The Online Safety Act is Forcing Brits to Hand Over Personal Data to 'Unregulated' Overseas Corporations With Questionable Privacy Records
Support our mission to provide fearless stories about and outside the media system
Packed with exclusive investigations, analysis, and features
SUBSCRIBE TODAY
Privacy campaigners have told Byline Times of their concern that millions of Britons are being forced to hand over sensitive personal data to opaque overseas firms with questionable privacy records, due to the new Online Safety Act.
From 25 July 2025, social media companies operating in the UK have been compelled to block under-18s from content deemed unsuitable for children - a process known as age-gating. The Government claims that the measures will make children safer online, preventing them from accessing pornography, self-harm and eating disorder-related content.
However, social media companies and dating apps often outsource the age-gating process to third-party providers. These firms collect biometric data (facial scans), passport and personal identification documents, and even banking and credit card information to verify users' identities.
The third party age verification companies used by leading social media platforms, include a firm tied to Trump-supporting billionaire Peter Thiel, and another firm set up by former Israeli intelligence officers.
Some of the firms used by the social media companies have been criticised in the past for presiding over privacy breaches.
Campaigners say that the lack of regulation and oversight of these third party companies could be putting the public's data privacy at risk.
Digital rights activists at Open Rights Group called on the Government to further regulate the age verification industry.
"Thanks to the Online Safety Act, people in Britain are being compelled to use unregulated age verification tools in order to access content online," Platform Power Programme Manager James Baker told Byline Times.
"Many of these providers are based outside of the UK and have questionable privacy policies. But users don't have a choice if they want to have full access to social media sites such as X, Reddit, and Bluesky, or to use dating apps like Grindr.
"The risks from handing over sensitive data are real and people are understandably worried about what could happen. The government needs to take these privacy concerns seriously by regulating the age verification industry and ensuring that providers have high standards of privacy and security. But they also need to limit the scope of the Act so that people aren't forced to risk their privacy whenever they go online."
'Free Speech for the 0.1%: Why the Online Safety Act Is Failing'
This broken law isn't only failing to prevent the spread of hate and misinformation, it's actively protecting the ability of the most powerful and privileged to do so, argues Kyle Taylor
Kyle Taylor
Who Are the Age Verifiers?
Several of the companies involved in age verification have chequered histories, including data breaches and controversial ties.
AU10TIX (Used by 'X')
Elon Musk's X (formerly Twitter) has used Israeli firm AU10TIX for ID document and selfie-based checks since 2023 - originally to verify premium 'blue check' users, and now to comply with age assurance requirements. The company, spun out of ICTS International - founded by former Shin Bet (Israeli domestic intelligence) officers - also employs engineers with backgrounds in Israel's military cyber-intelligence unit, Unit 8200.
In 2023, digital rights activist and MENA specialist Mona Shtaya described the partnership as "alarming."
"Hiring a company with ties to former secret intelligence, Shin Bet, puts us all at risk," Shtaya said. "This move threatens to fortify and weaponise our digital realms. A fate Palestinians already endure due to the ongoing military occupation. It's a disaster in the making for all its users."
AU10TIX's privacy policy lets it process data under the broad umbrella of "legitimate interests," potentially allowing reuse or sharing beyond age checks.
In 2024, 404 Media revealed a major data breach: administrative credent...
Packed with exclusive investigations, analysis, and features
SUBSCRIBE TODAY
Privacy campaigners have told Byline Times of their concern that millions of Britons are being forced to hand over sensitive personal data to opaque overseas firms with questionable privacy records, due to the new Online Safety Act.
From 25 July 2025, social media companies operating in the UK have been compelled to block under-18s from content deemed unsuitable for children - a process known as age-gating. The Government claims that the measures will make children safer online, preventing them from accessing pornography, self-harm and eating disorder-related content.
However, social media companies and dating apps often outsource the age-gating process to third-party providers. These firms collect biometric data (facial scans), passport and personal identification documents, and even banking and credit card information to verify users' identities.
The third party age verification companies used by leading social media platforms, include a firm tied to Trump-supporting billionaire Peter Thiel, and another firm set up by former Israeli intelligence officers.
Some of the firms used by the social media companies have been criticised in the past for presiding over privacy breaches.
Campaigners say that the lack of regulation and oversight of these third party companies could be putting the public's data privacy at risk.
Digital rights activists at Open Rights Group called on the Government to further regulate the age verification industry.
"Thanks to the Online Safety Act, people in Britain are being compelled to use unregulated age verification tools in order to access content online," Platform Power Programme Manager James Baker told Byline Times.
"Many of these providers are based outside of the UK and have questionable privacy policies. But users don't have a choice if they want to have full access to social media sites such as X, Reddit, and Bluesky, or to use dating apps like Grindr.
"The risks from handing over sensitive data are real and people are understandably worried about what could happen. The government needs to take these privacy concerns seriously by regulating the age verification industry and ensuring that providers have high standards of privacy and security. But they also need to limit the scope of the Act so that people aren't forced to risk their privacy whenever they go online."
'Free Speech for the 0.1%: Why the Online Safety Act Is Failing'
This broken law isn't only failing to prevent the spread of hate and misinformation, it's actively protecting the ability of the most powerful and privileged to do so, argues Kyle Taylor
Kyle Taylor
Who Are the Age Verifiers?
Several of the companies involved in age verification have chequered histories, including data breaches and controversial ties.
AU10TIX (Used by 'X')
Elon Musk's X (formerly Twitter) has used Israeli firm AU10TIX for ID document and selfie-based checks since 2023 - originally to verify premium 'blue check' users, and now to comply with age assurance requirements. The company, spun out of ICTS International - founded by former Shin Bet (Israeli domestic intelligence) officers - also employs engineers with backgrounds in Israel's military cyber-intelligence unit, Unit 8200.
In 2023, digital rights activist and MENA specialist Mona Shtaya described the partnership as "alarming."
"Hiring a company with ties to former secret intelligence, Shin Bet, puts us all at risk," Shtaya said. "This move threatens to fortify and weaponise our digital realms. A fate Palestinians already endure due to the ongoing military occupation. It's a disaster in the making for all its users."
AU10TIX's privacy policy lets it process data under the broad umbrella of "legitimate interests," potentially allowing reuse or sharing beyond age checks.
In 2024, 404 Media revealed a major data breach: administrative credent...
Activity