Age Verification Judicial Review endangers UK citizens' privacy

Judicial Review launched by Tech companies to force Age Verification for adult content under the Digital Economy Act 2016 to start would endanger privacy.

Reacting to the Judicial Review launched by Tech companies to force Age Verification for adult content to be implemented (1) Jim Killock, Executive Director of the Open Rights Group said: 

"These companies are asking us to trust them with records of millions of people's sexual preferences, with huge commercial reasons to use that data for profiling and advertising. 

"The adult industry has a terrible record on data security. We're being asked to hope they don't repeat the many, many times they have lost personal data, with the result that blackmail scams and worse proliferates. (2)

"The government did the responsible thing when it admitted its plans were not ready to proceed. Age Verification must not be pushed forward until there is compulsory privacy regulation put in place."

The companies behind the legal action are not subject to tight privacy regulations. Instead, the government can only ask for 'voluntary' privacy commitments.

General data protection law is not sufficient for this industry as data breaches of this nature cannot be fixed by fines. They need to be prevented by the toughest and most specific regulation available.

Examples of sector specific privacy regulation include bank payments governed by PCI DSS, which specifies exactly how privacy and security must be implemented (3).

The BBFC, when acting as regulator, created a voluntary privacy code. This was however rushed, created without public consultation, and was criticised by ORG as too weak. (4) Additionally, at least one company 18PlusApp refused to comply with it. (5)

Contact

Jim Killock +442070961079 / press@openrightsgroup.org

Notes 

(1) Tech companies launch legal action to force Government to bring in under 18s porn ban:

https://www.telegraph.co.uk/news/2020/01/16/tech-companies-launch-legal-action-force-government-bring-18s/

(2) List of MindGeek data breaches:

https://wiki.openrightsgroup.org/wiki/MindGeek/List_of_MindGeek_data_breaches

(3) Compulsory banking standards for privacy and security, PCI DSS:

https://www.pcisecuritystandards.org

(4) Analysis of BBFC Age Verification Certificate Standard, June 2019:

https://www.openrightsgroup.org/about/reports/analysis-of-bbfc-age-verification-certificate-standard-june-2019

(5) 18PlusApp opts out of BBFC privacy regulation, June 2019:

https://web.archive.org/web/20190711154435/https://medium.com/@18PlusApp/why-we-did-not-seek-a-voluntary-age-verification-certificate-from-the-bbfc-9fff185d1dbf