Comment by stevenjgarner

Looking at actual data regarding Australia's landmark legislation setting a minimum age of 16 for social media access with enforcement starting on December 10, 2025 indicates weakened data protection. The Australian data suggests that while the legislation has successfully cleared the decks of millions of underage accounts (4.7 million account deactivations together with increased VPN usage and "ghost" accounts to bypass restrictions), it has simultaneously forced platforms to rely on third-party identity vendors, with the following failures so far:

1) Persona (Identity Vendor) Exposure (Feb 20, 2026): researchers discovered an exposed frontend belonging to Persona, an identity verification vendor used by platforms like Discord. This system was performing over 260 distinct checks, including facial recognition and "adverse media" screening, raising massive concerns about the scope creep of age verification.

2) Victorian Department of Education (Jan 2026): a breach impacting all 1,700 government schools exposed student names and encrypted passwords. This is a primary example of how child-related data remains a high-value target.

3) Prosura Data Breach (Jan 4, 2026): this financial services firm suffered a breach of 300,000 customer records.

4) University of Sydney (Dec 2025): a code library breach affected 27,000 people right as the new legislation was rolling out.