If you've ever set up a PlayStation account or jumped through Meta's age verification hoops, there's a decent chance a third-party service quietly collected more of your personal data than you realized.
A new report has put a spotlight on the age verification provider used by both PlayStation and Meta, and the picture it paints is not flattering. The service, which both platforms rely on to confirm user ages, particularly for younger players, appears to have significant gaps in how it handles the personal data it collects during that process.
PSN age verification screen
Get up to 80% off games only on GAMES.GG
Exclusive Discounts on Games
What the verification service actually collects
Age verification sounds simple in theory. You confirm you're old enough to access a platform or certain content, and everyone moves on. The key here is that doing this at scale requires platforms to hand off sensitive identity data to a third party, and that's where things get complicated.
The service in question reportedly collects data that goes well beyond what's needed to confirm a birth year. Personal identifiers, in some cases document scans, and behavioral data all appear to flow through the system. The report flags that the data retention policies are vague, that user consent flows are confusing, and that there's limited clarity on how long this information is kept or who else can access it.
For a service sitting between millions of gamers and two of the biggest platforms on the planet, that's a significant problem.
The gap between what players expect and what's happening
Here's the thing: most players assume that when Sony or Meta asks them to verify their age, that process lives within those companies' own privacy frameworks. The reality is that a third-party vendor is doing the actual verification work, and that vendor operates under its own data policies, which may not align with what PlayStation's or Meta's privacy pages actually promise you.
What most players miss is that these handoffs are rarely explained clearly during the sign-up process. You click through a few screens, confirm some details, and move on. The data you just submitted to an external company? That part tends to get buried in terms-of-service language that almost no one reads.
This matters especially because age verification is increasingly being mandated by law across multiple regions. As more platforms are legally required to verify user ages, particularly for minors, the volume of sensitive data flowing through these third-party services is only going to grow. Getting the privacy architecture right now is not optional.
PSN privacy settings overview
Why this lands differently for gaming platforms
Age verification concerns are not new in tech broadly, but they hit differently in gaming. Platforms like PlayStation Network hold accounts tied to purchase histories, communication logs, friend lists, and in some cases years of behavioral data. When an age verification provider gets compromised or misuses data, the blast radius for a gaming account holder is wider than it would be for, say, a news site login.
Meta's situation adds another layer. With its push into VR and social gaming through the Quest platform, the company is capturing increasingly personal data about how people physically move and interact in virtual spaces. Layering a privacy-questionable age verification service on top of that infrastructure raises legitimate concerns that go beyond a leaked email address.
Regulators in the EU have been tightening scrutiny on exactly these kinds of data flows, and the momentum around digital consumer protection legislation in the US, including California's ongoing legislative activity around gaming rights, suggests that platforms leaning on opaque third-party services may face harder questions soon. You can check out game reviews on GAMES.GG to see how privacy-related features are increasingly factoring into platform assessments.
What comes next for players and platforms
Right now, neither Sony nor Meta has publicly responded to the specific findings in the report. That silence is notable given how directly the findings touch their user bases.
For players, the immediate practical reality is limited. You can't opt out of age verification if a platform requires it, and you can't control what a third-party vendor does with data once it's been submitted. What you can do is pay attention to any account security notifications, keep your platform passwords unique and strong, and watch for any official responses from Sony or Meta in the coming weeks.
The broader pressure is now on regulators and the platforms themselves. Age verification is becoming a legal requirement in more jurisdictions, which means the infrastructure behind it needs to be held to the same privacy standards as the platforms mandating it. Third-party services operating in a grey zone of vague retention policies and unclear consent flows are a liability for everyone involved.
For more context on how privacy and data practices are shaping the gaming space, the gaming guides section covers platform features and account security in detail.
If you have accounts on PlayStation Network or Meta's gaming platforms, it's worth reviewing your privacy settings and checking whether your account has two-factor authentication enabled, especially given this report's findings.
Regulators are watching this space closely. How Sony and Meta respond publicly, and whether they pressure their verification partner to tighten its practices, will say a lot about how seriously the gaming industry is taking player data privacy heading into a period of much stricter legal oversight.
