Depends on how it is done. You know those 2FA fobs that just pass a code every 30 seconds, right?
What if you made some kind of fob or chip that you can only get from the government when you are 18+ (here in NL that would be easy because most things are 18plus locked) then if you could use that for online gambling, porn, buying alcohol online, etc. it wouldn’t be linked to your person.
If the government doesn’t keep track of who has which fob/card. Which is easy to check if you get an accountant to do a formal audit on them, keeping track or not. I know PureVPN had done an audit like that checking if they kept themselves on their own no logs policy.
Pretty sure, the rights that European citizens get based on GDPR also apply when dealing with the government(s).
Generally, governments are splintered into multiple parts and every part is only allowed to keep their relevant data.
Anyway, the government as a whole just doesn’t need to know what sites you visit and the companies don’t need to see your personal information or any identifier. If they can just check if that number correspond to a true or false, it’s enough.
Depends on how it is done. You know those 2FA fobs that just pass a code every 30 seconds, right? What if you made some kind of fob or chip that you can only get from the government when you are 18+ (here in NL that would be easy because most things are 18plus locked) then if you could use that for online gambling, porn, buying alcohol online, etc. it wouldn’t be linked to your person. If the government doesn’t keep track of who has which fob/card. Which is easy to check if you get an accountant to do a formal audit on them, keeping track or not. I know PureVPN had done an audit like that checking if they kept themselves on their own no logs policy.
There is zero chance it would be implemented in a way that would protect privacy.
If it wouldn’t protect privacy then it wouldn’t be GDPR compliant.
https://ageverification.dev/Technical Specification/architecture-and-technical-specifications/#22-design-principles it is mentioned under 2.2 Design Principles
Note I haven’t read everything about it or seen any code surrounding it.
GDPR is for commercial products, not government mandated ID.
Pretty sure, the rights that European citizens get based on GDPR also apply when dealing with the government(s). Generally, governments are splintered into multiple parts and every part is only allowed to keep their relevant data.
Anyway, the government as a whole just doesn’t need to know what sites you visit and the companies don’t need to see your personal information or any identifier. If they can just check if that number correspond to a true or false, it’s enough.