Why We Need RAVE
Statement on the Need for Government-Run Age Verification (RAVE)
Below are examples of why social media platforms and other online companies that request scans of driver’s licenses, credit card information, or other sensitive data cannot be trusted with our personal information.
These examples come directly from the biggest players in the industry—Facebook (Meta), TikTok, Twitter (X), Google, and others. Each has faced data breaches, lawsuits, or misuse of user information on a massive scale. If these billion-dollar companies with enormous resources cannot safeguard private data, how can we possibly expect thousands of smaller websites—many of which will soon be required to implement age verification—to handle it responsibly?
The answer is simple: we can’t.
The only safe and sensible way to do online age verification is through a government agency. Unlike private companies, the government already has the necessary information and the infrastructure to handle it. No extra personal data needs to be collected, scanned, or stored.
The natural choice is the Secretary of State’s office. They already manage driver’s licenses and identification records. All that would be required is adding a single new field to their database for an Age Verification Number (AVN). With this approach:
· No driver’s license scans are stored on random websites.
· No credit card information is misused or leaked.
· No new personal data needs to be handed over.
· Every Illinois resident would have a secure, government-issued AVN they can use safely and privately across the internet.
If the “big guys” can’t be responsible with our private data, then the solution isn’t to multiply the risk by handing over our IDs to every website under the sun. The solution is GAVE: Government Age Verification for Entry—simple, safe, and secure.
Major Social Media Privacy Violations & Legal Actions
Meta (Facebook / Instagram / WhatsApp)
Cambridge Analytica Settlement (2023) – Meta agreed to a $725 million class-action settlement over misuse of up to 87 million user profiles without consent. Payments are now being distributed to eligible users.
o The Sun
o Reuters
FTC Penalty (2019) – Meta paid a record-breaking $5 billion fine for privacy violations including data sharing, facial recognition misuse, and misleading privacy practices.
Shareholder Lawsuit (2025) – An $8 billion settlement was reached with shareholders in a suit against Zuckerberg and other executives over privacy mismanagement tied to Cambridge Analytica.
o AP News
Instagram Children's Privacy (2022) – Meta was fined €405 million by EU regulators for improperly exposing minors’ data.
WhatsApp Transparency Violations (2021) – Meta was fined €225 million by EU authorities over privacy infractions in user data handling.
Twitter (X)
Privacy Violation Fine (2022) – Twitter paid $150 million to settle FTC and DOJ charges for misleading users on how 2FA (phone/email) data would be used—they later used it for targeted ads.
Snapchat
FTC Deception Settlement (2014) – Snapchat settled with the FTC for misleading users on disappearing message privacy and improperly collecting contact data.
o TIME
YouTube (Google)
COPPA Violation Penalty (2019) – Google/YouTube paid a combined $170 million ($136M FTC + $34M NY AG) for illegally collecting children’s personal data without parental consent.
Recent Class-Action Settlement (2025) – Google agreed to a $30 million settlement to compensate families whose children’s data was misused, even after earlier enforcement.
o Reuters
Data Scrape Leak (2021) – Personal data tied to over 700 million users was scraped and posted for sale. LinkedIn clarified that the data was scraped—not breached—but the scale of exposure remains significant.
TikTok
UK ICO Fine (2023) – TikTok was fined £12.7 million (~$16M) for unlawfully processing data of about 1.4 million under-13 users.
o ICO
EU Violation Fine (2023) – TikTok also faced a €345 million GDPR fine over failures in protecting child users’ data and content visibility.
Discord
Support Vendor Breach (2023) – A support agent’s compromised account exposed approximately 180 users’ emails and support ticket contents.
o StrongDM
Twitch
Source Code Leak (2021) – A hacker published 125 GB of Twitch’s source code and creator payout data online.
o Axios
2025 Follow-Up Incident – Another major leak re-exposed internal documents and source code for Twitch’s platform.
(Disclaimer: RAVE is currently only a proposal. No bill has yet been introduced.)