Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what assessment her Department has made of the adequacy of the data protection practices of overseas third-party age-verification providers operating under the Online Safety Act.

UK GDPR and the Data Protection Act impose obligations on data controllers – which include age verification services - to process data fairly, lawfully, and transparently. The UK’s data protection legislation provides for extraterritorial scope, which applies to organisations offering goods or services or monitoring the behaviour of data subjects within the UK.

The Information Commissioner’ Office can investigate any concerns raised about the misuse or mishandling of data.

Ofcom and the ICO recently issued a joint statement on age assurance to provide greater clarity on how services can meet their obligations under the OSA and UK data protection legislation.