EFF Reveals UK Age Verification Gathers LGBT Users' Sensitive Data

3 min readSources: EFF

EFF reveals UK age checks collect sensitive biometric and ID data from LGBT users.

Why it matters: Legal professionals face heightened compliance and privacy risks under the UK Online Safety Act, especially for platforms serving vulnerable groups like LGBT users handling sensitive data.

  • UK Online Safety Act requires age verification on adult sites by July 25, 2025.
  • Grindr’s UK age checks involve live video selfies or selfies with photo ID from users 18+.
  • Verification gathers biometric data, government IDs, and full identity details per EFF’s analysis.
  • EFF launched an Age Verification Resource Hub with safer privacy-focused compliance alternatives.

The UK Online Safety Act, effective July 25, 2025, mandates that online platforms verify users' ages before accessing adult content. This requirement heavily impacts platforms with vulnerable users, including LGBTQ+ communities.

For UK compliance, Grindr’s age verification lets users either submit a live video selfie or a selfie with an official photo ID to prove they are 18 or older. This process collects extensive biometric data and government-issued ID information.

The Electronic Frontier Foundation’s Q&A details that such verifications capture sensitive identifying info including names, birthdates, addresses, and facial images, raising serious privacy concerns beyond simple age proof.

Privacy experts like UK Information Commissioner’s Office caution that collecting biometric and ID data poses significant compliance challenges under UK data protection laws and risks exposing marginalized groups to harm if data handling is inadequate.

EFF’s Age Verification Resource Hub now offers guidance promoting privacy-preserving alternatives, such as cryptographic proofs or zero-knowledge protocols, to meet legal requirements with minimal data exposure.

Grindr's team emphasized on their blog that while the verification seeks to keep their platform safe for queer adults, ongoing scrutiny of data protection practices is crucial to reduce risks.

Independent observers, including privacy advocates at Privacy International, stress the complex legal balancing act: platforms and counsel must comply with regulations without material risk of privacy violations that could harm communities relying on confidentiality.

With the July 2025 deadline approaching, in-house and external legal counsel need clear policies on secure data collection, limited retention, and transparent user rights to mitigate risks posed by prevalent age verification techniques.

By the numbers:

  • July 25, 2025 — Deadline for UK Online Safety Act age verification enforcement
  • 18+ — User age threshold for adult content access verification
  • Several thousand — Likely number of UK Grindr users subject to biometric checks

Yes, but: While age verification protects minors, current methods may over-collect sensitive data, challenging compliance and privacy safeguards.

What's next: Legal teams should monitor ICO guidance updates and push for adoption of privacy-preserving verification technologies before mid-2025 enforcement.