Two-Tier Data Protection:

Britain is being nudged - and in some places pushed - into a new normal: prove who you are, or lose access. In September and October 2025 the government announced plans for a national digital ID, promoted as a free credential stored in a GOV.UK digital wallet and rolled out across the UK. Parliament's research briefing says the government has announced plans for a mandatory national digital ID scheme.

At the same time, the government's Online Safety regime has made "age checks" a practical requirement for adults who want to view legal content online. Ofcom told users that from 25 July 2025, sites and apps that allow pornography must have strong age checks in place. The government's own explainer confirms the Online Safety Act's age assurance duties for pornographic content came into force in January 2025, forcing services to adopt "robust" checks rather than a tick-box.

Put those moves together and a clear message emerges: hand over more personal data and trust the system. Whether it's an ID upload, a facial scan, a credit-card check, or a third-party "age token", the direction of travel is the same - more verification, more data trails, more points of failure.

Now set that demand against what government already failed to protect.

In 2025, the Ministry of Justice confirmed a cyber security incident involving the Legal Aid Agency's digital services. The official government FAQ warns that compromised data may have included contact details and addresses, dates of birth, national ID numbers, criminal history, employment status and financial information. It also states that, in some instances, data about partners of legal aid applicants was included.

This is not harmless admin. These are the details that can expose people to fraud, intimidation, discrimination, and coercion: criminal histories, financial vulnerabilities, and information reaching beyond the applicant to relatives or partners. And the link to the state is direct. The Legal Aid Agency is an executive agency sponsored by the Ministry of Justice, and a government review summary notes that while it is administratively distinct, it remains legally part of the MoJ. So here's the duality: ministers say identity checks and age verification are necessary to protect the public, yet the same machinery of government has admitted it couldn't secure data that is far more sensitive than the information it now wants citizens to provide routinely.

Critics have already branded Sir Keir Starmer "two-tier Keir". Whatever you think of that line, it lands because it speaks to a wider pattern: two-tier data protection. One tier is imposed on the public - comply, verify, upload, scan. The other tier is tolerated within the state - weak systems, delayed transparency, and a "FAQ after the breach" approach to accountability.

If government wants national digital ID and enforced online age verification, it should meet a basic standard first: demonstrably secure the data it already holds, and accept real consequences when it fails. Until then, compulsory verification looks less like safety and more like power without responsibility.

Sources

- UK Government (gov.uk), 'New digital ID scheme to be rolled out across UK' (26 September 2025).

- UK Government (gov.uk), 'New digital ID to make life easier for millions' (23 October 2025).

- House of Commons Library, 'Digital ID in the UK' (Research Briefing CBP-10369, 5 December 2025).

- Ofcom, 'Age checks for online safety - what you need to know as a user' (26 June 2025).

- UK Government (gov.uk), 'Online Safety Act: explainer' (includes age assurance duty in force 17 January 2025).

- UK Government (gov.uk), 'Legal Aid Agency cyber security incident: frequently asked questions' (May 2025, updated).

- UK Government (gov.uk), 'Summary of the Legal Aid Agency (LAA) review 2024 to 2025' (30 April 2025).