OpinionThe Privacy Dilemma in Safeguarding Children Online

Cardano Foundation CEO Frederik Gregaard highlights the ongoing privacy issues linked to age verification.

By Frederik Gregaard|Edited by Cheyenne Ligon Jul 15, 2026, 2:58 p.m. 3 min readMake preferred on ShareShare this articleCopy linkX (Twitter)LinkedInFacebookEmailMake preferred on

In 2024, AU10TIX, a provider of identity verification services for firms like TikTok and Uber, was discovered to have left drivers' licenses vulnerable to hackers for an extended period. The following year, the age-verification service for social media platform Discord experienced a breach, potentially compromising the IDs of around 70,000 users. By 2026, it should be evident that reliance on vendors for age verification and stored identity information can turn a safety measure into a vector for breaches.

Moreover, the surge in AI technology is intensifying these threats, leading to quicker hacks and more severe consequences.

This context surrounds the recent passage of the Kids Internet and Digital Safety (KIDS) Act by the U.S. House on June 29th, which is a comprehensive initiative based on the Kids Online Safety Act (KOSA), with a vote of 267-117. The bill now awaits consideration in the Senate, where KOSA's authors, Democrat Richard Blumenthal and Republican Marsha Blackburn, have firmly rejected the House's version, advocating for a stricter alternative that includes federal oversight of state AI regulations. A markup by the Senate Commerce Committee is anticipated this month. The outcome of this process will significantly influence the future of online identity management.

While the aim is to safeguard minors, there is a substantial risk that the protective measures could necessitate the establishment of a far-reaching surveillance system, a reality that advocates may not fully acknowledge.

Frederik Gregaard is the CEO of the Cardano Foundation, a non-profit organization based in Switzerland dedicated to the advancement of the Cardano protocol.

The KIDS Act does not explicitly mandate age verification, as it is not required. By making platforms responsible for any harm to minors accessing their services, companies face a straightforward risk assessment. They can either verify age or face the legal repercussions of not knowing the age of their users. This liability, even without a direct verification requirement, leads to the implementation of verification processes. It is crucial to highlight this mechanism, as the assertion that "there's no explicit age check in the bill" overlooks the practical incentives at play.

When access is conditional on data disclosure, the scope of information collection often broadens. A system designed merely to confirm age can evolve into one that verifies identity, and a database intended to limit liability could become just another target for breaches, similar to the AU10TIX incident.

However, if a platform's only requirement is to ascertain that a user meets a minimum age, it should not necessitate a complete identity profile or other data that could be used to infer age. If the objective is solely to mitigate exposure to harmful content, there is no need to create a database that could be exploited later. These nuances, although seemingly minor, are significant.

In Utah, where State-Endorsed Digital Identity (SEDI) legislation was enacted, the Cardano Foundation's Veridian has demonstrated that digital identity can be provided in a way that preserves privacy, allowing users to verify their age without revealing additional personal information. This serves as a practical example of responsible verification and illustrates that trust does not necessitate excessive data disclosure. Privacy can be integrated into the system from the outset.

This is the standard that bills like KIDS or KOSA should aspire to uphold.

If the intention is to protect children, the mechanisms employed should be targeted, specific, and minimally intrusive. Broad requirements that push every platform towards increased data collection, retention, and reliance on identity verification could lead to additional issues alongside the ones they aim to address.

A more effective strategy is straightforward. Focus on data minimization, restrict retention, and implement privacy-preserving verification where absolutely necessary. If digital trust can be established without revealing personal information, lawmakers should favor that approach. If safety can be enhanced without transforming the internet into an identity verification system, that should be the preferred route.

While children require online protection, they should not be subjected to a policy framework that increases overall visibility to ensure accountability for the internet and the companies that operate within it.

The appropriate standard is simpler: safeguard minors, limit data collection, uphold privacy, and foster trust without unnecessary disclosure.

This should be the criterion for the KIDS Act, as safety can be achieved without resorting to surveillance.

Note: The opinions expressed in this article belong to the author and do not necessarily reflect those of CoinDesk, Inc. or its affiliates.

Latest Crypto News
  1. 1High-level White House meeting said to be planned to hash out Clarity Act ethics section22 minutes ago
  2. 2South Korea to modify 76-year-old law to classify cryptocurrencies as national assets24 minutes ago
  3. 3Open USD poses biggest threat yet to Circle's USDC, CoinShares says56 minutes ago
  4. 4A timeline of the Ethereum Foundation's ongoing shakeup 1 hour ago
  5. 5BlackRock's crypto assets fall 39% despite $15 billion of net inflows2 hours ago
  6. 6The launchpad that fueled Robinhood Chain's memecoin boom just gave away all its revenue2 hours ago
  7. 7Japan reclassifies crypto as a financial asset, paves way for tax cuts2 hours ago
  8. 8Strategy feels 'very secure' until bitcoin reaches $8,000-$10,000, says CEO 2 hours ago
  9. 9Bitcoin rally cools as investors digest inflation data, oil clouds outlook3 hours ago
  10. 10Crypto steadies as Middle East tensions counter U.S. inflation report boost3 hours ago
Latest Research

Gate Leads Spot Market Share Gains as CEX Volumes Rise for First Time in Five Months

Gate Leads Spot Market Share Gains as CEX Volumes Rise for First Time in Five Months

CEX trading volumes rose for the first time in five months in June, with spot climbing 15.3% to $1.11T and RWA perpetual volumes surging to a record $311B.

By CoinDesk ResearchJul 13, 2026

CEX trading volumes rose for the first time in five months in June, with spot climbing 15.3% to $1.11T and RWA perpetual volumes surging to a record $311B.

Why it matters:

CEX trading volumes rose for the first time in five months in June, with spot climbing 15.3% to $1.11T and RWA perpetual volumes surging to a record $311B.

View Full ReportMore From Opinion

The Clarity Act isn't a ticket to sanctions evasion, actually

The UK has finally shown it’s serious about crypto

Age verification is the surveillance nobody voted for