Would miss a very key leverage point because a more effective approach should be having stronger or holding platforms more accountable for the way that they amplify their content and target it towards younger people. So for minors in particular, this would be limiting or fully rethinking personalized recommendation feeds for default and also requiring safer and less engagement -driven design choices. And so in my view, reducing algorithmic amplification of harm would have a more direct impact than simply restricting access if it’s complemented with safer or more options for children to protect their privacy and safety online.
And I know you have to stay, but we will go into the discussion and then I will get that wraps up my point. Thank you.
Okay. I took the opportunity because we were already talking about what platform to use. So I’m going to go into the discussion and then I took the opportunity to interrupt you because you were already talking about what platforms could do or should do. And that’s the perfect segue to Leonard coming from Snapchat. where he is the Senior Manager for EU Public Policy. And, Lennart the floor is yours. What should you do? I’m sure we do.
I think that’s the $1 million question. Thank you so much, Jutta. Thank you so much to the organizers for the kind invitation and bringing together such an important and timely discussion. By way of a brief introduction, Snap operates Snapchat. Snapchat is a, I guess, popular platform for visual communication with friends and families. Snapchat opens into the camera different to, I think, some of the other well -known, more traditional social media platforms. Snapchat was built during a time when social media was becoming a popularity contest with users chasing likes, comments, and followers, and Snapchat was designed to offer people an alternative. Until today, Snapchat’s number one use case is staying. connected with France. We made deliberate design choices to help, for instance, prevent the spread of harmful misinformation, which includes moderating user content before it can reach a large audience, and we don’t offer live streaming on the platform.
However, I want to make one point very clear. We are not perfect, and we all need to do more to better protect minors online. Platforms carry a significant responsibility here. I also believe that expectations from parents, policymakers, researchers, and society more broadly towards platforms have rightly increased over recent years. From our perspectives, that means that platform must continuously invest in safety by design, age -appropriate safeguards, effective content moderation, and tools that generally support parents and young people. This is definitely not a one -off exercise and not something that we can do all the time. We have to make sure that we are able to do it all the time. That should only be popping up in press releases, but it’s an ongoing responsibility.
At the same time, we believe it’s equally important that policy responses are evidence -based, proportionate, and effective and practice. Not all digital services functions in the same way, not all platforms present the same risks, and not all usage patterns lead to the same outcomes. This is precisely why a risk -based approach to regulation is so important. The DSA is a very good example here. It already requires platforms like Snapchat to systematically assess risks for minors and implement appropriate mitigation measures. Is it a perfect framework? Perhaps not. I think it’s maybe something that we’re going to discuss further, but it’s been an important step into the right direction. In the current debate around social media bans and access restriction, Australia, and I think it was mentioned previously, is the most important part of the discussion.
It’s a prominent example and it’s being watched very closely around the world. Snapchat, for instance, has locked or disabled more than 415 ,000 accounts in order to comply with the law. At the same time, we’ve been seeing a number of practical challenges emerging. First, young people do not stop communicating online when access to selected services is restricted. Rather, usage may shift towards alternative or even less regulated or less safe services. Second, there are important technical challenges around age assurance. Current technologies are not perfect, particularly for minors. Even small error rates can have significantly consequences at scale. Some teenagers may still gain access, while others may be wrongly excluded. This is why it’s so important that discussions around age verification in Europe also focus on privacy, proportionality, accuracy, and practical implementation.
We are currently seeing a growing number of national initiatives across Europe around age restriction and access limitations. Which risk creating fragmentation across the EU and the single market and inconsistency. standards for miners’ protection. At the same time, we believe fragmented service -by -service age verification models risk creating additional privacy and cybersecurity concerns. This is why we believe it’s important to continue advancing the ongoing EU -level work in this area, including effective enforcement of existing rule, in particular the DSA, as well as further work around the EU digital identity wallet and the EU age verification solution to address remaining practical and technical challenges related to privacy -preserving age verification, particularly for miners, before pivoting towards more far -reaching measures.
Lastly, I think we’ve heard it a thousand times, and I’ve been working in the tech industry for like all my life, basically, but sustainable protection of miners also inquires investment in digital literacy, digital skills, parental empowerment, and meaningful engagement with young people themselves. And I believe this is one of the most important things that we’re working on. And I think that’s one of the reasons why we’re… sitting here today. Young people use digital services not only for entertainment, but also for communication, creativity, learning, and civic engagement. Our shared objective should therefore be to make digital spaces safer and more age -appropriate, and not simply to exclude young people.
Thank you, Len. It’s fantastic. Within your five minutes, I’m very precise, but you have been talking about also the technical challenges, and this turns us to our next speaker, which is Carmela Trocoso. She’s with us online, and she focuses on building and deploying secure and privacy -preserving systems that minimize societal harms, and she focuses on critically analyzing technologies with respect to the protection they provide. So, Carmela, the floor is yours. We are happy to have you here with us, also not in the room. And please go ahead with your five minutes and nine.
Thank you. Can you hear me? Can you hear me?
Sound, please, a bit louder, if that’s possible.
Yes, I can speak sound. Yeah, does that work better?
I think it’s okay.
Okay, so we’re going to talk from a technical perspective. I mean, Desk was already mentioned, if we want to implement an HVAN, we need the means, the technological means, to know the age of users in a way that cheating is not possible because otherwise the measure is moot. And technical measures that we have to implement these are known to be easily think -inventable. We already have spoken about this, and to my understanding, the latest studies in Australia says that two -thirds of the minors are still on social media. Like, this is more than half are still accessing that place. And making them less circumventable leads in general to a decrease in privacy overall. For example, by banning virtual private networks, which is an essential privacy tool for our society, or increasing data collection to try to prevent the kind of circumvention.
And unfortunately, this could also affect measures like the other way around, where we try to create children -specific spaces. We still have problems in which we cannot really assess age in a good way. And also, these kind of measures, from a technical perspective, we already have heard this from Leonard and from Leah, they are very privacy -invasive. And what I want to bring from the technical side is that this is inherent to how they work in the case of using biometrics, in the case of using behavioral data from the network, like what kind of pages you visit or what kind of content you look at. All of these things normalize collection, and we cannot make them without having the data, right?
And the way that would be non -privacy -invasive is to rely on certificates like the European Digital Identity Wallet or the Neuron. So, we have a new age verification solution, which kind of sounds nice, and we can indeed technologically do this, collecting much less data and revealing much less data. but it is first the solution is not fully ready yet and second would bring a lot of exclusion to those not being able to use the technology we have a lot of not savvy people they already mentioned that there are different kind of literacy levels here maybe people that don’t have the right hardware that actually can use this type of wallets or verification solutions or people that don’t have access to certificate including children I don’t know the rest of Europe but at least in Spain it is not mandatory for children to have IDs and actually introducing such a solution or creating children specific spaces based on this technology would mean that now every child also needs to mandatory have an ID and again get more collection about the data that we have avoided for years and years in our society and also including privacy technologies cannot be used as a magic wand to just wave the idea that no more harms are going to come from this technologies because discrimination that can be introduced by the possibility of introducing HX or further tech of data online cannot be solved even if we have privacy technologies.
We also have the problem of diminishing the safety online, as we were saying, maybe because people move to other platforms that have less assurance, as Leonard was saying, but also because when they want to circumvent these measures, they end up kind of finding cheap virtual private network providers that may actually be even more privacy invasive, collect their data, sell their data to others, so essentially push users to a market or to places in the internet that before they didn’t need to go. So when we think about is HBAN or H verification a solution that should be deployed, it is important to realize that this is not about, oh, we will have all the gains that we imagined versus all the harms and which is better.
It is actually, we will have very few benefits because not all of the miners are going to be left out of the technology, of the places we wanted to prevent them from coming. And we actually will have all the harms. And what is important here is that we need to, before moving forward, kind of check what is actually the gains that we’re going to get. Because we know that the harms exist, including the harms, as you were saying, of miners maybe not being able to access online data, online news, online communities that nowadays are beneficial for them. So what is actually the benefit? Because otherwise implementing these blanket bans or even the non -blanket bans might actually bring us to a place where we have more harm than benefit.
And I also wanted to reinforce that from a technical, from a security technical perspective, from security engineering, actually, the conclusion from Nia that tackling the content on the platforms and making the content safer, not only for children, but for everyone. is actually a much better benefit versus harm solution than trying to make all of these check the ages and try to make separation on the Internet because we don’t have technologies that allow this to do it in a safe way.
Thank you, Carmela for your explanations and for the deep insight into what technology can do and what it can’t probably do or what problems technology might also cause when not well implemented. I’m turning now to Andrea Tognoni. He’s representing here the European Commission somehow. He’s a case handler at the Digital Services Act Protection of Minors and Other Societal Risk Unit at the Director General for Communication Networks, Content and Technology, the DG Connect, as it is known. Andrea, and you’re also… I’m also responsible… responsibly organizing the special panel that Ursula von der Leyen has assembled. And there, I do think we have a good segue to what the Commission has already been doing with the Digital Services Act, Article 28, but also with the guidelines, where some of the things that have been mentioned from the platform side, but also from Mia and from Carmela might already be in.
Could you give us your position, please?
Thank you, Jutta, and everyone who’s following the event. It’s a pleasure to be here. Does it work? Should it be working? No? Louder. Okay. Well, this is the difficulty and the great thing of speaking last. A lot of things have already been said, so I could also not say too much, but there’s also so much more that now I want to cover and respond to. I’m glad that we will have the conversation after this. I think hearing the interventions before, I just wanted to put forward, let’s say, three main points, the last one being indeed the work of the panel, which we are, by all means, not single-handedly organizing, but it’s really being a commission.
I’ll give you a concerted effort. So the first one is indeed trying to move beyond, as you said, this yes or no to a ban, but also to move beyond a conversation whereby the ban is an alternative to everything else. I think we need to see potential restrictions or, as our president has recently referred to, delays in context. And the context is indeed one that is, first of all, seeing, as it was mentioned also by Helena, several member states moving to regulate this point at national level. So there is also a digital single market question open there. There is a context of a lot of action that is already taking place. I think some of it was mentioned.
I, of course, am really proud to say that we are a team that is working, specifically on the implementation and enforcement of the DSA with regard to the protection of minors, and we’re responsible. but also for the Article 28 guidelines, which we think already set very, very high standards in terms of safety by design and a lot of age-appropriate design requirements that were mentioned as a possible solution. And that is only one instrument in a way. I think we should not forget everything else that the Commission is also doing. There is the AI Act, which is kicking in in terms of implementation and enforcement. The MSD, Audiovisual Media Services Directive, which focuses on content that is being reviewed and in a way strengthened specifically on the protection of minors points.
There is the incredible activity of the Better Internet for Kids Strategy and Ambassadors, of course, and the Safer Internet Centres that are a network of raising awareness and helping really children. And raising awareness on online safety. nationally. So we should move away, I think, from this discussion whereby the ban will sort of get rid of everything that is already going. I think it should be thought in an integrated way. I think we need also to remember that some age restrictions already exist, and I’m not talking about Australia, which has implemented their, as they call it as well, delay. But I’m talking about restrictions to access, for example, pornographic content or restrictions for gambling, restrictions including, they’re not conceived as such, but including for the very online platforms that many of us have in mind to not have children below 13 on their services.
And we are, as a commission, enforcing some of these existing age limits, notably with preliminary findings recently on pornographic platforms. On Meta, as well, we have also issued an opening decision against the provider Snapchat on this topic. This is also part of this context that we need to take. And within this context, I think we need to move beyond just considering a potential ban as something that will start tomorrow and will change everything. I think no law and no restriction in any sector has ever worked like this. But of course, something that, as it was said by many speakers, if it is conceived and implemented, needs to be done properly. So considering, for sure, children’s rights at its core, and the fundamental rights of everyone, of course, as any EU law.
It needs to be based on child participation. I think in particular, as it was mentioned by the BAKM ambassador next to me, to understand the contours of the problem, the real pinpoint, the issues that we’re trying to solve, knowing that this… the landscape is not the same where the TSA was adopted, when the AI was adopted. So we need to also see this in flux in a way, but also be mindful of, I think, having some linguistic carefulness. So not equating, for example, age verification with the ban or with age assurance and age estimation with age verification. I think that doesn’t help necessarily the debate on how delays, let’s say, if they need to happen, can happen properly.
And, of course, ultimately making sure that we hear all voices and children in particular. It’s of paramount importance. And I think this is also what the panel that the president on the line has set up is trying to do. seeking out a lot of expertise on this topic and on everything around it, on this context that is also made of education, of health care services, of mental health delivery at national or subnational level. And I can only speak on process on that because the recommendations are known to me, but I think that we’re all looking forward to those recommendations in this room. So thank you.
Thank you so much, Andrea. Before we open the floor to the participants in the room and also to the online participants, I would like to pose a question in both directions because the DSA was already mentioned. You mentioned also that on national level in various countries that are also represented here at EURODIG Things are going underway. We have expert commissions. Some countries have already enacted some law or have legislation in development. And this is all in many times argued by the national governments that the commission hasn’t done enough to enforce the Digital Services Act, especially Article 28. And I do think we can have a great dispute whether it has been enough from the side of the platforms.
I know we have also Stephanie Quintao from TikTok here in the room. Maybe you can also come in, whether you feel there was enough enforcement. And what are you thinking, Andrea? And, of course, the question also goes to you, Diya Maybe the platforms first.
Sure. I think it’s not on us to judge the European Commission’s enforcement effort, but maybe a few observations, I think. And this is what you, Jutta, just alluded to. I think just listening to concerns across the EU from, I guess, policymakers, civil society, NGOs, experts in the field, I think there is a perceived ineffectiveness, or maybe to put it differently, maybe there’s not enough change in the industry that’s basically observed by experts. So I think this is, I think we all know that I think this has been driving some of the concerns and related initiatives around social media bans across Europe. And I think this is unfortunate because we’ve, at SNAP, we’re always strong advocates of the Digital Services Act.
This might sound a bit odd, but we were. we were aligned, like, at the beginning of the process with, like, the core tenants of the DSA when it comes to transparency, privacy, you know, user controls and all of that. And, of course, we’ve, you know, we’ve spent significant efforts in adjusting, you know, all the processes to be in a position where we comply with the letter of the law. So this is clear. I alluded to it previously. Is that a perfect framework? Potentially not. I think it’s something that, you know, needs to be continuously reviewed and improved, and it’s our understanding that this is what the Commission is doing. I mean, there’s, Andrea mentioned the Article 28 guidelines that were published last year.
There’s a review process currently underway to our understanding. So we see also on part of the European Commission a constant effort to making sure that the framework works as best as it can. So I think it’s ongoing work, and it requires ongoing dialogue. Between service providers and the European Commission, and that is working well, at least in our case.
I’ve seen your hand. I just want to bring in also the TikTok perspective and then going back to Andrea and Diya because we are now in a situation where I do think it’s neither in the interest of the platforms to have different age thresholds across European countries, nor it’s in the interest of the Commission to have that situation that we have faced with the GDPR article 8. But we ended up in a situation where we probably might go in that direction, although no one wants to go in these different age thresholds and different legislation. So, Stefanie, are you ready to get in?
Hi. Yes. I’m not an official speaker, so I don’t want to take up anyone’s time. But thank you, Jutta. So for allowing me to participate. So obviously, whatever decision that the European Parliament and Commission determine, we will comply. But outside of my role at TikTok, I was working for several years under child protection against child sexual abuse online with the organization called We Protect. And many youth -led organizations and child rights organizations often highlight the fact that the voices of young people are missing in this debate and that we should listen to their perspectives as we are today. And I think we should really listen to these organizations who might feel that a social media ban is more of a blunt tool and instrument.
And we have the opportunity now to protect children across all platforms. And give them a uniform experience across all different forms of online engagement. And several different organizations have rightly pointed out that there is the risk that they will… go to more unregulated spaces of the internet with less protections, less ability to report without trusted flaggers, for instance. I believe it was our experts online who also mentioned this possibility. So it’s something for us to collectively talk about. It’s obviously a concern for many tech companies. But I think we have the real life case study in Australia, which is rare. And we should sort of observe what’s happening in Australia and take learnings and insights from their experience to make sure that we have a harmonized approach that is meaningful and impactful to protecting young people across all digital spaces.
Yes. Thank you so much for your perspective. Andrea, what do you think? You could do more on enforcement. And then also you may refer to child participation in the whole process as well, because children have already been engaged in the DSA guidelines development. You may also refer to that, Andrea, for sure.
yeah so on enforcement I mean of course I cannot comment on enforcement yes well yeah I will say on enforcement I would never comment on enforcement cases and open proceedings what I would say is that the DSA has been adopted in 2022 has fully entered into force a bit more than two years ago and I think enforcement is really accelerating thanks to the fact that we have been I mean the commission and DigiConnect has been putting all the work possible and the resources possible into setting up this enforcement framework which I think now I think now can always, of course, improve and evolve, but I think we can already see that it starts to get into a more regular pace.
I think only this year we had more opening decisions. We started having more regularly the first preliminary findings and decisions. We had some secondary legislation to pass as well to apply some important articles. I mean, we’re talking about protection of minors, so the Article 28 guidelines were, I think, a very important milestone and also a way to specify our expectations, our sort of benchmarks for compliance for an article that admittedly reads very generally and it’s very outcome -based and future -proof, if one may say, but indeed needed some further detail. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you.
Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. acquiring a good speed in and I think can even further accelerate. Will this be enough to you know, in public perception? I think that’s a million dollar question for any regulator and any public authority. I think there is always public scrutiny on doing more. I think that is positive. It’s also what keeps this development sort of going. Just on child participation, I would really say that it’s fundamental for us at DigiConnect and this was a central element, as you said, of the development of the guidelines. It is being a very central consideration as well in the process of the special panel.
But of course, it hasn’t started with the guidelines or with the special panel. It has been developed and it has been developed and it has been there as an approach with the Better Intern for Kids Strategy and other also initiative of other colleagues in other DGs of the Commission for a long time. So with this regard, I think that we certainly, you know,
Yes, thank you. Diya what do you think? Enough enforcement, enough participation.
I don’t know if I can really speak to the technicalities of the DSA, but I think one thing that both Leonard and Andreas mentioned was, or something I can say is that because digital platforms and social media is so ever -evolving, that enforcement, like you said, that it can’t really be this end -all, be -all solution, and it has to sort of also evolve with how platforms develop. I mean, we can consider the example of artificial intelligence, where even if we enforce certain legislation, both country or state or nation specific, or the entire EU, it is really difficult, because there are new features and new technologies that are being developed every single day. And so I think…
that’s sort of why we need to bring in more literacy, as Leonard mentioned, and overall just preparing youth to face social media and the Internet, no matter what exactly the regulations are. But, yeah, that’s my thoughts.
Thank you. Thank you, Diya I’m turning to Camila just to announce that maybe you can come in later on answering the question whether technology to keep users at large safer is always lagging behind those technological developments that new functionalities of social media but also of other digital services. But first, we had a hand in the back there, the woman with the red hair. Then the second one, and the floor is open to you as well. You have online? Okay. Okay, so we go first there.
Thank you so much, Liliana, NGO North Macedonia. So I just want to jump on from the very beginning. Someone mentioned access or no taxes. We’re not talking about taxes. And on these gatherings and this topic, we frequently jump from two different layers. Is it access that we’re regulating or the content that we want to actually discuss or to dissolve the issue? I don’t think that age restriction basically can replace the social media accountability, but also digital literacy as it is or harmful content for kids. So what is the issue that we want to resolve with the age restriction is something that I think we need to agree on from this panel. Also, I would want to ask a specific question.
Who governs the age verification infrastructure? Who governs the age verification infrastructure? Have we discussed about it enough in terms of which laws, regulations, data transferability between regions and even countries? Who is going to be the owner of the data and who can, I don’t want to jump in with the GDPR, but definitely with the privacy issues. So, in terms of governance models in age verification infrastructure, is it going to be, again, private companies behind it? Thank you.
Thank you so much. I’ve noted some of our questions and I hope we will have enough time to go to address all of them.
Yeah, Frederik Taas, I’m a member of the Internet Society Belgian Chapter and also a champion of the Internet Society. I’m also a member of the EURALO, the European At -Large Organization for Representing and Users in ICANN. But I will speak on my own with the question I have heard many things, many good things about technologies and policies, but what about the children and the human side and education? I’ll just give you an example. Crossing the street, danger everywhere for children. You are crossing the street, you cannot fix everything with technology, with legislation. If you have a little child just walking and then, oh, you can go across the street because technologies and regulations are there.
No, it’s not working. There’s education. We educate the children to keep the hands of a responsible adult, to learn how to cross the street and then progressively to learn the rules. Okay, I need to cross there. There are the lines, the traffic lights. I need to watch left first and then right. And in some other areas, it’s first right and then left and then progressively. And here, it’s really black or white. There is legislation. There is a law. There is regulation, technologies, but it will not fix everything. We need to invest much more in education. That’s my message. Thank you.
Yes. Again, thank you for your message I hand over now to the online
Yes, hi So I have a question from T. Kraus From the Stiftung Digitale Chancen So the question is for the two gentlemen And the question is In the debate surrounding social media bans Many children and young people feel that they are being blamed For the problems and risks that exist online The guidelines on Article 28 provide recommendations And guidance But are not binding on service providers Would making these guidelines mandatory Be a viable way of providing greater incentives For service providers to offer safe services for young people
Okay, thank you for that question If I understood right It goes to Leonard and to Andrea
Thank you Jutta, but I mean speaking about the Article 28 guidelines, we understand this is part of our ongoing compliance work with the Digital Services Act and we are in a very constructive and good dialogue on that with the European Commission.
I think, I mean, I would maybe seek to clarify a nuance that is not as clear if we just say the guidelines are not binding. The guidelines reflect the Commission expectation as to how compliance with Article 28, which is a legal obligation can happen. So whether they need to be codified into to sort of hard instrument. This is not a question that we can sort of answer at this stage, but I just wanted to clarify that point. They’re not let’s say just random recommendations that we one day decided to
There have been so many efforts going to the guidelines that I’m really happy you’re saying they are not random recommendations. I have a hand there and then in the back row.
My name is Stephen. I’m a student in Datification, Digital Literacy and Internet UNESCO, but I speak on behalf of my own. I have a question aimed at Mr. Wessel. How would you react to the comments around some of the features of platforms that aim at maximizing user attraction, such as per -click revenue, algorithms and filter bubbles? And how can this coexist with advocating at the same time for protecting children against online doom -scrolling and addiction, for instance? Thank you.
And I think I tried to do it in the beginning of my remarks. I think at Snap, we were very deliberate when it came to the design of our platform. I think there was deliberate design choices to, I think, also react to some of the trends we’ve been, you know, back then we’ve been observing on social media more broadly. And, of course, I think one of these concerns was around, you know, content that I would post online that would stay there forever. I think our immediate reaction to that was to build the platform around the principle of ephemerality, which is basically self -deleting content and messages. At the same time, I think there’s an important emerging discussion on specific features on online platforms that are perceived as harmful and addictive.
But we’ve always said over the past few months that I think it’s very important to not look at features in isolation, but look at features and how they apply in a specific context of a service or a platform. So I think it would be risky if we would take a feature like ephemeral content in isolation and say it’s perceived risky, because our experience with having ephemeral content and messages on our platform is that it’s been a key building block of how we protect the privacy of our users. And I think this not only goes to ephemeral content. I think this goes to a broad range of features that are currently being part of this discussion, that it’s always important to…
to take a look at the broader context of a service and then do an assessment of whether a certain feature basically brings along certain risks. So, yes, I think it’s an important discussion, but I think it’s really about
Thank you, Leonard. I think we go back to the risk -based approach a bit later. We have only 12 minutes left, so this is the last question from the floor, and then we go back.
Thank you for giving me the right to speak, Jutta. I’m Alexander Pitsch from the Internet Society Switzerland chapter. I have more of a statement rather than a question, and I would like to explicitly state that we are talking about a social problem and not a technical problem, and it’s very dangerous to fall into the pitfall of applying techno -solutionism to a social problem. The problem is not can we technically identify age within a range of plus or minus three days, right? The problem is that online spaces on mainstream social media platforms are unsafe spaces. This is for children. and adults. So the problems of misinformation, which has been discussed at this conference, the problem of privacy invasion, the problems of mental health problems or causation of mental health problems or social media addictions are not limited to children.
And we should, rather than focusing on symptomatic attempts to mitigate the problem, tackle the root cause of it, and that is surveillance capitalism, right? Platforms, as they are now, have the economic incentive to keep users exposed on the platforms for as long of a time as possible and show them as much advertisement as possible. This is an economic incentive, which is at the root of the problem. And that’s a social problem. This is not a technical decision. It’s not given, God given, that social media algorithms have to be driven by these economic imperatives. There are alternatives. the NLNet Foundation is building them or helping build them. We heard about Mastodon, and this should be the focus of the policy and not some construed, actually not oversimplified problems, but misdirected attempts rather than tackling the root issue.
Thank you, Alex. I do think we have been talking about trying out oversimplified solutions, not oversimplified problems. The problems are complex, and we can’t find simple solutions to the complex problems. Going back to the technical questions, Carmela what do you think about? Are we lagging behind with technical approaches to solve the issues? And I know you are a privacy expert, so you can probably also refer to the privacy question that we have around age assurance. Age inference, age verification, so the floor is yours again.
so first notwithstanding that I agree that this is a social problem and shouldn’t have a technical solution when we talk about the solution at the policy level we also need to talk about the technical implementation and before it was said that we should treat these two problems separately the ban on industrial verification but I’m sorry I wish but we cannot because to measure harms and benefits we need to measure the harms and benefits of the implementation not for the ideal kind of conception of what this thing would be and this is why these two things are entrenched and here is where all of these technical problems like the privacy problems come into hand as I was saying before for some of these technologies the privacy problems are inherent to the fact that the technology relies on collecting data about users and inferring things about them in order to make decisions so we cannot really separate this thing or making it in a privacy preserving way no matter how much cryptography I want to throw at the problem And in terms of your question of are we actually lagging behind, I think that we need to flip the question and we need to say that actually the problem is not that privacy technologies or protection technologies lag behind.
The problem is that technology is running too fast. The problem is that we are deploying technologies that are harmful. And then we want another technology to come and solve the problem. But the real thing here, like all of these algorithms that we’re discussing right now, right, that they create these addictions, that they show this content that they enable, that is the real problem. And for some of them, it’s actually even very hard to actually find the protection because the goal of the algorithm, which is to kind of recommend content in a way that is the most profitable for the platform. It doesn’t matter, again, how much cryptography I send to it. It doesn’t matter how.
I can build this in a protective way. The only way to build it in a protective way is to remove the functionality of the algorithm. So I think. When we look at technologies, we look at us and say, like, hey, guys, why don’t you protect us or why can’t you go behind? In some of these cases, maybe we need to take a step back and say, well, should we actually be deploying this? Can we deploy it in an even safer way rather than just deploying technologies and then be wondering why we cannot protect them? Because some of them are just, like I said, inherently kind of harmful. And then it’s not that we’re lagging behind.
It’s that we will never catch up.
Yes, thank you so much for your input on this point. I do think we are close to the end of the session. Let me eventually refer to that example that we heard about education. I do think that everybody is agreeing in the room that we can’t have a technical approach without having an educational approach. Digital literacy is key, definitely. But also we have to bear in mind that if we are following a risk -based approach, then sometimes digital literacy education alone cannot help us. We need it, but it needs to be accompanied. Like you had that traffic example, of course we have some streets where it’s really safe to walk the streets, across the streets, even for smaller children.
But in some places we need the traffic lights to regulate that they are really safe times when they can cross the street. And the same counts for the digital environment. And I do think the European Commission is following a risk -based approach with the DSA to make sure that we have not one -size -fits -all approach. Depending on the risks of the functionalities on certain types of platforms, we need an approach that fits into that. We will use the last four minutes, turning to Desara. tried to summarize and have some messages that we can take out of this room. And I’m pretty sure we will be able to continue the discussions during coffee break afterwards.
We could have afforded 90 minutes for this session. I think many of you wanted to come in, but these are the time restrictions.
Hello. Yes, thank you very much everyone for a very lively discussion. I’m very happy to see all of you here and being so engaged in this very important topic. I tried to summarize the main ideas but it’s very difficult because there’s a lot of ideas and I’m happy about that. If we can share the screen so that everybody can see. I’m going to read. The ideas are very rough the messages but the idea is to have a general agreement from the audience and then we will try to refine them. So the first message is that blanket age bans risk oversimplifying a complex issue rather than reducing harms. It is important to fully understand the complexity of the issue which includes and requires among others child participation, hearing all expert voices, learning from international partners and putting children at the center.
More viable solutions would be an age appropriate design system, safety by design with more focus on for example age inappropriate material and algorithms. with youth voices embedded earlier in the regulatory design and holding platforms more accountable. The second message is, it is important for policies to also focus on privacy, proportionality and accuracy. We need to continue the work towards harmonized age verification measures, digital literacy and meaningful engagement with young people themselves. Any measures taken need to be centered around child rights, youth participation and be harmonized. The third one is technical. measures to implement age -bends, privacy -invasive, while not assuring a situation of no more harms. There is a need to carefully assess the real -world effectiveness and proportionality of blanket restrictions.
In terms of implementation, the technology is not working yet and can negatively affect inclusion and pushes children towards more dangerous environments. From a security perspective, regulating platforms would have a better benefits versus harms solution. The last one is we should move away from the idea that bends will get rid of everything and change everything. Age restrictions or bends should be considered not in isolation but with current policy and regulatory context, which at European level is multi -layered and includes several national and EU -level initiatives. And we must make the distinction between regulating access and regulating content. T
hank you so much, Desara, for also quickly reading out the questions. Thank you. So, would anyone in the room raise their hand and being completely not in consent with these messages? Otherwise, as Desara said before, we will review them again afterwards and maybe try to be a bit more concise. We have covered a lot of things already, but what about my panelists, my speakers? Could you agree with Desara’s messages? More or less, Andrea?
“The session examined how Europe should protect minors online, especially in the context of proposals for social media age bans, age verification, and stronger platform obligations.”
The knowledge base supports this framing: the EU Digital Services Act imposes obligations on platforms to protect children and respect users’ rights, and requires risk assessment and mitigation for harms affecting minors [S76].
“A recurring distinction in the discussion was between regulating access to services and regulating harmful content or platform systems.”
This distinction is reinforced by the knowledge base, which describes a broader policy shift from content-focused regulation toward systemic risk and process-oriented regulation in platform governance, especially in the EU context [S82].
“Diya argued that broad age bands may look simple, but in practice they oversimplify a much more complex problem.”
The knowledge base adds that age assurance is being approached through multiple models rather than a single simple rule: Australia is testing biometrics, parental consent, and app store age checks, while international standards work covers age verification, estimation, and inference [S27]. This supports the idea that the policy problem is more complex than a single age cutoff.
“She pointed to evidence from existing restrictions showing that young people do not simply disappear from online platforms when formal access is limited; many instead use VPNs, shared accounts, or other forms of circumvention.”
The knowledge base does not directly verify VPN or shared-account circumvention, but it does provide relevant context that age verification can face practical access barriers and may not work well for all users, especially where children rely on adults’ devices or lack IDs and compatible hardware [S31] and [S70].
“Referring to surveys by the University of Canberra on Australian youth after the under-16 social media ban, she said these suggested young people’s media literacy had in some sense stagnated because many access news and current affairs through social media rather than traditional outlets.”
The knowledge base confirms that Australia is only ‘in the process of a landmark law proposal’ restricting access for children under 16 and testing age assurance technologies, with trial results expected by June 2025 [S27]. That means a completed and implemented ‘under-16 social media ban’ is not established in the source, so references to post-ban survey effects should be treated cautiously.
“She added that some children find safe communities, maintain important friendships, or depend on online peer networks for support, so restricting access can also remove meaningful sources of safety and belonging.”
The knowledge base supports this: it notes that platforms can provide lifelines for marginalized youth, including LGBTQ children in unsupportive communities, and that blanket bans may disconnect youth from critical support networks and educational resources [S31].
“Lennart Wetzel said that when access to selected services is restricted, young people often continue communicating online but move to alternative, potentially less regulated and less safe services.”
The knowledge base adds relevant context that abuse and harmful interactions often span multiple services and migrate across social media, gaming, messaging, and livestreaming platforms, showing why restricting a single service may displace rather than solve risk [S80].
“He also argued that young people use digital services for communication, creativity, learning, and civic engagement, so the shared goal should be to make digital spaces safer and more age-appropriate rather than simply excluding minors.”
This is consistent with the knowledge base. One source emphasizes balancing protection with digital rights and the learning dimension for younger generations [S76], while another stresses empowerment, education, and responsible online participation rather than only restricting access [S33].
The main areas of agreement were that blanket bans are too simplistic; platform design, recommendation systems, and accountability are more central than pure access control; age-verification systems raise serious privacy and implementation concerns; Europe should pursue a harmonized, risk-based regulatory approach; and digital literacy plus youth participation are essential alongside regulation [6-10][24-31][57-61][70-78][136-167][362-371][382-394].
High on broad principles, moderate on instruments. Speakers from youth advocacy, industry, civil society, technical privacy research, and the European Commission largely converged on diagnosis and guardrails, even if they differed on the extent to which age assurance may still play a role. This implies that future policy is more likely to gain support if it prioritizes safety-by-design, platform accountability, privacy-preserving and proportionate measures, harmonization at EU level, and child participation rather than relying mainly on blanket social media bans.
The discussion showed broad consensus on the goal of protecting children online, but significant disagreement over the means. The main dividing lines concerned the effectiveness of blanket age bans, the viability and privacy impact of age assurance, the relative importance of platform design versus access control, and the sufficiency of current DSA enforcement and guidance [4-5][6-10][24-31][57-63][70-78][96-118][136-167][171-180][222-246][382-394].
Moderate. The speakers did not fundamentally disagree on the need for child protection, child participation, or digital literacy, but they differed meaningfully on regulatory strategy, technical feasibility, and the depth of platform reform required. This implies that future policy is likely to converge around layered, risk-based, and rights-aware approaches, but with continued contestation over whether age restrictions should play any meaningful role and how strongly platform business models and recommender systems should be constrained.
The most influential comments collectively pushed the discussion away from a simplistic debate over whether to ban minors from social media and toward a much richer examination of design, governance, implementation, and political economy. Diya Aravinthan established the core reframing by rejecting the ‘access or no access’ binary and focusing attention on platform design and algorithmic amplification. Lennart Wetzel and Andrea Tognoni then situated the issue in a risk-based and multi-layered regulatory context, introducing the DSA and broader EU governance as alternatives to blunt restrictions. Carmela Troncoso repeatedly deepened the analysis by showing that age verification is not just a policy choice but a technical system with inherent privacy, inclusion, and security trade-offs. Audience interventions were especially important in shifting the discussion further: one participant raised governance and data ownership questions around age-verification infrastructure, another re-centered education and child development, and Alexander Pitsch pushed the conversation to its most structural level by identifying surveillance capitalism as the root problem. Together, these comments changed the conversation from a narrow child-protection framing into a more systemic debate about platform accountability, rights, and the limits of techno-solutionist policymaking.
Disclaimer: This is not an official session record. DiploAI generates these resources from audiovisual recordings, and they are presented as-is, including potential errors. Due to logistical challenges, such as discrepancies in audio/video or transcripts, names may be misspelled. We strive for accuracy to the best of our ability.
Related event
