Across the digital economy, more of everyday life now takes place online. With that shift, online risks increasingly translate into offline harms — fraud, abuse, and threats to physical safety — and these harms often fall hardest on those already most exposed communities.
To address these risks, organisations are turning to data-driven and biometric tools such as liveness checks, age assurance, and identity verification. Used proportionately, these tools can offer more reliable protection than knowledge- or document-based alternatives. Yet in the EU and UK, uncertainty over how the law applies, and the limited grounds available for private-sector safety processing, can leave organisations unsure whether they may deploy such safeguards, and many default to less effective methods as a result.
Within this context, we have published Designing for Safety: Addressing Real-World Risks in Data-Driven Environments.
The paper reflects key insights from a high-level roundtable with organisations and regulatory leaders. It offers practical, forward-looking recommendations: context-driven interpretations of GDPR legal bases; integrated risk assessments that weigh the risks of inaction alongside those of processing; “by design” technical standards; and stronger cross-regulatory coordination.
This is not a choice between privacy and safety. As this paper sets out, privacy, safety, and security are complementary objectives, each grounded in fundamental rights and best advanced together, through a contextual, risk-based lens.