Momentum General Secretary proposes device-level solution to protect children online

Momentum General Secretary Mark Camilleri Gambin has published a technical proposal offering an alternative to age verification systems currently being considered by governments worldwide to protect children on social media.

The paper, authored by General Secretary Mark Camilleri Gambin in his role as Deputy Secretary-General of the European Democratic Party, outlines a privacy-preserving solution that relies on device-level operating system signals rather than Digital IDs or government document uploads.

“Many of the solutions currently under discussion almost always involve digital IDs or intrusive age verification systems, with the risk of turning child protection into a surveillance nightmare,” Camilleri Gambin writes in the paper.

The proposal centres on a simple idea that children typically do not purchase their own smartphones. Instead, parents handle the buying process and initial device setup, creating a natural control point for implementing safeguards.

In the paper, it is explained that during initial device setup, the operating system would offer a hard-coded option asking whether the device is for a minor. If “yes” is selected, a flag is set deep within the OS, locked behind a parent-controlled password or biometric key that cannot be bypassed through a factory reset.

Camilleri explains that when a user visits social media platforms like Facebook, TikTok, or Instagram, the site executes a request similar to how websites currently request location data. The browser would intercept this request, query the operating system’s localised settings, and return a binary token indicating whether the user is a minor.

“No name. No date of birth. No government ID number. Just a binary 1 or 0 processed locally on the device,” the paper states.

Camilleri Gambin, who works as a software professional, emphasises that the infrastructure for this solution already exists within Apple’s “Screen Time” framework and Google’s “Family Link” features. These are currently closed systems used only by the tech giants themselves.

His proposal calls on legislation to force operating system manufacturers to expose this status information through a standard API accessible to third-party developers and websites.

The paper acknowledges that browser vendors could implement such features quickly when legal compliance demands it, without waiting years for global consensus from web standards bodies like the W3C.

Since the solution relies on an active API request rather than a passive header that automatically sends data, Camilleri says that privacy is preserved. He points out that random websites would not receive this data unless they specifically request it and browser policy allows it, and no central government database would hold lists of verified children.

The proposal by Camilleri recommends that European regulation should mandate that operating system manufacturers expose a secure “minor flag” API, and that social platforms must query this API before allowing account interaction.

Momentum and the European Democratic Party believe this approach puts control back in the hands of parents at the point of purchase, whilst avoiding the privacy risks associated with Digital ID systems.​​​​​​​​​​​​​​​​