UK’s New Children’s Act Ignites Privacy Firestorm: VPNs, Encryption Under Siege from 19 Tech Defenders

The UK's Children's Wellbeing and Schools Act 2026, now law, prompts 19 privacy groups to decry threats to VPNs, encryption, and the open web via age gates and anti-circumvention rules.
UK’s New Children’s Act Ignites Privacy Firestorm: VPNs, Encryption Under Siege from 19 Tech Defenders
Written by Juan Vasquez

Nineteen privacy champions—from Proton and the Tor Project to Mozilla and the Electronic Frontier Foundation—issued a stark warning to UK policymakers this week. The open web faces erosion. Human rights hang in the balance. All because of the freshly minted Children’s Wellbeing and Schools Act 2026, which cleared Royal Assent on April 29, [UK Parliament].

The coalition’s letter, published May 5, slams the law’s push for age gates on platforms and features. Blunt access bans ahead. They target VPNs, games, even static sites. Signatories argue these moves prioritize restrictions over redesigning services for child rights. “UK policymakers are currently pursuing blunt policy interventions like access bans that will do little to improve young people’s experiences online, and instead undermine the web and infringe on human rights,” the group states in their [joint statement hosted on Mozilla’s blog]. Age assurance tech? Flawed. Either inaccurate. Or privacy-killing. Or both.

Existing tools fall short. They demand biometrics or government ID scans, risking massive data breaches—like those already hitting UK users. Mandates spread wide. Everyone verifies age, not just kids. Providers shoulder the load, choosing methods that could lock users into Big Tech silos. The decentralized web fractures. Free expression suffers.

Privacy Tools in the Crosshairs

VPNs draw special fire. The Act empowers the Secretary of State to regulate them within 12 months, potentially barring kids under 18. Providers must deploy “highly effective” age checks. Ofcom gets enforcement teeth. Earlier drafts eyed outright child VPN bans; the Lords backed an under-18 block in January, [TechRadar]. Labour pushed back, launching consultations instead. But the power remains.

Mullvad VPN blasted the bill on X last December. Lawmakers want “tamper-proof system software” on UK devices to block CSAM viewing or sharing. Client-side scanning, they call it. State spyware scanning phones nonstop. End-to-end encryption? Dead. Open-source OS like GrapheneOS? Banned. Users lose admin rights on their own gear, [@mullvadnet].

Wikipedia co-founder Jimmy Wales didn’t mince words. “The UK war on VPNs is an embarrassment,” he posted on X in January. Teach kids VPNs for privacy and malware blocks. Don’t legislate them away. Windscribe’s Yegor Sak dubbed it the “dumbest possible fix.” Fight for the Future’s Evan Greer warned of dangers to activists, journalists, survivors. Open Rights Group? Banning VPNs demands “extreme digital authoritarianism.”

The Act builds on the Online Safety Act 2023. It tweaks UK GDPR’s digital consent age—13 now, adjustable to 16. AI chatbots join regulated services. Curfews loom for young users. Platforms face duties on harmful features: live streams, location sharing, stranger contact. All enforced via age verification. A national consultation on harms runs till May 26, eyeing VPN loopholes.

But critics see deeper flaws. Age gates entrench app store overlords. Turn the web into age-siloed fiefdoms. Kids need the open internet for vital info—abuse, politics, identity. Platforms profit from data grabs, not safety. Fix that first, say the 19 groups: Big Brother Watch, Defend Digital Me, ExpressVPN, Gamers Voice, Global Partners Digital, Index on Censorship, Internet Society, IPVanish, Mullvad VPN, NO2ID, Open Rights Group, Privacymatters, Proton, Stop Killing Games, Tor Project, Tuta, VPN Trust Initiative.

Global Echoes, UK Frontline

This isn’t isolated. Australia’s under-16 social media ban passed in 2024. Proton’s Andy Yen called global age verification “the death of anonymity online” last week, per TechRadar. Over 400 scientists urged a halt in March, demanding consensus on harms. VPN Trust Initiative warned April 23: restrictions expose kids more.

Labour’s Lord Knight of Weymouth voted against the VPN amendment. Unlikely to fight hard, he said. Focus on child icons, not tech mazes. Ofcom must enforce better. Yet the Act’s anti-circumvention clauses linger. Service providers must block kids from services, features. Screentime limits. Location shares. All possible.

Privacy advocates gear up. Mozilla plans more input soon. Petitions surge— one at parliament.uk hits against VPN bans. X buzzes with resistance. The war on encryption rolls on. UK devices next?

Policymakers face a choice. Protect kids without torching the open web. Or double down, data risks be damned. History favors the former. But time ticks.

Subscribe for Updates

CybersecurityUpdate Newsletter

The CybersecurityUpdate Email Newsletter is your essential source for the latest in cybersecurity news, threat intelligence, and risk management strategies. Perfect for IT security professionals and business leaders focused on protecting their organizations.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us