Online Security Law Overlooks Protection for Personal Information Privacy
The UK's Online Safety Act, which came into effect on July 25, 2025, mandates that age verification checks must be conducted using secure, safe, and proportionate methods that protect user privacy. This means platforms must confirm user age without unnecessarily storing sensitive personal information.
The Act outlines several key data security measures for age verification. Platforms must use secure methods such as facial scans, official photo ID, credit card checks, bank or mobile provider checks, and similar robust identity verification tools. Personal data collection must be minimal and justified only if absolutely necessary. For instance, age estimation technologies estimate age without storing images or personal identifiers.
Services must comply with the UK’s data protection laws and the Information Commissioner's Office (ICO) principles, focusing on data minimization and secure handling in the context of age assurance. Misuse or poor protection of personal data can lead to heavy penalties by Ofcom, the regulator enforcing the Act.
Age verification processes must avoid sharing detailed personal information with websites; instead, verification operates through third-party services that simply confirm whether the user is over the required age without disclosing sensitive data.
While many UK residents are using VPNs to circumvent the age verification requirements of the OSA, it's important to note that VPN services can be used for legal recreational purposes, such as accessing a service from another country or protecting online security and privacy.
However, the OSA does not include any requirements for businesses to ensure that users' personal data is kept secure. This leaves the onus on the end user to ensure their personal data is kept safe.
In May 2024, it was revealed that nearly 70% of UK MPs had their personal information leaked on the dark web, highlighting the importance of data security. More guidance regarding the safety and security of UK citizens' personal data is expected in the coming weeks.
Consuming pirated content that is paid-for is not endorsed or approved by Future Publishing. Prices for a two-year subscription of NordVPN start from £2.31 / $2.91 per month, and the service is considered the best VPN for most people, offering rock-solid security, excellent speeds, and great unblocking performance.
In case of concerns that an age verification company has not complied with GDPR, OFCOM may refer companies to the Information Commissioner's Office (ICO). While some age verification companies delete user data once their age has been verified, this may not be the case for all services. It's crucial to research and choose age verification services that prioritize user privacy and data security.
[1] UK Government. (2025). Online Safety Bill: Explanatory Notes. Retrieved from https://www.gov.uk/government/publications/online-safety-bill-explanatory-notes/online-safety-bill-explanatory-notes
[2] UK Government. (2025). Online Safety Bill: Code of Practice. Retrieved from https://www.gov.uk/government/publications/online-safety-bill-code-of-practice/online-safety-bill-code-of-practice
- The UK's Online Safety Act, which focuses on data security measures in age verification, suggests that platforms can use technology like facial scans, data-and-cloud-computing tools, and third-party services for robust identity verification, while minimizing personal data collection.
- In the context of cybersecurity, the code of practice issued by the UK Government for the Online Safety Act emphasizes adherence to the Information Commissioner's Office principles, ensuring secure handling, data minimization, and prioritizing user privacy in the sphere of data-and-cloud-computing and crime-and-justice (age verification processes).
