🇪🇺TikTok’s Age Verification Kicks In

Hello all, and happy Thursday!

With the new year, TikTok began rolling out age verification for EU users.

It’s a classic case of children’s safety leading to (or being used to justify) excess data collection. We don’t know exactly how bad TikTok’s age verification system is, as it’s only recently been revealed. The company recently completed a year-long pilot in Britain and began rolling it out in the EU earlier this month.

In essence, the system analyzes users’ profiles, posted videos, and other behavioral signals to predict whether an account belongs to an underage user. It’s not confirmed yet, but odds are this work is being carried out with AI. Then, human moderators review accounts flagged by the system to ban any under-13 users, as per TikTok’s terms of service. For appeals, TikTok will use a third-party provider to estimate age based on users’ biometrics, as well as credit-card checks and IDs.

That’s a lot of data processing!

TikTok asserts it worked in conjunction with EU data protection authorities and that its system is purpose-built for EU compliance. Even so, it seems hard to imagine that there was no other approach to reduce underage accounts that relied on less data collection.

Best,

Arlo

Events

Webinar: Untap Those Wires: How to Reduce CIPA Risk with Your CMP

The Cold War may be over, but wiretap laws are alive, well, and–if you’re a member of the plaintiff’s bar–very lucrative. Thousands of lawsuits have been filed under decades-old wiretap laws in recent years, with the California Invasion of Privacy Act (CIPA) chief among them. How can you protect your business against opportunistic CIPA lawsuits? Join Osano’s Chief Customer Officer Skye McCullough and Strategic Customer Success Manager Mark Brown on February 5th to discover the answer.

Save your seat | February 5th, 1 pm EST

In Case You Missed It…

On-Demand Webinar: Untangling 2026 Privacy: New Laws, Amendments, Enforcement, and More 

Feel like privacy compliance has got you tied into knots? You’re not alone. 2025 was a hectic year for privacy and compliance professionals, and 2026 promises to present even more challenges. Our recent webinar covered everything you need to know to stay compliant in 2026. Now available free, ungated, and on demand!

Watch the recording

Top Privacy Stories of the Week

Facebook Pixel Usage Leads to Huge VPPA and ECPA Loss for the University of Phoenix

The University of Phoenix is facing potentially crushing exposure in a class action lawsuit arising out of its use of the Facebook Pixel and other common targeting pixels. The complaint alleges UoP used targeting pixels to track and market to students who viewed recorded online courses and other parts of the UoP website. The suit charges UoP violated two federal laws–the Video Privacy Protection Act and the Electronic Communications Privacy Act.

Read more

Top 10 Operational Impacts of India’s DPDPA

India is the world's most populated country with 1.4 billion people. Considering its significant role in highly globalized industries such as financial services and health care, its privacy regulation–the Digital Personal Data Protection Act (DPDPA)–will undoubtedly have a broad impact on organizations and individuals worldwide. Reflecting the importance of this new data privacy law, the IAPP has launched a 10-part series.

Read more

California’s CCPA Cybersecurity Audit Rule Takes Effect: What Businesses Need to Know

On January 1, 2026, new California Consumer Privacy Act (CCPA) regulations took effect, establishing comprehensive cybersecurity audit obligations for covered businesses–the first of its kind among state data privacy laws. Learn more about how to comply here.

Read more

Worried About Surveillance, States Enact Privacy Laws and Restrict Flock License Plate Readers

As part of its deportation efforts, the Trump administration has increased its demands for personal data from US states. At the same time, a growing number of conservative lawmakers also want to curb the use of surveillance technologies. Increasingly, states are passing laws to limit access to drivers’ license records and canceling contracts with Flock Safety, the largest provider of license plate readers in the U.S.

Read more

TikTok Rolls Out AI Age Detection in EU Amid Privacy Concerns

In response to EU regulations such as the Digital Services Act, TikTok is rolling out an AI-driven age-detection system in the EU to block users under 13. This approach uses machine learning to analyze behavior and requires ID verification to overcome users bypassing age gates. While aiming to enhance child safety, it faces criticism for privacy risks, accuracy issues, and potential biases.

Read more

Like what you see in the Privacy Insider newsletter?

There's more to explore:

🎙️The Privacy Insider Podcast

We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.

📱 The Osano Subreddit

Join our official subreddit to stay up to date on the latest news, analysis, guidance, and content from Osano!

📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands

The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.

If you’re interested in working at Osano, check out our Careers page!