Consumer Attitudes and Regulatory Shifts in Online Data Privacy and Age Verification
Recent research highlights that a majority of consumers believe they are primarily responsible for their own data privacy, with 67% of survey respondents indicating personal agency as the main factor in protecting their information. Despite this, consumers expect technology companies and regulatory agencies to support privacy through transparent systems and informed consent. However, practical decisions, such as choosing between free, ad-supported services and paid, privacy-focused alternatives, reveal that cost remains a significant factor in user choices, often outweighing privacy concerns.
Simultaneously, 2025 saw the widespread implementation of online age verification requirements across Europe and the US, particularly for adult content and other regulated sites. These measures, intended to protect minors, have resulted in increased use of ID checks, geo-blocking, and VPN circumvention, raising new privacy and usability challenges. The tension between safety and privacy is evident, as most age verification methods require users to submit sensitive personal data, increasing the risk of exposure in the event of a breach. Regulators continue to push for stronger identity verification, but the practical impact has been confusion and restricted access for many users.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Age-verification rules expand across Europe and US states in 2025
During 2025, several European countries and US states implemented mandatory online age checks for access to certain websites, especially adult content. The measures led platforms to require sensitive identity data or block users by region, increasing privacy and security concerns.
SIIA publishes 2025 consumer data privacy research findings
The Software & Information Industry Association released 2025 research showing most consumers see themselves as primarily responsible for their own data privacy, while also favoring transparency, user control, and security safeguards such as encryption and anonymization.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Identity and Age Verification Security Risks Amid Rising Fraud and Regulatory Pressure
Identity and age verification controls are under strain as organizations expand remote onboarding and governments mandate stronger online age checks. Intellicheck’s analysis of nearly **100 million** cloud-based identity verification transactions in 2025 found an overall **97.85%** pass rate, but with significant variation by industry; failures were primarily driven by **expired IDs** (potentially indicating operational gaps, stolen credentials, or poor user hygiene) and **failed IDs** (often associated with attempted fraud and **synthetic identity** activity). Reported failure indicators included missing barcode authorization data, mismatches between barcode and printed fields, uploads that appear to be digital copies, and biometric mismatches between the presenter and the ID photo. In parallel, platforms and regulators are pushing broader deployment of online age assurance, raising privacy and security concerns about collecting and storing identity data at scale. Research cited in coverage of age verification initiatives (including Discord testing age checks and new requirements in the UK, France, and Australia) warns that expanded identity-data handling increases exposure to **breaches, identity theft, surveillance abuse, and discrimination**, even as it argues privacy-preserving approaches are feasible. Separately, Cisco’s *State of AI Security 2026* highlights that enterprises are rapidly integrating **agentic AI** into sensitive systems (ticketing, code repos, cloud dashboards) with limited security readiness; testing showed **multi-turn prompt-injection/jailbreak** techniques achieving up to **92%** success across eight open-weight models, underscoring the risk of automated workflows being steered into unsafe actions when agents have tool access and memory.
Mar 21, 2026
Regulatory Push for Online Age Verification and Adult-Site Access Restrictions
A growing regulatory push to require **online age verification**—particularly for access to pornography and other age-restricted content—is accelerating in the U.S. and U.K., with policymakers framing it as a child-safety measure and critics warning of privacy and free-speech risks. An **FTC** commissioner publicly endorsed age verification as a tool to protect children online, pointing to widespread state-level adoption in the U.S. and noting that court outcomes have been mixed, including a **U.S. Supreme Court** decision upholding a Texas law requiring pornography sites to verify users’ ages. In the U.K., the **Online Safety Act (OSA)** is driving direct service changes: **Aylo** (parent company of Pornhub and other tube sites) said it will **restrict access in the United Kingdom** rather than implement the OSA’s age-checking approach for all visitors, while allowing continued access for users who have already verified their identity. Aylo argued the framework diverts traffic to unregulated sites and creates privacy risks, while **Ofcom** countered that services can either implement compliant age checks or block U.K. access and urged development of effective device-level solutions.
Mar 21, 2026
Widespread Privacy Risks from Mobile App Data Practices and Regulatory Age Verification Requirements
A recent large-scale analysis of 50,000 mobile applications has revealed that over 77% of these apps leak personally identifiable information due to insecure data handling and insufficient privacy controls. The study found that many iOS applications fail to include required privacy manifests, while Android apps often circumvent explicit data-safety disclosures, creating significant blind spots in user privacy protections. These vulnerabilities are particularly concerning given the central role mobile devices play in daily communications and financial transactions, making users susceptible to tracking, profiling, and data theft. The research underscores the systemic nature of privacy risks in the mobile app ecosystem, with both platforms exhibiting gaps in transparency and compliance. In parallel, regulatory efforts to protect minors online are introducing new privacy challenges, as exemplified by Texas's SB 2420 law, which mandates age assurance for app store users and developers. Apple has voiced strong concerns that such laws require the collection and storage of sensitive personal information, such as government IDs, even for benign app downloads, thereby increasing the risk of data breaches. Starting January 1, 2026, Apple will require new account holders to confirm they are over 18, and minors will need parental consent for app downloads and purchases, further expanding the amount of sensitive data collected. Apple argues that these requirements should be limited to apps where age verification is truly necessary, warning that blanket mandates could have unintended privacy consequences. The complexity is heightened by the patchwork of state-level laws, with similar regulations set to take effect in Utah and Louisiana, compelling developers to adapt to varying compliance standards. The risks of such data collection are not theoretical; a recent breach at a third-party provider for Discord, which handled age verification, resulted in the exposure of sensitive government ID images. This incident illustrates the tangible dangers of accumulating large repositories of personal data for regulatory compliance. The convergence of insecure app data practices and regulatory-driven data collection amplifies the threat landscape for mobile users. Both industry and regulators face the challenge of balancing user safety, especially for minors, with the imperative to minimize unnecessary data exposure. The findings highlight the urgent need for stronger privacy-by-design principles in app development and more nuanced regulatory approaches that do not inadvertently increase user risk. As mobile platforms continue to evolve, ongoing vigilance and collaboration between stakeholders will be essential to safeguard user privacy. The situation calls for immediate action from app developers, platform providers, and policymakers to address these multifaceted privacy threats. Users are advised to remain cautious about the permissions they grant and the information they share with mobile applications. The broader industry must prioritize transparency, user control, and robust security measures to restore trust in the mobile app ecosystem.
Mar 21, 2026