Discord's Age Verification Plans Trigger Privacy Concerns
Discord announced earlier this month that all users will soon be defaulted to teen experiences until their ages are verified. This move quickly sparked backlash from users and privacy advocates, who criticized the expanded age verification plans, particularly over the collection and handling of government identification data.
Controversy Over Data Collection and Breach History
The controversy intensified as users questioned Discord's decision to introduce broader age checks shortly after a breach involving a former third-party age verification partner exposed government IDs belonging to around 70,000 Discord users. Critics argued that this move increased risks associated with sensitive personal data, especially since the company confirmed that identity documents could still be required in certain cases under its global verification framework.
Discord's Reassurance Efforts and Ongoing Concerns
Discord attempted to reassure users by stating that most people would not need to submit government IDs, instead relying on video selfies analyzed by AI systems to estimate user age. However, this approach raised separate privacy concerns, with users questioning biometric data processing and long-term data storage. The company also suggested that behavioral signals could eventually reduce the need for age verification checks, a statement some critics interpreted as downplaying data collection risks.
Concerns grew after Discord confirmed that users appealing incorrect age assessments might still be required to submit identification documents, the same process linked to the earlier breach. In response, Savannah Badalich, Discord's global head of product policy, told The Verge that IDs shared during appeals are deleted quickly—in most cases, immediately after age confirmation.
Transparency Issues and Third-Party Partnerships
The backlash escalated when Discord briefly published and later removed a disclaimer from its age assurance FAQ that appeared to contradict earlier messaging about data storage. An archived version of the page included a note about an experiment in the UK where information was processed by Persona, a Peter Thiel-backed identity verification company, with data stored for up to seven days before deletion.
Users and digital rights groups said this disclosure raised additional questions about transparency, including Persona's role, which had not been publicly listed as a Discord partner. Discord later stated that only a small number of users participated in the UK-based experiment, which ran for less than a month and has concluded, with Persona no longer an active vendor.
Regulatory Pressure and Verification Challenges
Discord's exploration of age verification solutions appears to have followed regulatory pressure, such as Australia's under-16 social media ban and the United Kingdom's Online Safety Act (OSA), which requires platforms to implement stricter safeguards for younger users. In the UK, Discord faced added complexity, needing to prevent minors from accessing adult content and stop adults from initiating contact with minors, placing greater demands on age assurance systems.
Persona seemed to fit these regulatory expectations, having received approval under the OSA as an age verification provider for Reddit. However, concerns grew over Persona's ties to Peter Thiel and potential government access, with fears that Discord user data could be linked to facial recognition systems.
Security Research and Persona's Response
Security researchers examined Persona's systems, identifying a potential workaround to bypass age verification checks and raising concerns about exposed code that revealed extensive surveillance capabilities. Persona CEO Rick Song confirmed that the company does not hold government contracts and clarified that the product relies on publicly available records without storing user data.
In response to the controversy, Persona's chief operating officer, Christie Kim, emphasized that the company invests heavily in data security and denied ties to federal agencies. She acknowledged Thiel's Founders Fund as an investor but stated that investors have no access to Persona data and Thiel is not involved in operations.
Ongoing Trust Issues and Future Implications
For Persona, this PR nightmare comes as age verification laws gain traction globally. Despite efforts to address concerns, trust issues persist, especially given Discord's previous data breach. On social media, discussions highlighted ongoing scrutiny, with some users expressing skepticism about Persona's transparency and data handling practices.
As age verification practices continue to evolve, platforms like Discord must balance regulatory compliance with user privacy, navigating complex challenges in data protection and third-party partnerships.
