How much of your private life would you hand to a stranger — your name, your face, your passport, your sexual preferences — in exchange for the right to exist online?

The new UK internet safety law demands exactly that.

Framed as a safeguard for children, it quietly opens the door to unprecedented tracking of who you are, what you watch, and where you go online.

For LGBTQIA+ people, this isn’t a hypothetical risk.

History is littered with moments when our communities were mapped, monitored, and targeted — from government lists of “suspected homosexuals” in the 20th century to the public outing of dating app users in countries where being gay is criminalized.

In this article, you will see what the law says, the safety risks it creates, the kind of personal data it can extract, how that data could be used to profile you, and what it means for both UK residents and visitors.

What is the 2025 Online Safety Act in the United Kingdom?

The UK internet safety law, formally known as the Online Safety Act, came into force with the stated aim of protecting minors from harmful online content.

It requires major platforms — from adult sites like Pornhub to unexpected names like Spotify, Reddit, and even Wikipedia — to introduce strict age verification systems.

These systems can include government-issued ID checks, credit card validation, or biometric scans, creating a direct and traceable connection between a user’s legal identity and their online activity.
While lawmakers frame this as a necessary step to shield young people from pornography and abusive material, digital rights experts warn that the same infrastructure could be repurposed for broader surveillance, content censorship, and data mining.

For communities that have historically faced disproportionate monitoring, such as LGBTQIA+ individuals, the potential consequences go far beyond the stated intent of the law.

In the UK some politicians are stating this is a massive win, even going so far as to state that we should all avoid the use of VPN’s to bypass the law. Peter Kyle form the Labour Party (a left leaning political party in the UK) stated:

“Adults should get behind the aid verification system, because every time they do it, you keep a child safe.”

However, we here at the Homoculture aren’t so sure this is the real reason this is being pushed in the UK. 

Let’s elaborate a bit more, but as you continue reading, ponder the idea that perhaps there could be an ulterior motive and let us know your thoughts in the comments. 

Age Verification Isn’t New — But Now It’s Everywhere

Many of the age‑verification requirements now mandated by the Online Safety Act already existed in more modest forms within everyday technologies. Home‑router parental controls, for instance, have long offered the ability to restrict adult content across all connected devices—a practice implemented by internet service providers and advocated by digital‑education bodies.

Similarly, in the mobile sphere, networks such as Three in the UK have, for years, enforced default blocks on 18+ content that can only be lifted following a credit‑card check—or, if one lacks a card, a photo‑ID validation at a store 

These serve as precedent for what the Online Safety Act now mandates—only on a far broader, system‑wide scale. 

While these existing measures already nudge users to verify their age for content access, the new law elevates them dramatically—introducing biometric scans, ID uploads, and third‑party identity wallets as standard, and doing so for websites and apps not previously subject to such controls. 

The leap from optional, localized filters to sweeping, mandatory identity checks may appear small in technical terms—but carries profound implications for LGBTQIA+ people accustomed to guarded anonymity online.

Why LGBTQIA+ People Stand To Lose The Most

These implications will extend far beyond our community, but, we stand to lose the most because of our past. 

A history of profiling and persecution

In the 1950s and 60s, the UK government ran covert operations to identify and dismiss gay men from the civil service and armed forces, creating blacklists that ruined careers and lives.

In the United States, the “Lavender Scare” paralleled the Red Scare, with thousands of federal employees interrogated and fired simply for being suspected of homosexuality.

Even in the digital era, profiling has been weaponized: in 2018, a security flaw in the Grindr app allowed the exact locations of users to be triangulated — information that, in some countries, could lead to arrest or violence.

The above shows how personal data can be linked to identity, it can also be exploited for political, moral, or ideological ends.

The Online Safety Act’s sweeping age-verification mandate risks creating a permanent registry of sexual preferences and online habits, with no guarantee of how — or by whom — that information might one day be used.

What Data Could Be Collected And How It Could Be Used

Under the UK internet safety law, the scope of data collection extends well beyond a simple “yes” or “no” to verify age. Depending on the platform, the process could involve:

• Scans of government-issued ID (passport, driving license, national identity card)
• Facial recognition through a live selfie or recorded video (invasive for some sexy time, huh?)
• Credit card verification, linking banking records to online activity
• Biometric data captured through device sensors

Each of these creates a permanent, high-value link between a legal identity and online behavior. 

Even if the original purpose is narrow,  the resulting data can be stored, cross-referenced, and monetized.

Here’s the biggest concerns

Data breach risk: Government and corporate databases have proven vulnerable to leaks. The UK’s own Information Commissioner’s Office has documented dozens of incidents where sensitive personal data was exposed. For LGBTQIA+ users, even a partial data breach could expose sexual preferences, private interests, or community participation to employers, family members, or hostile actors.

Profiling and targeting: Once linked, browsing patterns can be analyzed to infer sexual orientation, relationship status, or even political affiliation. Marketing firms already profile consumers with alarming precision; this infrastructure could make such profiling unavoidable.

Government access: If data is held by platforms headquartered in the United States — from adult content networks to mainstream social media — it can be compelled under the CLOUD Act to be handed over to US authorities, regardless of where it is stored. The UK’s own intelligence-sharing arrangements with the US and other “Five Eyes” members create further avenues for data exchange.

International vulnerability: Visitors to the UK are not exempt. A tourist accessing a UK-regulated platform may still be asked for ID, and their information stored indefinitely. In countries where being LGBTQIA+ remains criminalized, such a digital footprint could become a tool for prosecution if shared or leaked. 

The result is a surveillance and profiling ecosystem where consent is illusory, and where the risks are distributed unevenly — falling hardest on those whose identities have historically been punished.

What does this mean for you if you visit the United Kingdom?

Visitors to the UK may believe their privacy is protected under their own country’s laws, but once they log in to a platform regulated under the UK internet safety law, they step into a different legal reality.

If an app such as Grindr, Scruff, or Bumble asks for age verification while you’re in the UK, the information you provide — passport scan, credit card, facial recognition data — is not just stored locally. If the company is headquartered in the United States, that data can be compelled under the US CLOUD Act to be handed over to US authorities at any time, without your consent and regardless of your nationality.

This is not speculation. The CLOUD Act explicitly allows US law enforcement to demand user data from American companies, even if the servers holding it are in another country. Once transferred, that data may also be shared with allied governments, including those with far less protective privacy laws.

For LGBTQIA+ travelers, the stakes are higher:

• Dating app history: Verified identity linked to your location, chat history, and profile preferences.
• Adult content access: A log of which sites you visited and when, tied directly to your passport or ID.
• Social media use: Interactions in LGBTQIA+ groups or advocacy spaces may be archived and stored indefinitely.

Beyond personal privacy, this creates a national security concern. A foreign government gaining access to a database linking sexual orientation, location data, and identity documents of people visiting the UK is a high-value intelligence asset — and the UK’s own government has no power to stop it once the data is in U.S. hands.

This means that simply checking messages on Grindr during a weekend trip to London, or browsing Bumble while traveling for work, could generate a permanent, cross-border data trail that no VPN or settings change can erase as the apps are location based. 

For most visitors, the idea that using a dating app in one country could result in their verified identity being stored by a foreign government is not only deeply invasive but also breaches the basic expectation that national borders protect individual rights.

Wider Implications Beyond the LGBTQIA+ Community

While the UK internet safety law places LGBTQIA+ people at particular risk due to historical and ongoing profiling, the reach of its implications extends to anyone who values privacy, freedom of expression, or the right to organize without state oversight.

Journalists and whistleblowers

Reporters covering sensitive issues — from corruption to human rights violations — often rely on secure, anonymous communication. Mandatory age verification tied to government ID or biometrics risks unmasking their online movements, making sources more vulnerable and stories harder to protect.

Political activists

Whether advocating for climate action, opposing government policy, or supporting minority rights, activists increasingly use social platforms and encrypted chat groups to coordinate. Linking these activities to verified personal identities could make protest movements easier to monitor and suppress.

Professionals in sensitive sectors

Lawyers, therapists, educators, and healthcare workers often maintain separation between their personal lives and public roles. Compulsory identity checks on websites or apps with user-generated content risk erasing that boundary — particularly if hobbies, relationships, or personal beliefs become linked to a verified profile.

Cross-border data sharing

With many regulated platforms based in the United States, user data can be demanded by US authorities under the CLOUD Act and potentially shared with international partners. That could include governments with weaker human rights protections or laws hostile to political dissent, LGBTQIA+ rights, or press freedom.

This is not an abstract possibility. History shows that when surveillance infrastructure exists, it is eventually used in ways far beyond its original purpose. The Online Safety Act’s identity-verification requirement risks becoming a permanent, global database of people’s private interests, sexual preferences, political beliefs, and social connections — available to governments and corporations whose agendas may change overnight.

For LGBTQIA+ people, the danger is acute. For everyone else, it is only a matter of time.

Censorship Disguised As Child Protection

Although the UK insists the law was passed to protect children, the reality of the act is quite sinister. 

Here’s what has happened so far since the act was legalized.

• WhatsApp has threatened to leave the UK, citing concerns that the Online Safety Act could force them to weaken end-to-end encryption. Their leadership warned they would “rather pull out of the UK than lower security.”
• Wikipedia is facing a legal blow against free access. In early August 2025, the High Court dismissed the Wikimedia Foundation’s challenge to being classified as a “Category  1” platform, meaning strict age-verification and monitoring requirements may soon apply to the very popular information site. The court did urge Ofcom to consider Wikipedia’s unique public-interest role—but the risk to open, anonymous contributions remains.
• Censorship of legal content is already happening in real time. Social media platforms and content creators report that even mild dissent or publicly critical material—especially political commentary—is being suppressed under vague definitions of “harm.” Platforms like X (formerly Twitter) warn the law’s broad enforcement powers risk chilling free expression. Over 468,000 UK users have signed a petition to repeal the act.
• Algorithmic suppression affects marginalized voices, including LGBTQIA+ creators. A recent study of UK-based TikTok users found that marginalized identities often face targeted content throttling—even when their posts don’t breach community guidelines—effectively silencing LGBTQIA+ expression. 

Taken together, these developments suggest the Online Safety Act is less about protecting children—and more about reshaping what platforms can exist and how people can express themselves online. 

If public-interest platforms are forced to add age gates or be blocked, and messaging apps quit the UK market, the online spaces LGBTQIA+ people rely on may vanish overnight.

Take Action Before You Can’t

The Online Safety Act is not a drill.

It is not just another headline about “tech regulation” — it is a live system that could permanently tie your identity to your sexuality, your political beliefs, and your online life.

If you believe that privacy is not a privilege but a right, speak up now.

Contact your MP. Sign the petitions if you’re in the UK. If not, share this article in your networks — especially with friends planning to travel to the UK.

Silence is compliance.

History shows that once surveillance tools are built, they are never dismantled — only expanded.

Traveling to the UK soon? Check out our guide on how to maintain your online privacy in the UK.

What do you think about this new law? Let us know in the comments below.