Providing age verification does not require a record of the purpose for which an age check is carried out.
In medicine, a “double-blind clinical trial” is one where neither the researchers nor the patient are aware of whether the latter has had a real drug or a placebo. A double-blind approach is applied to age checks, where the age-restricted website is not given any information about the identity of the user, and the age verification provider records no data about the identity of the website seeking to confirm a user’s age.
No certified AV provider is permitted to create or retain a list of the sites any individual customer has accessed – in fact, to do so would be asking for trouble as it would make such a database an attractive target for hackers. The best way to prevent data being hacked (and arguably the only way) is not to create a store of data in the first place, so age verification providers avoid doing so.
In the light of previous data breaches, the age-restricted sites will not want to use age verification providers which put their clients’ personal data at risk. Providers who cannot provide guarantees of this will not be successful in the market. And the only guarantee that will be convincing is to design systems that simply do not record any data about the online behaviour of users in the first place.