Well, look at that. Electronic Frontiers Australia’s early call rings true.
The Age Assurance Technology Trial (“AATT”) Final Report has been released.
EFA Chair John Pane was a member of the AATT Stakeholder Advisory board in the capacity of a digital rights advocate and privacy subject matter expert. He resigned from the AATT Stakeholder Advisory Board in mid-August 2025 due to a range of concerns relating to the preliminary report and press release published in June by the AATT project.
EFA’s press release in response to the AATT June report was strongly worded and identified a series of incongruities, gaps and technology friendly claims, some of which were contradicted by the evidence. See the media release here.
Having examined the AATT Final Report today, EFA feels vindicated by our initial assessment.
EFA’s key takeaways:
Age assurance technology is not, nor can it be reduced to a political sound bite, of being “private, efficient and effective.” It is an aspirational statement but not a statement of fact that applies across the entire suite of age assurance technologies and methods tested. There are significant gaps and margins of error.
Privacy compliance and operational effectiveness cannot be inferred by the simple presence and reading of an externally facing privacy policy. There must be a detailed analysis undertaken of the organizational privacy framework, risks register and controls register. To say an organization has embraced Privacy by Design based upon the reading of a privacy policy is simply poor risk management and ultimately fits the definition of “Privacy Washing”.
Vendors that built backdoors and retained children’s personal and biometric data indefinitely – on the assumption that someday, someone, somewhere will request access to it – get a free pass. To fix this, the AATT suggested more “regulatory guidance.” EFA, however, points out that social media platforms don’t have Know Your Customer (KYC) obligations like banks do. Instead, this kind of data should be securely destroyed as soon as possible after age authentication has been proven.
And no, unlike the AATT’s recommendation to solve this problem by having the regulator (the Office of the Australian Information Commissioner) provide more guidance, all the EFA can say is that the OAIC has published detailed public guidance on these issues for over 20 years. Perhaps no one bothered to look?
And from the Minister for Communications on the age assurance technology trial: “This report is the latest piece of evidence showing digital platforms have access to technology to better protect young people from inappropriate content and harm” and “While there’s no one-size-fits-all solution to age assurance, this trial shows there are many effective options and importantly that user privacy can be safeguarded.”
Clearly the Minister nor her staff have closely examined the report. But then again, if your objective is to habituate the Australian public to ubiquitous adoption of Digital ID, why would you?
The government earns a big, red “F” from EFA on this initiative. It is bad policy, bad law, and a gap-ridden technological solution that is easily circumvented by technical means or third-party collusion. It does not solve the problem of algorithmic manipulation that steals users’ attention and engagement, nor does it fix the inherent shortcomings in our privacy and online safety laws through a mandated digital duty of care.
Why does the entire report read like a sales pitch or marketing material for the Age Authentication, Identity Verification, and Biometrics industries? Because it is.
EFA called it 18 months ago: the Social Media Minimum Age regulation is a trojan horse for Digital ID. Certain age ranges (particularly those 15–18) are highly error-prone, which creates demand for “more effective” technology. This, in turn, bolsters the government’s business case for deploying identity verification technologies, as they are the most effective tool in the tool box. All of this brings us to normalizing the government’s entire Digital ID strategy.
EFA’s Overall Score
Age Authentication, Identity Verification and Biometrics Industries: 1
Australian society: 0
This press release on the age assurance technology trial was written by John Pane, Chair of Electronic Frontiers Australia.