Time for tech firms to stop marking their own homework? An analysis of the Online Safety Bill from BPE Solicitors

Published by

Kirsty Muir

Christine Jackson, Partner in BPE’s Technology Team, examines the Online Safety Bill, proposed legislation introducing new obligations on tech firms and their managers, as well as new powers for Ofcom, as the designated online safety regulator.

On 17 March 2022, the UK government introduced the Online Safety Bill to Parliament. According to Digital Secretary Nadine Dorries, the impetus behind the bill was to ‘buckle our seat belts’ for the digital age, to protect society from online harms, as we would protect society from harms in ‘real’ life.

To do this, the Online Safety Bill proposes new legal requirements on tech firms who are ‘in scope’. These are firms who provide:

User-to-user services (e.g., where users can access content posted by other users);
Search services (e.g., search/database engines); and
Internet services where pornographic content is shown.

The legislation is intended to be extra-territorial, applying to tech firms within scope who have a significant number of users in the UK, or provide services capable of being used by individuals in the UK and have a material risk of significantly harming individuals in the UK.

Given the substantial press scrutiny on the Bill and its potential impact on freedom of expression, the Government have unsurprisingly decided to exclude news content providers from any regulation under the Bill.

There are new requirements proposed for firms who are in scope, including the requirement to assess risks of harm to users, manage and mitigate such risks (with specific provisions on content accessed and is deemed harmful to children), establish an effective reporting and complaints procedure for users, protect users’ freedom of expression and right to privacy, and reporting detected child sexual exploitation and abuse content to the National Crime Agency.

Additionally, tech firms reaching the largest audiences and deemed particularly high risk by the Government (called ‘category one’ firms), will be subject to additional obligations, including:

effectively enforcing policies on ‘legal but harmful’ content,
publicly stating how they have protected users’ rights to freedom of expression and right to privacy, and
creating systems to prevent users from accessing fraudulent adverts.

There are additionally new criminal offences being introduced with maximum sentences varying from 2 to 5 years including, and in relation to, threatening or harmful communications (to target online ‘trolls’), incitement and threats of violence, hate crime, ‘cyberflashing’, and encouraging or assisting suicide.

How will tech firms be policed? Ofcom, the designated online safety regulator, will have powers to issue turnover-based fines (up to either £18 million or 10% of worldwide turnover, whichever is higher), compel tech firms to provide certain information, and instigate criminal proceedings against non-compliant tech firms and their managers/employees.

What does this mean for you or your business?

Currently, the proposed law is in Bill form and is subject to scrutiny from both Houses of Parliament, with many questions left to be answered. For instance, what is ‘legal but harmful’ content? How will tech firms know when the obligation to ensure children do not encounter certain types of content kick-in, especially on shared devices?

Debate on the Bill is fierce from both sides, with freedom of expression campaigners arguing the Bill curbs fundamental rights, while online safety campaigners argue the Bill does not go far enough. It is possible that the final outcome of the legislation is a watered down compromise, satisfying neither groups. We do not anticipate the Bill will be expedited or quickly passed through.

However, one thing is clear. The era of tech firms marking their own homework is coming to an end, and all firms operating in the digital sphere will need to scan the horizon to ensure they are future proof. BPE’s Tech Division are well placed to assist you with navigating the minefield ahead.

If you have any questions regarding technology regulation or technology law generally, please contact Christine Jackson at christine.jackson@bpe.co.uk or call 01242 248449 to support you through your queries.