Advice regarding Age Verification Mechanisms and Privacy Risks for Social Media Regulation
Joshua Riley made this Official Information request to Department of Internal Affairs
Response to this request is delayed. By law, Department of Internal Affairs should normally have responded promptly and by (details and exceptions)
From: Joshua Riley
To: Department of Internal Affairs
I am writing to request information under the Official Information Act 1982 regarding the proposed legislation to restrict social media access for users under the age of 16.
Specifically, I am requesting copies of all advice, briefings, cabinet papers, or aides-mémoire provided to you or your office regarding the technical implementation of age verification, specifically covering the period from October 1, 2024, to present.
I request the following specific information:
1. Device-Based vs. Provider-Based Verification: Any documents outlining the comparative analysis between "Device-Based/OS-Level" verification (using Apple/Google APIs) versus "Provider-Based" verification (requiring platforms like Meta/TikTok to verify users).
Specific interest: I am seeking information on why the "Device-Based" model was rejected or not mandated, given its superior privacy characteristics.
2. Privacy Impact of ID Uploads: Any advice received regarding the privacy risks of the "Provider Liability" model, specifically concerning the likelihood of social media platforms requiring government ID uploads or facial biometrics from New Zealand adults and children to ensure compliance.
3. Australian Consultation: Any correspondence with the Australian Government or eSafety Commissioner regarding the privacy implications of their Online Safety Amendment (Social Media Minimum Age) Bill 2024, specifically regarding the use of third-party identity brokers (e.g., Yoti, k-ID).
From: Aakaansha Lal
Department of Internal Affairs
Kia ora Joshua,
Please see the attached response for your OIA request below
Ngā Mihi,
Aakaansha Lal | Advisor, Ministerial and Official Correspondence
Ministerial Monitoring Group | Policy and Te Tiriti
Te Tari Taiwhenua | Department of Internal Affairs
45 Pipitea Street|PO Box 805, Wellington 6140, New Zealand
-----Original Message-----
From: Joshua Riley <[FOI #33250 email]>
Sent: Saturday, 13 December 2025 8:04 pm
To: OIA <[DIA request email]>
Subject: Official Information request - Advice regarding Age Verification Mechanisms and Privacy Risks for Social Media Regulation
[You don't often get email from [FOI #33250 email]. Learn why this is important at https://aka.ms/LearnAboutSenderIdentific... ]
To: Department of Internal Affairs
I am writing to request information under the Official Information Act 1982 regarding the proposed legislation to restrict social media access for users under the age of 16.
Specifically, I am requesting copies of all advice, briefings, cabinet papers, or aides-mémoire provided to you or your office regarding the technical implementation of age verification, specifically covering the period from October 1, 2024, to present.
I request the following specific information:
1. Device-Based vs. Provider-Based Verification: Any documents outlining the comparative analysis between "Device-Based/OS-Level" verification (using Apple/Google APIs) versus "Provider-Based" verification (requiring platforms like Meta/TikTok to verify users).
Specific interest: I am seeking information on why the "Device-Based" model was rejected or not mandated, given its superior privacy characteristics.
2. Privacy Impact of ID Uploads: Any advice received regarding the privacy risks of the "Provider Liability" model, specifically concerning the likelihood of social media platforms requiring government ID uploads or facial biometrics from New Zealand adults and children to ensure compliance.
3. Australian Consultation: Any correspondence with the Australian Government or eSafety Commissioner regarding the privacy implications of their Online Safety Amendment (Social Media Minimum Age) Bill 2024, specifically regarding the use of third-party identity brokers (e.g., Yoti, k-ID).
-------------------------------------------------------------------
This is an Official Information request made via the FYI website.
Please use this email address for all replies to this request:
[FOI #33250 email]
Is [DIA request email] the wrong address for Official Information requests to Department of Internal Affairs? If so, please contact us using this form:
https://fyi.org.nz/change_request/new?bo...
Disclaimer: This message and any reply that you make will be published on the internet. Our privacy and copyright policies:
https://fyi.org.nz/help/officers
If you find this service useful as an Official Information officer, please ask your web manager to link to us from your organisation's OIA or LGOIMA page.
-------------------------------------------------------------------
hide quoted sections
From: minadviceteam
Department of Internal Affairs
Kia ora Joshua,
Please see the attached response for your OIA request below.
Ngā Mihi,
Ministerial Monitoring Group | Policy and Te Tiriti
Te Tari Taiwhenua | Department of Internal Affairs
45 Pipitea Street|PO Box 805, Wellington 6140, New Zealand
-----Original Message-----
From: Joshua Riley <[1][email address]>
Sent: Saturday, 13 December 2025 7:59 pm
To: Erica Stanford (MIN) <[2][email address]>
Subject: ESOIA840 | Official Information request - Advice regarding Age
Verification Mechanisms and Privacy Risks for Social Media Regulation
Dear Erica Stanford,
I am writing to request information under the Official Information Act
1982 regarding the proposed legislation to restrict social media access
for users under the age of 16.
Specifically, I am requesting copies of all advice, briefings, cabinet
papers, or aides-mémoire provided to you or your office regarding the
technical implementation of age verification, specifically covering the
period from October 1, 2024, to present.
I request the following specific information:
1. Device-Based vs. Provider-Based Verification: Any documents outlining
the comparative analysis between "Device-Based/OS-Level" verification
(using Apple/Google APIs) versus "Provider-Based" verification (requiring
platforms like Meta/TikTok to verify users).
Specific interest: I am seeking information on why the "Device-Based"
model was rejected or not mandated, given its superior privacy
characteristics.
2. Privacy Impact of ID Uploads: Any advice received regarding the privacy
risks of the "Provider Liability" model, specifically concerning the
likelihood of social media platforms requiring government ID uploads or
facial biometrics from New Zealand adults and children to ensure
compliance.
3. Australian Consultation: Any correspondence with the Australian
Government or eSafety Commissioner regarding the privacy implications of
their Online Safety Amendment (Social Media Minimum Age) Bill 2024,
specifically regarding the use of third-party identity brokers (e.g.,
Yoti, k-ID).
-------------------------------------------------------------------
This is an Official Information request made via the FYI website.
Please use this email address for all replies to this request:
[3][email address]
Is [4][email address] the wrong address for Official
Information requests to Erica Stanford? If so, please contact us using
this form:
[5]https://urldefense.com/v3/__https://fyi....
Disclaimer: This message and any reply that you make will be published on
the internet. Our privacy and copyright policies:
[6]https://urldefense.com/v3/__https://fyi....
If you find this service useful as an Official Information officer, please
ask your web manager to link to us from your organisation's OIA or LGOIMA
page.
-------------------------------------------------------------------
--------------------------------------------------------------------------
DISCLAIMER:
This email and any attachments may contain information that is
confidential and subject to legal privilege. If you are not the intended
recipient, any use, dissemination, distribution or duplication of this
email and attachments is prohibited. If you have received this email in
error please notify the author immediately and erase all copies of the
email and attachments. The Ministry of Education accepts no
responsibility for changes made to this message or attachments after
transmission from the Ministry.
--------------------------------------------------------------------------
DISCLAIMER:
This email and any attachments may contain information that is
confidential and subject to legal privilege. If you are not the intended
recipient, any use, dissemination, distribution or duplication of this
email and attachments is prohibited. If you have received this email in
error please notify the author immediately and erase all copies of the
email and attachments. The Ministry of Education accepts no
responsibility for changes made to this message or attachments after
transmission from the Ministry.
References
Visible links
1. mailto:[email address]
2. mailto:[email address]
3. mailto:[email address]
4. mailto:[email address]
5. https://urldefense.com/v3/__https:/fyi.o...
6. https://urldefense.com/v3/__https:/fyi.o...
hide quoted sections
From: Joshua Riley
Thank you for your response dated 12 February 2026 (Ref: OIA 2526-0812).
I note that you have refused this request under section 18(e) by referring to a previous response (OIA 2526-0676).
I am writing to specifically challenge the refusal of Part 3 of my request ("Australian Consultation").
1. Scope of Transfer vs. Scope of Search
You noted that this request was transferred from the Office of Hon Erica Stanford. However, the Minister's transfer correspondence explicitly stated that only Parts 1 and 2 (Technical Implementation and ID Uploads) were being transferred to the relevant agencies.
Part 3 (Australian Consultation) was not part of the formal transfer directive. As such, it appears possible that your office has included the text of Part 3 in your acknowledgment letter but has not actually conducted a search for it, relying instead on the previous refusal for Parts 1 and 2.
2. DIA’s Specific Mandate
The Department of Internal Affairs houses the Digital Safety Team and manages the relationship with the Office of Film and Literature Classification. These are the direct New Zealand counterparts to the Australian eSafety Commissioner.
It is highly probable that the DIA Digital Safety Team has received correspondence, briefings, or "FYI" notes regarding the Australian Online Safety Amendment (Social Media Minimum Age) Bill 2024, even if DIA is not the lead policy agency for the NZ equivalent.
3. Request for Specific Search
Please consider this a clarification of the request:
I am requesting that you specifically query the Digital Safety Team regarding Part 3.
Have they had any correspondence with the Australian eSafety Commissioner (Julie Inman Grant) or the Australian Government regarding their recent age verification legislation?
If you continue to refuse Part 3 under section 18(e), please confirm that the Digital Safety Team was specifically consulted on this question and confirmed they hold no records of any kind (including emails) regarding the Australian legislation.
I look forward to your confirmation.
Things to do with this request
- Add an annotation (to help the requester or others)
- Download a zip file of all correspondence (note: this contains the same information already available above).
Offensive? Unsuitable?
Requests for personal information and vexatious requests are not considered valid requests for Official Information (read more).
If you believe this request is not suitable, you can report it for attention by the site administrators
Report this requestAct on what you've learnt
Similar requests
Advice regarding Age Verification Mechanisms and Privacy Risks for Social Media Regulation
To Erica Stanford by Joshua Riley
Advice regarding Age Verification Mechanisms and Privacy Risks for Social Media Regulation
To Paul Goldsmith by Joshua Riley
