Spotify introduces facial age checks in UK

Change has prompted user backlash and piracy fears

Spotify has started to enforce age verification to comply with the Online Safety Act. Some UK users are not happy about it.

Spotify has become the latest major tech platform to enforce age verification checks in the UK under new rules brought in by the government's Online Safety Act.

The Online Safety Act now mandates that all websites and apps hosting potentially harmful or adult-oriented content, including topics such as pornography, self-harm, eating disorders, and suicide, must implement "highly effective" measures to verify users are over 18.

The legislation, enforced by Ofcom, covers a wide range of digital services including social media platforms, search engines, gaming platforms, and music streaming services.

Spotify, known primarily for its music and podcast library, has now joined the ranks of services like Xbox, Discord, and Reddit in rolling out age checks.

"You may have to confirm your age by going through an age assurance process. For example, if you attempt to watch a music video that has been labelled 18+ by the rightsholder for that video, Spotify may serve a prompt to confirm your age," the company says.

It has partnered with digital identity firm Yoti, which uses facial recognition technology and other tools to assess a user's age. In cases where facial scans suggest a user may be underage, Spotify may request an official ID such as a passport or driving license. If a user cannot or will not verify their age, Spotify warns that "your account will be deactivated and eventually deleted."

Users whose accounts are wrongly flagged for age verification will have 90 days to restore access.

"If your account was deactivated due to an inaccurate age estimation, you can look for the email in your inbox which allows you to reactivate your account within 90 days of deactivation and then go through ID verification," the company said.

"If we still can't confirm you're old enough to use Spotify, or if no action is taken within 7 days of reactivation, your account will be permanently deleted."

Yoti claims that all biometric data used for these verifications is encrypted and automatically deleted once checks are complete. However, the reassurance has done ease the concerns of some users, with many expressing alarm over what they perceive as intrusive surveillance.

Some users on Reddit raised concerns about the potential misuse of facial data. A growing number of users are also pointing out potential workarounds, notably, using VPNs to mask their location and sidestep the UK-specific regulations.

Several free VPN apps have climbed the UK App Store charts in recent days, despite Spotify officially stating that its service "isn't designed to work with VPNs."

A minority of users are now openly threatening to return to piracy. Some users suggested they would rather download music illegally than submit to what they view as invasive checks.

The Spotify rollout represents a key test case in how age verification will play out across a wide range of online services.

Last month, the European Commission unveiled a set of guidelines and a prototype for an age verification app designed to create a safer online space for children across the EU. The new guidelines provide a framework for online platforms to follow to ensure that children enjoy high levels of privacy, safety, and security online.