There is a critically important difference between facial age estimation and facial recognition.
For facial age estimation, there is no need – or indeed any legal basis – to retain a copy of the image that is analysed to estimate your age. So you supply a selfie, the artificial intelligence compares it to patterns found in photos of thousands of other volunteers who have also supplied their actual age, and estimates your age by looking for similarities. As soon as that estimate is created, which takes less than a second, the selfie can – and legally should – be deleted.
It is against the law, under UK GDPR, for an age verification provider to ask you for a photo for the purposes of estimating your age, and then keep it for any other purpose unless you give clear and explicit consent.
So no images are stored as a result of facial age estimation.
Facial recognition is quite separate. That is about using your face as a password. If a biometric feature is to be used as a key to unlock a previously determined record of your age, then enough unique data points need to be stored to allow for the user to prove they are the same person. This data can be stored locally on a device, or encrypted before being stored centrally, but again only accessible with a digital key controlled by the user themselves.
You may already do this to unlock your phone – in which case a copy of your facial image is stored on the phone, so it can be compared to your face each time you want to use the device. In age verification, some services do make use of facial recognition so you can unlock an age check you have done previously, prove it is still the same person who was verified before, and save you the need to prove your age again. That reference image can be stored on your phone, or in the “cloud” but in a part of this online storage that only you can access from your own phone. Or the image is highly encrypted in a way that means it only allows for comparisons, and the reference image can’t be viewed as a photo and used for some other purpose. Whatever approach is used, AV providers need to demonstrate it is secure.
But the most important thing to remember is that facial images you supply for age estimation can only legally be used for that purpose and must be deleted as soon as the estimate is complete unless you agree otherwise.
What is never required is a central database of photos with names, addresses and dates of birth. That is simply asking for trouble, and no AV provider would be certified if they created such a high risk situation.