When Protection Sounds Like Control
Why age checks, digital ID and social media bans are landing in a country already shaped by distrust
Photo by Maxence Pira on Unsplash
The word that keeps appearing under posts about the social media ban is not safeguarding. It is control.
Digital ID. State overreach. Covid all over again. They are watching us. They are using children as the excuse.
It is tempting to roll your eyes. Some of this is conspiratorial, some of it politically opportunistic, and some of it is being pushed by people who have learned that distrust travels faster than evidence. But it would be a mistake to dismiss the whole thing as stupidity, because trust is not a decorative extra in public policy. It is infrastructure. When trust collapses, even a policy designed to protect children can be read as surveillance.
A recent Health Promotion International editorial puts this simply: trust is a verb. It is not something institutions hold in reserve and draw down when needed. It is built through what people repeatedly see and experience: whether decisions are explained, whether uncertainty is acknowledged, whether lived experience is treated as knowledge, and whether public systems show their reasoning rather than simply announcing conclusions.
Public mistrust can look ridiculous when it appears in Facebook comments under a digital ID story. It is easy to laugh at the language of control, surveillance, plots and hidden agendas. But mistrust is not harmless just because it sounds absurd. In public health, mistrust changes what people do with their bodies, their children and their sick relatives.
In eastern Democratic Republic of Congo (DRC), under far more extreme conditions, this has become brutally visible. Reports of an Ebola patient being taken from hospital, alongside accounts of quarantine escapes, secret burials and hostility towards health workers, show what happens when disease control meets communities who no longer experience authority as protection. Britain is not DRC. The histories are not the same. But the public health lesson travels: when people believe institutions are lying, controlling, experimenting or hiding something, facts do not move cleanly through a population. A medically sound intervention can still fail if it exists inside a story of suspicion.
That is the situation into which the under-16 social media ban now arrives.
The government says the ban will apply to platforms such as Snapchat, TikTok, YouTube, Instagram, Facebook and X, while WhatsApp and Signal are not currently intended to be included. It also says harmful functions such as livestreaming and stranger communication with children will be restricted across a wider range of services, including gaming sites. Age assurance, AI chatbots, curfews and infinite scroll are all now part of the debate. The official language is protection. But policy does not land only in official language. It lands in memory, suspicion, family WhatsApp groups, comment threads, old grievances and half-understood technical systems.
This is no longer a fringe implementation issue. Current reporting on the UK ban is already discussing facial age estimation, ID matching, credit checks, digital identity wallets and device-level verification as possible routes to enforcement. Those options are very different in terms of privacy, error, exclusion and public legitimacy. A system that simply says “trust us” will not be enough.
For some parents, the announcement sounds like relief. Finally, platforms may have to carry more responsibility. Finally, the burden may shift away from individual families trying to police systems designed to defeat them. For others, the same announcement sounds like the next turn of the screw: another check, another database, another reason to prove who you are before you can enter ordinary life.
This is where the digital ID anxiety comes in. The question people keep asking is: why do I need to prove who I am to use the internet? We already have passports, bank accounts, driving licences, birth certificates, NHS numbers, tax records, child benefit records, mobile phones, GPS trails, online shopping histories, credit checks, school systems, electoral registers and social media profiles. Why is this different?
It is different because identity can become a gateway.
Most of us already prove who we are in particular moments. We show a passport at a border. We use a bank card to pay. We give our National Insurance number to an employer. These are not trivial systems, and they already carry risks, but they are not usually required every time we read, search, comment, watch, learn, flirt, organise, campaign or speak.
Digital identity and age assurance change the shape of access. They can make proof of identity or age part of the everyday architecture of digital life. Done well, that might mean a privacy-preserving check that proves only “over 16” or “over 18” without revealing a name, address, browsing history or account identity. Done badly, it could mean more data trails, more private verification companies, more exclusion, more errors, more suspicion, and a new market in workarounds.
The serious version of the concern is not “the government already has my name, therefore nothing matters.” It is what happens when identity becomes the condition of entry into ordinary life, and when today’s limited purpose becomes tomorrow’s infrastructure.
The Ada Lovelace Institute has argued that digital ID legitimacy in the UK depends not just on technical design, but on public participation, governance, redress and trust-building. People need to know who holds the data, what is logged, what is not logged, how long information is kept, whether it can be reused, how mistakes are challenged, and what non-digital alternatives remain.
Without that, the gap will be filled by suspicion.
And the suspicion is already there. King’s College London found in 2023 that around a third of UK adults said several control-themed conspiracy claims were probably or definitely true, including claims about digital currencies, 15-minute cities, Covid vaccination and the Great Reset. That does not mean a third of the country is lost to conspiracy culture. It means a sizeable minority is willing to interpret public policy through a story of hidden control.
Covid changed the emotional weather. It left grief, gratitude, anger, suspicion, exhausted public servants, frightened families, inconsistent rules, political hypocrisy, WhatsApp rumours, school closures, mandates, exemptions, and a population forced to make intimate decisions under conditions of fear. Some people came out of that period trusting science and public health more. Others came out raw, suspicious, humiliated, or convinced that institutions had lied.
Those reactions are not equal in evidence. Vaccines are not a conspiracy. Covid was real. Public health saved lives. But trust is not rebuilt by telling people they are stupid. It is rebuilt through honesty, competence, humility and visible accountability.
Vaccine uptake shows why this cannot be treated as an online mood with no offline consequences. The UKHSA’s 2025 Health Equity Audit describes immunisation inequity in England as persistent and worsening in important areas, and places vaccine confidence within a wider picture of access, inequality, misinformation, service design and trust. Vaccine hesitancy is not caused by one thing. It is not just Facebook posts or anti-vax influencers. It is also shaped by whether people can access appointments, whether services feel safe, whether institutions have earned confidence, and whether official messages sound like care or command.
The relationship between trust and misinformation is not simple. A 2025 study in Scientific Reports found that both institutional trust and susceptibility to misinformation independently helped explain vaccine scepticism. The strongest predictor was not general trust in government, but specific trust in government around vaccination policy. That distinction is important. People may distrust one part of government while still trusting another; they may trust institutions generally but still be vulnerable to misinformation; and they may reject a policy not because they reject all evidence, but because they do not believe the institution is acting honestly or competently in that specific area.
Public health research also reminds us that distrust is not only an attitude; it is shaped by people’s experiences of systems. A 2024 European Observatory policy brief on health and political participation argues that people in poor health often have negative, stigmatising encounters with health systems, social programmes and public institutions, and that these experiences can undermine trust in government and democracy itself. Some scepticism is healthy in a democracy. But when people no longer expect institutions to meet their needs, mistrust can become disengagement, grievance or support for actors who promise to tear the system down.
Distrust does not stay online. It changes behaviour. It changes whether parents vaccinate children, whether families believe schools, whether people trust doctors, whether communities accept public-health advice, and whether safeguarding professionals are seen as helpers or threats.
The same trust problem runs through online safety. If age assurance is explained badly, people will hear digital ID. If digital ID is explained badly, people will hear surveillance. If surveillance is already what they expect from the state, then a child-protection policy becomes part of a much older story: they are watching us, managing us, narrowing us, using safety as the excuse.
Some of that story is wrong. Some of it is inflated. Some of it slides quickly into fantasy. But there are real questions underneath it. Who verifies age? Is it the platform, the state, a private company, a bank, a facial-estimation tool, a mobile provider? What does the checker see? What does the platform see? Can the same credential be used across services? Is there a log of where it was used? Can it be requested by law enforcement? Can it be hacked? Can it be sold? Can it exclude a child without documents, a young person in care, a family without a stable device, a parent fleeing abuse, someone with low digital confidence?
Those are not fringe questions. They are implementation questions.
The ICO’s Children’s Code is useful here because it frames children’s online protection as something services should build into design, rather than something achieved by simply excluding children from digital life. Ofcom and the ICO have also been clear that age assurance has to sit within data protection law. That means lawfulness, proportionality, data minimisation and children’s rights cannot be treated as technical afterthoughts.
Young people will ask their own version of these questions. Research on Australia’s social media age restrictions found that young people did not simply absorb the rules as passive subjects. They tested them, judged them, discussed their fairness, and learned how systems worked at the edges. The authors describe this as “sneaking”: not just evasion, but a social encounter between children, platforms, regulation and access controls.
That is important because a teenager who feels protected may comply. A teenager who feels patronised may learn the workaround before they learn the reason for the rule.
This is one of the risks in the UK debate. If children hear only “you are banned,” some will interpret the policy as proof that adults do not understand their lives. A young person who uses Instagram to post music, TikTok to perform, YouTube to learn, Snapchat to flirt, or Discord to belong somewhere may not experience the ban as care. They may experience it as disappearance.
The platforms are not safe simply because young people value them. But a policy that cannot name the loss will struggle to be heard as care.
The same is true for Prevent and extremism. If young people already feel watched, controlled or misunderstood, restrictions can be folded into grievance. The narrative writes itself: adults are lying; the government is scared of what young people know; they call it safety because they want obedience.
This is why trust is a safeguarding issue, not a communications problem to tidy up once the policy has been designed. A trusted adult can say: some systems really are designed to pull you in, profile you, sell your attention, expose you to adults, feed you worse material, and keep you there. A distrusted adult says the same sentence and is heard as control.
A trusted system can ask for age assurance and be believed when it says it is minimising data. A distrusted system can offer the same assurance and be heard as a trap. A trusted school can teach media literacy and political literacy. A distrusted school is accused of indoctrination. A trusted safeguarding service can ask about online contact. A distrusted service is seen as surveillance.
Mocking “digital ID panic” will not work. It may feel satisfying. It may even be accurate in some cases. But it does nothing to build legitimacy.
A trustworthy system would start with data minimisation. It would ask only what it needs to know: over 16, not name, address, browsing history or document trail. It would separate age checks from behaviour monitoring. It would make private providers visible and accountable. It would offer routes for people without passports, smartphones, bank accounts or stable paperwork. When the system got something wrong, there would have to be a human way back.
It would also involve the people who have the most reason to understand the risks: young people, parents, youth workers, privacy advocates, safeguarding professionals, neurodivergent children, families under pressure, and communities already carrying distrust of public systems. Government cannot keep treating trust as something to demand after the system has been built.
Trust has to be earned before the system needs it.
The argument about the social media ban is not only an argument about children and platforms. It is an argument about the state, the market, the family and the child’s place between them. For years, parents were told to manage billion-pound platforms with household rules, filters and common sense. Now they are being told the state will step in. Many will welcome that. Many should. But if stepping in means building new identity infrastructure around childhood without public legitimacy, the policy may carry its own harm.
The worst version of the future is not that children are asked to prove their age. It is that everyone learns to distrust the proof. Parents suspect the state. Children evade the system. Platforms outsource liability. Verification companies profit. Bad actors move elsewhere. The language of protection becomes another word people no longer believe.
That future is not inevitable. But it is possible.
Online safety cannot be built only through bans, blocks and checks. It has to be built through legitimate systems, accountable design, trusted relationships and public institutions that can explain what they are doing without treating suspicion as stupidity.
Some fears about digital ID are exaggerated. Some are conspiratorial. Some are being fed by people who know exactly how profitable distrust can be.
But the trust problem itself is real.
And if online safety policy cannot face that honestly, protection will keep sounding like control.
Further reading
UK Government, Social media to be banned for under-16s in landmark government move to give kids their childhood back
BBC News, Search for six-year-old Ebola patient after armed men storm DR Congo hospital
The Guardian, Social media ban: saving kids or punishing them?
The Guardian, We must be alive to the dangers of a UK social media ban – and the way to really help young people
The Guardian, Impact of social media ban for under-16s in UK hinges on how firm it is
The Guardian, UK under-16s social media ban: which apps will be blocked and how will it work?
Roozenbeek et al., Trust in institutions and misinformation susceptibility both independently explain vaccine skepticism, Scientific Reports, 2025
Purnat, Wilhelm, Lihemo and Scales, Trust is a verb: how to reimagine confidence in health systems, Health Promotion International, 2026
Kavanagh and Menon, Health as a driver of political participation and preferences, European Observatory on Health Systems and Policies / WHO Regional Office for Europe, 2024
Ada Lovelace Institute, Building public legitimacy for digital ID in the UK
King’s College London Policy Institute, Conspiracy belief among the UK public
UKHSA, National Immunisation Programme Health Equity Audit 2025
ICO, Age appropriate design: a code of practice for online services
ICO and Ofcom, Joint statement on age assurance
Nansen et al., From Phreaking to Sneaking: Children’s Circumvention of Social Media Age Verification Systems
Mehta et al., Online Safety Regulation Increases Privacy Risk

