Graeme ArthurJul 23, 2025
Open Rights Group

IDs at the ready šŸŖŖ

Age assurance requirements under the UK Online Safety Act kick in this Friday.

UK users will have to hand over their sensitive data to cyber bouncers without being sure they'll protect their privacy.

ORG is calling for these age assurance providers to be regulated ā¬‡ļø

https://www.openrightsgroup.org/press-releases/org-calls-for-age-assurance-industry-to-be-regulated/

#onlinesafetyact #privacy #cybersecurity #ageverification #ageassurance #dataprotection #ukpolitics #ukpol #onlinesafety

ORG calls for age assurance industry to be regulated

Open Rights Group has warned of serious privacy and security risks for people in the UK as online platforms start to ask users to verify their age, as required by the Online Safety Act.

Open Rights Group
Jul 23, 2025 at 1:15pmWeb
Show threadOpen Rights GroupJul 23, 2025

The UK Online Safety Act requires age assurance to restrict access to porn AND any content that could be ā€˜harmfulā€™ for under 18s.

If UK users don't submit to these checks, they'll either be blocked from accessing the platform entirely, or features like DMs and certain content will be restricted.

And what amounts to 'harmful' content is open to broad interpretation.

#onlinesafetyact #privacy #cybersecurity #ageverification #ageassurance #dataprotection #ukpolitics #ukpol #onlinesafety

Show threadOpen Rights GroupJul 23, 2025

UK users have no choice with age assurance.

You must use the methods and provider picked by the platform that you're trying to access.

āŒ Providers aren't required to meet specific privacy or security standards.

āŒ Platforms don't have to choose trusted or certified providers.

You should be able to pick a provider that can be used interoperably across every platform.

#onlinesafetyact #privacy #cybersecurity #ageverification #ageassurance #dataprotection #ukpolitics #ukpol #onlinesafety

Show threadOpen Rights GroupJul 23, 2025

Millions of UK users will be asked to upload ID documents or have a biometric facial scan to check their age.

You'll do this with different providers for different platforms without a regulatory guarantee.

This multiplies the risk of phishing, sextortion, data breaches and data reuse.

#onlinesafetyact #privacy #cybersecurity #ageverification #ageassurance #dataprotection #ukpolitics #ukpol #onlinesafety

Show threadOpen Rights GroupJul 23, 2025

Age assurance is a red flag. A big one šŸš©

By not requiring regulation of the industry in the Online Safety Act, UK users are thrown into a wild west of privacy and security standards.

Sign our letter to demand the UK government regulates the industry NOW ā¬‡ļø

https://action.openrightsgroup.org/sign-open-letter-dsit-regulating-age-assurance

#onlinesafetyact #privacy #cybersecurity #ageverification #ageassurance #dataprotection #ukpolitics #ukpol #onlinesafety

Sign the open letter to DSIT on regulating age assurance

Dear Secretary of State for Science, Innovation and Technology, CC Ofcom CC ICO Age Assurance Must Be Safe, Private and Trusted We are writing to raise serious concerns about how age assurance is being implemented under the Online Safety Act. Platforms are now introducing age checks not only to restrict access to pornographic content, but also to limit access to features like direct messaging, or other forms of ā€˜harmful contentā€™ covered by the Online Safety Act in order to meet their wider legal duties.

Open Rights Group
Show threadllanciawnJul 23, 2025
@openrightsgroup You can't help believing it's more about the data than the protection.
Show threadToni AittoniemiJul 23, 2025
@openrightsgroup UK is doing age verification by private corporation?
Thatā€™s one service that needs to be state provided.
There CANNOT be a financial incentive to sell out these records.
Show threadthesofafoxJul 23, 2025
@gimulnautti @openrightsgroup while I like your initial thought process, imagine people who criticize their UK government. Instead of a private company accessing that data, now it immediately goes to the hands of the government? Sounds awful in that regard.
Show threadToni AittoniemiJul 23, 2025

@thesofafox @openrightsgroup You are thinking in libertarian terms, and also ignoring very basic facts of fascist governance.

First of all, government is the only trustworthy structure, because itā€™s the only one we have power over. We have a constitution and vote. For private companies, none of that is true.

Secondly, fascism is merging of corporation & state. Hence it being private doesnā€™t stop a fascist government from accessing the data.

Show threadthesofafoxJul 24, 2025
@gimulnautti @openrightsgroup I would argue instead that neither government or private companies can be trusted.

What power do normal citizens have when people with loads of money run everything? Sure you can vote for representation on a national level, but it doesn't matter when most of them are going to do their lobbier's bidding (and, surprise surprise, it's the same private companies we don't like doing this lobbying). Even without lobbying, very few national government figures tend to be anywhere close to an average citizen.

There's infinite examples of people trusting their government and then the government abusing that power, typically involving data and surveillance/militarized force. But it's pointless to go over all of it. Advocating for a system that perpetually fucks its own citizens because of power being held above them is not a solution. That goes for any external entity, private company, government, or otherwise.
Show threadthesofafoxJul 23, 2025
@openrightsgroup or people could, you know, say they don't want to be ID'd in the first place and refuse to use unnecessary things that require it.

Regulations are such a small step to push for, and far too late at that. The issue is not how the data is being processed. The issue is that it's being processed in the first place. Regulations for this are like slapping a bandaid on top of a severed limb.