In some jurisdictions, Bluesky may require you to verify your age using methods including uploading a government ID or a facial scan; Bluesky states it does not retain biometric data itself, but this data is processed by third-party vendors.
This analysis describes what Bluesky's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Facial scans and government ID images are among the most sensitive categories of personal data, and while Bluesky states it does not retain this data, the processing occurs through third-party vendors whose own retention and handling practices are governed by their separate privacy policies.
Interpretive note: The specific third-party vendors used for age verification are not named in the policy, and their independent data retention and processing practices are unknown from this document alone.
Users in jurisdictions where age verification is required may need to submit a facial scan or government-issued ID to a third-party service to access certain Bluesky features; the policy states Bluesky does not retain this biometric data, but users should review the relevant third-party vendor's privacy policy for their own retention and use practices.
How other platforms handle this
YOU MUST BE AND HEREBY AFFIRM THAT YOU ARE AN ADULT OF THE LEGAL AGE OF MAJORITY IN YOUR COUNTRY OR STATE OF RESIDENCE. If you are under the legal age of majority, your parent or legal guardian must consent to this agreement.
We rely upon you to obtain any consents from your friends and contacts that may be required by law to allow us to access, upload, and use their personal information for this purpose. You or your friends or contacts may reach us at privacy@draftkings.com to request the removal of this information fro...
Replit is not directed to children under the age of 13. If you are under 13 years of age, you are not permitted to use the Services. If we learn that we have collected Personal Information from a child under age 13, we will take steps to delete such information from our files as soon as possible.
Monitoring
Bluesky has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Third Party Age or Identity Verification. Where required by law, Bluesky may use third-party services to verify that you are old enough to access certain features or content. This verification may involve one or more of the following methods, depending on your jurisdiction and availability: Government ID Verification: Uploading an image of a government-issued ID, which is checked for authenticity. Facial Age Estimation: Uploading a selfie or real-time facial scan used to estimate age via machine learning technology. You will be able to choose from among available jurisdiction-specific options based on your preference. We do not retain any biometric data or facial images provided to third-party age verification vendors.— Excerpt from Bluesky's Bluesky Privacy Policy
(1) REGULATORY LANDSCAPE: Facial age estimation and government ID processing constitute special category or sensitive data processing under GDPR Article 9 and equivalent provisions in UK GDPR, Brazil's LGPD, and Illinois BIPA. State-level age verification laws in the US (including those in Texas, Utah, and Louisiana) and the UK's Age Appropriate Design Code create the legal obligation context. COPPA is relevant for users under 13. The FTC and relevant state Attorneys General have enforcement authority over biometric data mishandling in the US. (2) GOVERNANCE EXPOSURE: High. Processing of facial scans and government IDs via third-party vendors involves a high-risk processing activity under GDPR Article 35, likely requiring a Data Protection Impact Assessment. The policy's assurance that Bluesky does not retain biometric data does not address what the third-party vendor retains, for how long, or under what terms, creating a transparency and accountability gap. (3) JURISDICTION FLAGS: Illinois BIPA creates heightened exposure for facial scan processing involving Illinois residents, as it imposes informed written consent requirements and private right of action. Texas CUBI and Washington's My Health MY Data Act may also be relevant depending on vendor location. EU and UK users are subject to GDPR/UK GDPR special category processing rules. Jurisdictions with mandatory age verification laws create compliance obligations but also trigger heightened scrutiny of the biometric processing methods chosen. (4) CONTRACT AND VENDOR IMPLICATIONS: Vendor contracts with age verification providers should be reviewed for data processing agreement compliance under GDPR Article 28, biometric data retention limits, deletion obligations, subprocessor restrictions, and liability allocation. The policy's statement that Bluesky does not retain biometric data should be confirmed in vendor contracts. Procurement teams should conduct due diligence on each verification vendor's security certifications and regulatory compliance status. (5) COMPLIANCE CONSIDERATIONS: A DPIA is likely required for facial age estimation processing under GDPR Article 35. Consent mechanisms for biometric processing should be reviewed for adequacy across all relevant jurisdictions. The policy should ideally identify or link to the specific third-party age verification vendors used so users can review applicable privacy practices. Compliance teams should also confirm that the 'choice' among verification methods is genuinely free and does not create pressure toward more invasive options.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Facial scans and government ID images are among the most sensitive categories of personal data, and while Bluesky states it does not retain this data, the processing occurs through third-party vendors whose own retention and handling practices are governed by their separate privacy policies.
Users in jurisdictions where age verification is required may need to submit a facial scan or government-issued ID to a third-party service to access certain Bluesky features; the policy states Bluesky does not retain this biometric data, but users should review the relevant third-party vendor's privacy policy for their own retention and use practices.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Bluesky.