UK government publishes draft Online Safety Bill
How could the Online Safety Bill (the Bill) affect online companies, in particular ‘big tech’?
The key takeaway
The Bill sets out the proposed framework for the first regulatory regime specifically targeted at online tech firms in the UK and the provision of online services.
The UK government has recently published a draft of the Bill, which is set to impose a duty of care on certain online service providers to take responsibility for the safety of their users in the UK. The Bill also appoints Ofcom as the regulator for this new duty of care.
The Bill aims to tackle illegal and harmful content, including racism, fraud (such as romance scams and fake investment opportunities), as well as illegal terrorist and CSEA content, while attempting to not curtail freedom of expression.
The Bill gives Ofcom the power to oversee and enforce the legislative framework and requires Ofcom to prepare Codes of Practice to assist service providers in complying with their duties of care. It also extends Ofcom’s general duties under s. 3 of the Communications Act 2003 to online safety matters and expands Ofcom’s existing duties in relation to the promotion of the media literacy of members of the public. It also gives Ofcom the power to require the production of information by service providers and to investigate compliance with the Bill where needed.
The Bill extends and applies to the whole of the UK, but also has extraterritorial application to services based outside the UK where users in the UK are affected. However, the duties of care only apply to the design and operation of the service in the UK and to users in the UK. These duties of care will apply to providers of services that allow users to upload and share user-generated content (user-to-user services) and search services. There are, however, exemptions. These relate to services meeting certain conditions (eg internal company message boards and news publishers’ websites).
Companies within the scope of the Bill will also have to provide mechanisms to allow users to report harmful content or activity and to appeal against the takedown of content. Certain companies, as dictated by Ofcom, will also need to publish transparency reports setting out what they are doing to tackle online harms. These reports will then be published on the Ofcom website.
Why is this important?
A wide range of businesses potentially fall within the scope of “user-to-user services” covered by the Bill, ranging from the social media ‘tech giants’ to smaller review websites, independent forums and online marketplaces. Many will therefore have to prepare for the passing of the Bill in order to be compliant from day one.
Penalties for non-compliance can be steep and go beyond even those under the GDPR. Ofcom will be able to issue fines of £18m or 10% of qualifying worldwide revenue, whichever is higher. It will also be able to take enforcement action, which may include business disruption measures in relation to ancillary services. Senior managers of companies could also be liable for criminal sanctions if they fail to comply with Ofcom’s information requests.
Any practical tips?
Providers of user-to-user services and search engines will need to carefully consider whether they fall within scope of the Bill and to review the codes of practice (to be issued by Ofcom in the near future). The risks of non-compliance are just too great, being some of the largest fines in regulatory history.