Loading...
New laws require adult sites to verify that a person is over 18 before allowing them access to porn. They don't, however, allow adult sites to handle this themselves; they require them to use third-party companies to process transactions, which often leads to system vulnerabilities.
But more than just the risk of being hacked, there are other issues, such as complying with the EU's privacy laws while still complying with the country's age-verification law. Let's just say it's a delicate balancing act, especially when the laws often contradict each other.
That's what is going on with Yoti.
Spain’s data protection authority has fined the British identity verification company Yoti Ltd €950,000 ($1,086,894) after finding multiple violations of the European Union’s data protection rules in its Digital ID application.
The enforcement action was issued by the Agencia Española de Protección de Datos, commonly known as AEPD. The resolution was signed by AEPD president Lorenzo Cotino Hueso and published under file reference EXP202317887.
According to the authority, the company violated several provisions of the General Data Protection Regulation in the operation of its Digital ID application, including rules governing biometric data, user consent, and data retention.
The penalties were divided across three separate violations. Spain imposed a €500,000 ($572,000) fine for unlawful processing of biometric data under Article 9 of the GDPR. A second fine of €200,000 ($228,000) was issued for invalid consent practices related to research and development processing under Article 7. The third penalty, €250,000 ($286,000), was imposed for excessive retention of personal data in breach of the storage limitation principle in Article 5.1(e).
Alongside the financial sanctions, the regulator ordered Yoti to implement corrective measures within six months after the decision becomes final.
Yoti provides age-verification and digital-identity tools used by online platforms across multiple countries. The company, registered in the United Kingdom, reported revenue of €15,029,907 ($17,195,706) as of March 2025, a figure that regulators use when determining the scale of penalties.
The enforcement action centers on Yoti’s Digital ID application, which allows users to create a verified identity account by uploading a government-issued identity document and taking a selfie.
According to documents submitted during the investigation, the app uses deep neural networks to estimate a user’s age. The facial image is converted into pixel values and processed through layers of mathematical nodes, producing an age estimate typically within 1 to 1.5 seconds.
Yoti offers several age verification methods to business clients, including facial age estimation, document verification, credit card checks, mobile number verification, and database lookups. The company also provides electronic identity integrations used in countries such as Switzerland, Denmark, and Finland, as well as support for U.S. mobile driving licenses.
In most client integrations, platform operators act as data controllers while Yoti functions as a processor. Within the Digital ID app itself, however, Yoti acts as the controller responsible for the processing.
Spanish regulators previously fined FC Barcelona €500,000 ($572,000) for failing to conduct a data protection impact assessment related to the biometric identification of club members. The authority also imposed a €1.8 million ($2,059,378) fine on AENA over facial recognition deployments at airports.
Across Europe, regulators are increasing scrutiny of digital identity systems used for age verification and online access control. Guidance issued by the European Data Protection Board has emphasized that age assurance technologies must use the least intrusive method possible and avoid creating additional tracking or profiling risks.
The Yoti ruling signals that regulators will closely examine how biometric systems are designed, particularly when they involve children or generate persistent identity templates.
But to be honest, we are likely to see fines like this again in the future with Yoti and other age verification providers, as age verification compliance laws often conflict with privacy laws.
© 2026 NSFW.Army. All Rights Reserved
