For the CNIL, age control on pornographic sites does not conflict with the GDPR.
After months of legal battle, the age control on pornographic sites was finally validated a few months ago by ARCOM, the result of the merger between the CSA and Hadopi. Some sites had already bowed to pressure, others were waiting for the deadline to comply with the new regulations. For all the critics of the project, the opinion of the CNIL was particularly awaited, the organization having the necessary authority to slow down the deployment of the device age verification in the event of a proven breach of privacy.
The CNIL is not opposed to age verification
Today, several solutions are already available to control the identity of an Internet user. Some sites thus offer to enter a valid credit card number, to take a selfie, to scan their identity card, or to opt for an AgeVerif ticket, available in tobacconists. So many resources for prove the majority of a person, but which can be very easily circumvented.
The solution is therefore far from 100% reliable, but it has just been validated by the CNIL. This week, the International Commission on Computing and Freedom has just delivered its verdict on identity verification on pornographic sites. The organization does not object to the various means put in place, but recommends finding a more reliable alternative, perhaps by combining several already existing methods such as facial recognition and the scan of an identity document.
There is also the issue of data theft. On this subject, the CNIL proposes in particular to go through certified companies that could attest to data protection that they exploit. The latter could thus recover the proof of identity requested by pornographic sites, while ensuring that privacy and the GDPR are respected. It remains to be seen whether the implementation of such a device will not be too complicated in practice.