In the rush to shield the young from the seductions and snares of social media, governments risk exposing everyone else to greater perils. Indonesia began barring under-16s from major platforms in late March, with Malaysia enforcing similar rules from June 1st. These Southeast Asian measures follow Australia’s pioneering ban in December 2025. What began as a well-intentioned effort to protect developing minds now threatens to erode the privacy of millions of adults in an era of rampant data breaches and expanding surveillance.
The impulse is understandable. Decades of near-universal teenage smartphone adoption have coincided with documented rises in anxiety, depression, cyberbullying, and distorted self-image, particularly among girls. Longitudinal studies and official reports link excessive use—often several hours daily—to disrupted sleep, addiction-like behaviours, and exposure to harmful content. Policymakers in Canberra, Jakarta, and Kuala Lumpur argue that platforms’ profit-driven designs exacerbate these vulnerabilities during critical years of brain development. Many experts agree the concerns are grounded in evidence, though causation remains complex and individual circumstances vary.
Yet the remedy—enforcing minimum ages through robust verification—carries profound collateral damage. Platforms must now distinguish children from adults across vast user bases. Self-declaration is insufficient; regulators demand “reasonable steps,” which in practice means government-issued IDs, electronic Know-Your-Customer (eKYC) processes, facial scans, or biometric analysis. Indonesia has pressed tech giants for compliance and account deactivations. Malaysia’s Online Safety Act requires systems for platforms with millions of users, with significant fines for lapses. Australia set the template, normalising demands that extend far beyond minors.
The privacy implications ripple outward. Every adult seeking to maintain or create an account may face demands for sensitive documents or live selfies analysed by age-estimation algorithms. This creates permanent digital footprints: immutable personal data stored by private firms, often in jurisdictions with varying security standards. In a world already scarred by high-profile breaches, the incentives for hackers are obvious. Stolen IDs or biometrics enable identity theft, financial fraud, stalking, or blackmail on a grand scale. Critics, including civil liberties groups, warn of “surveillance creep”—the normalisation of mass identity checks that governments or platforms could repurpose.
Data minimisation offers little comfort. Even privacy-preserving technologies—on-device processing or zero-knowledge proofs—struggle at scale and often fall back on centralised collection. Marginalised users without easy access to official documents risk exclusion from public discourse. Anonymity, once a cornerstone of online expression, erodes. In authoritarian-leaning contexts, such systems could chill dissent or enable tracking of political opponents. Even in democracies, the precedent is troubling: trading liberty for purported safety.
Enforcement realities amplify the risks. Teenagers, resourceful as ever, may turn to VPNs, shared devices, or black-market verification, rendering bans porous while adults endure routine scrutiny. Platforms face costly compliance burdens, which they may pass on through broader data practices. Malaysia has noted alarms over government-ID requirements; Indonesia acknowledges implementation challenges. Australia’s experience already reveals verification inaccuracies and user frustration.
Broader questions loom. Dozens more countries—across Europe, Asia, and beyond—are studying or advancing similar rules. The trend reflects a philosophical shift: from parental responsibility and platform self-regulation toward state-mandated identity infrastructure. Yet evidence on bans’ long-term efficacy remains thin. Benefits for youth mental health may prove modest if problems merely migrate elsewhere, while societal costs mount in lost privacy and innovation.
Policymakers must confront an uncomfortable truth. Protecting children need not require universal identity checkpoints that treat every user as suspect. Alternatives—stricter design rules curbing addictive features, better parental tools, digital literacy, and targeted safeguards—could achieve more without creating vast new repositories of sensitive data. Age estimation without full identification, though imperfect, merits priority over blanket demands.
The Southeast Asian adoptions, building on Australia’s lead, crystallise a global dilemma. In the name of safeguarding the young, societies risk forging digital cages for all. The experiment’s true test lies not only in reduced teenage screen time but in whether adults retain control over their personal information amid heightened cyber threats and governmental reach. History suggests that surveillance tools, once deployed, prove difficult to retract. The world should weigh the digital cradle’s guardrails carefully—lest they become bars for everyone.
