The first week of implementation for the U.K.’s Online Safety Act (OSA) has been anything but smooth. Upon going into effect on July 25, popular online services ranging from X to Discord and even Spotify, requiring users to show ID before engaging with content on their platforms. Users turned in droves to downloading virtual private network (VPN) apps to avoid the requirements of the law and browse with their privacy intact. It’s a very American response to the imposition of the British government’s age verification rules, and it led the U.K.’s Secretary for Science and Technology Peter Kyle to suggest on live TV that every time an adult uses a VPN, it leads to the harm of a child online. U.S. advocates of similar digital regulations should take notice of how badly this is going.
The aim of protecting children online is a worthy goal, but it is impossible to ignore the OSA’s nature, which is a thinly veiled effort to normalize censorship in the U.K. and expand surveillance of British citizens and guests within their borders.
A boy participates in an online lesson for his kindergarten class while schools remain closed to help slow the spread of COVID-19, in Chicago, Ill., on April 3, 2020.
A boy participates in an online lesson for his kindergarten class while schools remain closed to help slow the spread of COVID-19, in Chicago, Ill., on April 3, 2020.
Interim Archives/Getty Images
One of the primary problems with the Online Safety Act lies in its overly broad language regarding the types of content it polices. The text requires sites that host pornography and other content deemed “harmful,” whatever that means, to verify that users are over the age of 18. With penalties as steep as 10 percent of global revenue and potential jail time for repeat offenses by firms, platforms are understandably overcorrecting and taking an overzealous approach to requiring ID checks in hopes of avoiding liability.
For example, in order to access your Spotify account, users will need to submit their ID so that they can listen to music again on the platform, or risk their account being scrubbed. The distinction here is worth highlighting, because while some music can be profane, you can see how the law flattens graphic video content and audio content, or, put more simply, words.
It’s no shock that users are soundly rejecting this approach by the U.K. government by turning to VPNs. These services, such as ExpressVPN or Surfshark, have quietly empowered individuals to take control of their digital privacy, whether to protect themselves on public Wi-Fi, avoid algorithmic price discrimination, or download large peer-to-peer files online.
And yes, people use VPNs to access explicit content or simply new music that is geoblocked. When a new album by your favorite band drops, Australians are usually jamming to it 12 hours before most Americans.
Originally designed in the 1990s to help businesses secure remote connections, VPNs are a critical and mainstream tool for everyday internet users seeking to protect themselves in an increasingly surveilled online world. By encrypting data and masking IP addresses, VPNs shield users from hackers, corporate trackers, and even government surveillance.
In an era where data is currency and digital freedom is under threat, VPNs are not a fringe convenience or an indication of nefarious activity by the user. It may only be a matter of time before the United Kingdom considers restricting VPNs altogether. They make total control infeasible.
That’s why Secretary Kyle had to appeal to Brits with a scare tactic about harming children with VPNs. The government passed a law that standard digital tech makes a mockery of, and that most online users under 50 know how to bypass.
VPNs aren’t the only way users are skirting age verification requirements. Video gamers playing Death Stranding have tapped into more creative solutions for getting past such regulations by leveraging the in-game photo modes to fool age verification software.
When U.K. Prime Minister Keir Starmer recently told President Donald Trump, “We’ve had free speech for a long time, so, er, we are very proud of that,” one had to wonder—what exactly is he proud of?
Is he referring to the 30 people a day his government arrests for posting “offensive” things online? Or perhaps he is proud of the fact that his government was threatening Americans with criminal charges for not complying with his government’s Online Safety Act?
And while the OSA was done under the guise of protecting kids online, the government is also inexplicably engaged in a Streisand effect moment, with its agency announcing it was investigating four companies operating 34 pornographic websites. Essentially, by calling it out, the regulator told minors where they can go to access pornographic content without the need to utilize age verification.
The Online Safety Act is a masterclass in unintended consequences and symbolic rulemaking. Britons are pushing back with a petition to repeal the law, which has already gathered over 450,000 signatures. American lawmakers would be wise to pay attention and avoid making the same mistakes in Congress. We can protect children without sacrificing the foundational principles of a free and open internet.
James Czerniawski is the head of emerging technology policy at The Consumer Choice Center. His work has been featured in the New York Post, Newsmax, U.S. News and World Report, and more. Follow him on X/Twitter @JamesCz19.
The views expressed in this article are the writer’s own.