• stumpelrilzchen@feddit.orgBanned from community
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    1
    ·
    edit-2
    4 days ago

    Since I am not inclined to spend my day on reading a 150+ pages report, I downloaded the document and did two things to it.

    First, I scanned for interesting key words, particularly on ID. This was the only relevant result:

    Age-assurance methods – both age verification or age estimation – must be proportionate and uphold minimum requirements, notably concerning the fundamental rights of users, including children’s rights and related safeguards. Any method employed to check age should uphold the highest privacy and data protection standards, and should not lead to the processing of identity documents and biometric data for the purpose of age estimation. Technical standards such as ‘Zero Knowledge Proof’ should be implemented to ensure that both the platform required to assess the age and the age verification provider do not receive any information that can lead to the tracking or identification of the user.

    While one may be skeptical whether lawmakers will actually follow this recommendation, the document says the opposite of what OP claims, i.e. no processing of ID documents.

    I also had local AI (Llama 3.1 8B Q4) comb through the document. Here’s what it got me. TL;DR: again, no mention of ID requirements.

    The document mentions the following points related to identifying users online:

    1. Consent for minors: The report notes that it may be difficult to validate that an individual providing consent on behalf of a child has the legal authority to do so.
    2. Data minimization principle: In accordance with this principle, controllers should only process necessary data and avoid processing sensitive personal information (such as documents indicating care arrangements) unless absolutely necessary.

    However, there is no explicit mention of ID requirements for using specific services or gaining internet access in general. The report does discuss the importance of evaluating the operational performance of Article 40 data access and scrutiny requirements to ensure online platforms follow up on requests, but it doesn’t provide details about user identification procedures.

    It’s worth noting that the General Data Protection Regulation (GDPR) is mentioned as a reference for understanding what constitutes an Information Society Service, which includes apps, social media platforms, search engines, etc. However, this does not directly relate to ID requirements or access restrictions for internet services in general.