Porn ban has ‘disastrous’ implications for privacy, rights group warns “Urgent measures are needed to ensure that the government does not deliver a privacy scheme that is not fit for purpose,” the group warns

The forthcoming age checks on pornographic websites fail to meet adequate standards of cyber security and data protection, a new report has warned.

The identity checks, which are due to come into force from 15 July, have been designed to prevent children from accessing inappropriate material online and require providers of porn content to introduce systems to check visitors’ ages.

The Security and data retention guidance provided by the British Board of Film Classification (BBFC)’s Age-verification Certificate Standard, which contains information for providers of the age verification services the sites will use, is “vague and imprecise”, according to campaigning organisation Open Rights Group.

The i newsletter latest news and analysis Email address is invalid Email address is invalid Thank you for subscribing! Sorry, there was a problem with your subscription.

While the standard’s existence demonstrates the BBFC’s belief that robust protection of age verification data to be of “critical importance,” it fails to deliver it in both substance and operation, the group’s report found.

The BBFC specified in April that a range of “rigorous” age-verification options will be available to allow users to choose the right system for them,

“You won’t be able to just type in your date of birth or tick a box,” guidance on the body’s website reads.

“Age-verification solutions range from the use of traditional ID documents online (for example, credit cards or passports) to mobile phones where the adult filters have been removed. Users can also use digital IDs or buy a card over the counter in a shop where the verification is face to face.”

Open Rights Group argues the scheme allows commercial age verification providers to write their own privacy and security frameworks, relegating the BBFC’s role to checking commercial entities follow their own rules instead of requiring them to adhere to a mandated set of common standards.

The government’s decision to use pre-existing data protection legislation as a means of checking if age verification providers are providing an acceptable standard of service is “disastrous,” it warned.

“The result is uncertainty for Internet users, who are inconsistently protected and have no way to tell which companies they can trust,” the report’s authors wrote.

“The fact that the scheme is voluntary leaves the BBFC powerless to fine or otherwise

discipline providers that fail to protect people’s data, and makes it tricky for consumers to distinguish between trustworthy and untrustworthy providers.

“In our view, the government must legislate without delay to place a statutory requirement on the BBFC to implement a mandatory certification scheme and to grant the BBFC powers to require reports and penalise non-compliant providers.”

The scheme was first outlined in the 2015 Conservative election manifesto and passed into law as part of the Digital Economy Act 2017. It was originally due to come into force from April 2018 after then-digital minister Matt Hancock signed the commencement order for the Act in July 2017, but was pushed back further to allow further consultation time on ensuring the law was properly applied.