|“As it stands, it looks like age verification won’t work for users, it won’t work for site owners, and it won’t stop under 18s from looking at porn. When it comes to digital policy, the Government continues to fail to listen to the warnings of experts, and to push through ineffective and unworkable laws.”|| “We should be able to guarantee the privacy of an individual before the verification tool comes into force. We are not asking anything unreasonable of the regulator or of the age verification providers. The principles of privacy, anonymity and proportionality should underpin the age verification tool, but as far as I am aware, they have not as yet featured in any draft guidance, codes of practice or documents accompanying the Bill.”
Kevin Brennan MP (Report stage, Digital Economy Bill)
|“the Act completely fails to address the users of age verification’s own privacy or data security. To put this in perspective, MindGeek (who reportedly own approximately 90% of the free adult “tube” sites on the internet such as PornHub) anticipate that twenty to twenty five million adults in the UK will sign up to MindGeek’s own age verification software “within the first month”.
Hence the State (the DCMS) may have passed regulatory liability to a non-Governmental body founded by the film industry (the BBFC); along with the responsibility for age verification software to a private sector pornography industry which has little to no data privacy and security experience (MindGeek’s PornHub, YouPorn, Digital Playground and Brazzers have all suffered security breaches in the past); and, perhaps most egregiously, with no safeguards specifically written into the law to ensure that over a third of its citizens’ most personal and private data is held privately and securely.”
|“And yet with all the risks that these solutions pose, all of these solutions may be entirely data protection compliant. This is because data protection allows people to share pretty much whatever they agree to share, on the basis that they are free to make agreements with whoever they wish, by providing ‘consent’.
In other words: Data protection law is simply not designed to govern situations where the user is forced to agree to the use of highly intrusive tools against themselves…..
If the government wants to have Age Verification in place, it must mandate a system that increases the privacy and safety of end users, since the users will be compelled to use Age Verification tools. Also, any and all Age Verification solutions must not make Britain’s cybersecurity worse overall, e.g. by building databases of the nation’s porn-surfing habits which might later appear on Wikileaks.”
|“As I put it to the Minister when he was at the Dispatch Box, there are no provisions in the Bill to secure the privacy and anonymity of those using these sites. He said that the data will be held in accordance with the Data Protection Act, but as we saw in the Ashley Madison leaks, that was of no great assistance. Let us not forget just exactly what is at stake: as a consequence of that hack and of the information being put into the public domain, a number of people committed suicide. We seem to be treating the symptom rather than the disease, and what would really make the significant changes we all want is better sex and relationships education.”
Alistair Carmichael MP (Lib Dem) (Report Stage, Digital Economy Bill)
|“Privacy is one of the most important things to get right in relation to this regime. As a regulator, we are not interested in identity at all. The only thing that we are interested in is age, and the only thing that a porn website should be interested in is age. The simple question that should be returned to the pornographic website or app is, “Is this person 18 or over?” The answer should be either yes or no. No other personal details are necessary.|
| “I would like to introduce an element of caution. Unlike a lot of other material online that has been discussed—child pornography, racist material, hate speech, extremist encouragement and copyright breaches—we are talking here about legal content. Like it or not, the sites we are discussing are visited by millions and millions of people every day.”
John Whittingdale MP (Secretary of State for Culture and Media when the Digital Economy Bill was introduced, Report stage, Digital Economy Bill)
|“The potential for online fraud could raise significantly, as criminals adapt approaches in order to make use of false AV systems / spoof websites and access user data;
Adults (and some children) may be pushed towards using ToR and related systems to avoid AV where they could be exposed to illegal and extreme material that they otherwise would never have come into contact with.”
Dept of Culture Media and Sport, Draft Impact assessment, published 14th March 2017.
|“Age verification systems almost inevitably involve creating databases of those who are accessing adult material. It is completely lawful for those who wish to look at adult material to access these websites, but it is a sensitive area and many will be wary about or even deterred from accessing completely legal websites as a result. Security experts agree that unauthorised hacking of databases is almost inevitable, and the advice to organisations is to prepare contingency plans for when rather than if their databases are accessed by those without authority to do so. The consequences of breaching databases containing sensitive personal data can perhaps be most starkly illustrated by the public exposé of the personal details of those who were members of Ashley Madison, which reportedly resulted in two suicides. The risk to privacy can be reduced if the age verification regulator approves minimum standards for age verification providers. These are set out in the amendment.”||“The Bill does not specify how age can be verified, and I must say that I am not entirely sure how the providers will do that.”
This comment was made at second reading of the Bill, the relevant provisions are still effectively what was in the Bill at that time – see Part 3 of that version of the Bill here