Away from blanket access bans and toward more thoughtful approaches

A growing number of governments are turning their attention to the risks social media poses to children and adolescents. In the UK, proposals to restrict under-16s’ access to platforms and under-18s’ access to specific features reflect mounting concern over online harms – from exposure to harmful content to addictive design features. Yet as policymakers reach for sweeping solutions, GPD joins the large numbers of human rights groups, child protection advocates, domestic and international human rights mechanisms warning that blanket social media access bans risk doing more harm than good.

The UK is not alone. Across Europe and in countries such as Australia, Indonesia and Türkiye governments are experimenting with age-based access and content restrictions. But blanket approaches miss the mark: they fail to address the structural drivers of harm while introducing new risks to privacy, expression, access to information, inclusion, and children’s rights.

The Risks of Blanket Access Bans

In order to function, access ban will require the introduction of mandatory online age verification infrastructure for all Internet users, creating privacy and surveillance risks at population scale that are not proportionate to the aim pursued. 

The burden of blanket responses will fall mostly heavily on children and young people, whose access to the online world will be severely curtailed. While acknowledging the clear risks that exist online, a blanket ban risks cutting off access entirely for some children, preventing them from benefitting from the Internet as a portal to community, connection, self-expression, access to information and play.

Blanket access bans also do not reflect the emerging guidance from international and domestic human rights bodies. The Council of Europe Commissioner for Human Rights’s recent statement explicitly cautioned against blanket social media bans and called on governments to regulate platform design rather than restrict children’s access, while UNICEF noted that age restrictions alone will not keep children safe and called on platforms to proactively redesign their products. The UN High Commissioner for Human Rights also recently published guidelines offering ten key steps to protect children online, prioritising platform design, the use of children’s rights impact assessments, and narrow deployment of age verification with adequate human rights guardrails.

In the UK context, the Scottish Children and Young People’s Commissioner published a children’s rights impact assessment to the government’s consultation, concluding that there is insufficient evidence that an under-16s ban would be an effective or proportionate solution. Valid concerns have also been raised about the extent to which the consultation has taken into account the views of children and young people, with the government providing little information about its “structured engagements” with young people to inform the development of the government’s response.

Layering risks from identity verification to device scanning

Age gating comes with the burden to verify users’ age. As GPD has previously addressed, different age verification methods pose different and distinct risks. Some risk exclusion by design, relying on methods of identification that are not widely available across populations. Age estimation methods have produced discriminatory outcomes across demographic groups and cannot reliably distinguish users near the age threshold. Age verification methods that rely on intermediaries such as device providers or trusted authenticators risk consolidating the market power of dominant app store and operating system providers. 

Implementing mandatory identity verification online poses huge privacy and security risks, Even with the current, narrow deployment of age verification under the UK’s current online safety rules, the 2025 Discord case – where government ID photos submitted for age verification were exposed – has shown the risk of serious breaches of UK users’ data. 

Early research from the US has also pointed to the risks of outsourcing age verification to private companies. As the Knight-Georgetown Institute’s recent technical assessment found, no currently available age assurance technology can verify user age without creating structural risks for all users. CDT and others have called for additional work and multistakeholder dialogue to address privacy, security, and human rights issues prior to wide deployment.

In the UK context, mandatory age verification for using certain online services will be introduced in the context of existing message scanning powers under the UK’s Online Safety and new plans to introduce scanning for users who do not age verify their devices. Put together, this produces an even more intrusive, insecure and rights-restricting environment. 

Establishing population-wide identity authentication infrastructures like this will be near impossible to roll back or to retrofit guardrails. It creates a pipeline to repress marginalised communities or to exclude them entirely from online services where they lack the relevant identity documents. It also centralises a treasure trove of data in the hands of private companies which is vulnerable to criminal exploitation.

Addressing the Real Drivers of Harm

At its core, the debate over social media regulation is a debate about incentives. The harms experienced by young users are not accidental; they are the by-products of business models that prioritise engagement and data extraction. Features such as infinite scroll, algorithmic recommendations, and targeted advertising are designed to maximise user attention – often at the expense of well-being.

Blanket bans do little to disrupt these dynamics. Instead, they risk entrenching them by reinforcing the dominance of existing platforms while excluding new entrants. A more effective approach would focus on reshaping incentives – through regulation that limits harmful design practices, enhances competition, and promotes privacy-preserving alternatives.

As we pointed to in our response to the UK government’s consultation, this includes tackling exploitative algorithms and data extraction. In the UK specifically, this also requires robustly enforcing the UK’s existing platform design obligations under the Online Safety Act.

A More Thoughtful Path Forward

The challenge of protecting children online is real and urgent. However, the solutions must be thoughtful and sophisticated. International experience suggests that rights-respecting, evidence-based approaches – focused on platform accountability and systemic reform – offer a more promising path than blunt restrictions on access.

Importantly, policy approaches must be holistic, tackling the root causes of harm that are not confined to the online realm. Part of the solution to improving children’s online experience is investing in children’s and their caregivers’ education, awareness and digital skills, as well as measures that target harms to children at their core.

As the UK continues to refine its policy response, it faces a choice. It can pursue headline-grabbing measures that risk unintended consequences, or it can align with international human rights standards and practices that prioritise children’s rights, privacy, and long-term resilience.