UK Online Safety Act: Difference between revisions

Line 6:

|ArticleType=Legislation}}

United Kingdom's [[wikipedia:Online Safety Act 2023|Online Safety Act 2023]] is a set of laws that claims to protect children and adults online.<ref name=":2">{{Cite web |date=April 24, 2025 |title=Online Safety Act: explainer |url=https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer |website=Gov.uk}}</ref> The act applies to search services and services that allow users to post content online or to interact with each other ([https://www.legislation.gov.uk/ukpga/2023/50#section-4 Section 4]).

United Kingdom's [[wikipedia:Online Safety Act 2023|Online Safety Act 2023]] (OSA) is a set of laws that claims to protect children and adults online.<ref name=":2">{{Cite web |date=April 24, 2025 |title=Online Safety Act: explainer |url=https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer |website=Gov.uk}}</ref> The act applies to search services and services that allow users to post content online or to interact with each other ([https://www.legislation.gov.uk/ukpga/2023/50#section-4 Section 4]).

One of the duties of the act requires affected websites to implement their own solution for identity verification such that it is highly effective to prove one's age ([https://www.legislation.gov.uk/ukpga/2023/50#section-12-6 Section 12.6]). There is no official government-sanctioned identity verification platform. Each service provider must implement their own solution or find a third party solution to use to remain compliant. Another duty filters non-verified users from interacting with content made from an "adult user" ([https://www.legislation.gov.uk/ukpga/2023/50#section-15-10 Section 15.10])<ref name="rossmann:1">{{Cite web|date=August 1, 2025|last=Rossmann |first=Louis |title=Tea app & UK Online Safety Act - the world is becoming a black mirror episode :(| url=https://www.youtube.com/watch?v=TNNsCuEvR5w&t=114 |ref=rossmann:1 |website=[[YouTube]] |access-date=August 25, 2025}}</ref>. These non-verified users will also be less visible, provided the adult user has toggled it.

Line 56:

Since enforcement began, the UK’s media regulator Ofcom has reportedly sent formal notices to several US tech companies, instructing them to comply or face penalties. These letters have ignited backlash among American lawmakers, many of whom argue that Britain has crossed a line by trying to dictate speech rules to American businesses and citizens. House Judiciary Chair Jim Jordan, along with other members of Congress, has taken his concerns directly to British ministers, raising objections with Science Secretary Peter Kyle.<ref>{{Cite news |last=Frieth |first=Dan |date=2025-07-31 |title=The White House Puts UK Prime Minister Keir Starmer on Notice Over UK’s Dangerous Online Censorship Laws |url=https://reclaimthenet.org/us-uk-clash-over-online-safety-act-free-speech |access-date=2025-08-18 |work=Reclaim the Internet}}</ref>

==Data ~~Breaches~~==

==Data breaches including ID documents==

At least one known data breach has included sensitive ID documents used for age verification ~~since~~ the ~~Online Safety Act came into effect~~.

Since the Online Safety Act came into effect, at least one known data breach has included sensitive ID documents used for age verification. Note that these breaches may ''not'' be linked directly to age verification methods implemented for OSA compliance, but nonetheless highlight the risks of sensitive ID documents being handled by private organizations.

===Discord Third-Party Customer Service===

===Discord Third-Party Customer Service (5CA)===

On 3 October 2025, [[Discord]] issued a press release announcing "a Security Incident Involving Third-Party Customer Service", in which "The unauthorized party [...] gained access to a small number of government‑ID images (e.g., driver’s license, passport) from users who had appealed an age determination".<ref>{{Cite web |date=2025-10-03 |title=Update on a Security Incident Involving Third-Party Customer Service |url=https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |url-status=live |archive-url=https://web.archive.org/web/20251006163040/https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |archive-date=2025-10-06 |access-date=2025-10-07 |website=discord.com}}</ref> The ~~third~~-~~party in question~~ has ~~not~~ been ~~formally named~~.

On 3 October 2025, [[Discord]] issued a press release announcing "a Security Incident Involving Third-Party Customer Service [5CA]", in which "The unauthorized party [...] gained access to a small number of government‑ID images (e.g., driver’s license, passport) from users who had appealed an age determination".<ref>{{Cite web |date=2025-10-03 |title=Update on a Security Incident Involving Third-Party Customer Service |url=https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |url-status=live |archive-url=https://web.archive.org/web/20251006163040/https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |archive-date=2025-10-06 |access-date=2025-10-07 |website=discord.com}}</ref> The total number of ID images exposed was approximately 70,000. The data accessed came from an age-related appeals process which has been in place since before the OSA came into effect, and is used in conjunction with an "Automatic Age Check" system using k-ID.<ref>{{Cite web |date=2024-12-19 |title=Help! I'm old enough to use Discord in my country but I got locked out? |url=https://support.discord.com/hc/en-us/articles/360041820932-Help-I-m-old-enough-to-use-Discord-in-my-country-but-I-got-locked-out |url-status=live |access-date=2025-10-13 |website=Discord}}</ref>

==Consumer response==

@@ Line 6: / Line 6: @@
 |ArticleType=Legislation}}
-United Kingdom's [[wikipedia:Online Safety Act 2023|Online Safety Act 2023]] is a set of laws that claims to protect children and adults online.<ref name=":2">{{Cite web |date=April 24, 2025 |title=Online Safety Act: explainer |url=https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer |website=Gov.uk}}</ref> The act applies to search services and services that allow users to post content online or to interact with each other ([https://www.legislation.gov.uk/ukpga/2023/50#section-4 Section 4]).
+United Kingdom's [[wikipedia:Online Safety Act 2023|Online Safety Act 2023]] (OSA) is a set of laws that claims to protect children and adults online.<ref name=":2">{{Cite web |date=April 24, 2025 |title=Online Safety Act: explainer |url=https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer |website=Gov.uk}}</ref> The act applies to search services and services that allow users to post content online or to interact with each other ([https://www.legislation.gov.uk/ukpga/2023/50#section-4 Section 4]).
 One of the duties of the act requires affected websites to implement their own solution for identity verification such that it is highly effective to prove one's age ([https://www.legislation.gov.uk/ukpga/2023/50#section-12-6 Section 12.6]). There is no official government-sanctioned identity verification platform. Each service provider must implement their own solution or find a third party solution to use to remain compliant. Another duty filters non-verified users from interacting with content made from an "adult user" ([https://www.legislation.gov.uk/ukpga/2023/50#section-15-10 Section 15.10])<ref name="rossmann:1">{{Cite web|date=August 1, 2025|last=Rossmann |first=Louis |title=Tea app & UK Online Safety Act - the world is becoming a black mirror episode :(| url=https://www.youtube.com/watch?v=TNNsCuEvR5w&t=114 |ref=rossmann:1 |website=[[YouTube]] |access-date=August 25, 2025}}</ref>. These non-verified users will also be less visible, provided the adult user has toggled it.
@@ Line 56: / Line 56: @@
 Since enforcement began, the UK’s media regulator Ofcom has reportedly sent formal notices to several US tech companies, instructing them to comply or face penalties. These letters have ignited backlash among American lawmakers, many of whom argue that Britain has crossed a line by trying to dictate speech rules to American businesses and citizens. House Judiciary Chair Jim Jordan, along with other members of Congress, has taken his concerns directly to British ministers, raising objections with Science Secretary Peter Kyle.<ref>{{Cite news |last=Frieth |first=Dan |date=2025-07-31 |title=The White House Puts UK Prime Minister Keir Starmer on Notice Over UK’s Dangerous Online Censorship Laws |url=https://reclaimthenet.org/us-uk-clash-over-online-safety-act-free-speech |access-date=2025-08-18 |work=Reclaim the Internet}}</ref>
-==Data Breaches==
+==Data breaches including ID documents==
-At least one known data breach has included sensitive ID documents used for age verification since the Online Safety Act came into effect.
+Since the Online Safety Act came into effect, at least one known data breach has included sensitive ID documents used for age verification. Note that these breaches may ''not'' be linked directly to age verification methods implemented for OSA compliance, but nonetheless highlight the risks of sensitive ID documents being handled by private organizations.
-===Discord Third-Party Customer Service===
+===Discord Third-Party Customer Service (5CA)===
-On 3 October 2025, [[Discord]] issued a press release announcing "a Security Incident Involving Third-Party Customer Service", in which "The unauthorized party [...] gained access to a small number of government‑ID images (e.g., driver’s license, passport) from users who had appealed an age determination".<ref>{{Cite web |date=2025-10-03 |title=Update on a Security Incident Involving Third-Party Customer Service |url=https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |url-status=live |archive-url=https://web.archive.org/web/20251006163040/https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |archive-date=2025-10-06 |access-date=2025-10-07 |website=discord.com}}</ref> The third-party in question has not been formally named.
+On 3 October 2025, [[Discord]] issued a press release announcing "a Security Incident Involving Third-Party Customer Service [5CA]", in which "The unauthorized party [...] gained access to a small number of government‑ID images (e.g., driver’s license, passport) from users who had appealed an age determination".<ref>{{Cite web |date=2025-10-03 |title=Update on a Security Incident Involving Third-Party Customer Service |url=https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |url-status=live |archive-url=https://web.archive.org/web/20251006163040/https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service |archive-date=2025-10-06 |access-date=2025-10-07 |website=discord.com}}</ref> The total number of ID images exposed was approximately 70,000. The data accessed came from an age-related appeals process which has been in place since before the OSA came into effect, and is used in conjunction with an "Automatic Age Check" system using k-ID.<ref>{{Cite web |date=2024-12-19 |title=Help! I'm old enough to use Discord in my country but I got locked out? |url=https://support.discord.com/hc/en-us/articles/360041820932-Help-I-m-old-enough-to-use-Discord-in-my-country-but-I-got-locked-out |url-status=live |access-date=2025-10-13 |website=Discord}}</ref>
 ==Consumer response==