To say that we live in a society that relies heavily on the Internet is a huge understatement.

Digital platforms and online communication have become an integral part of our everyday life.

According to recently-released statistics the average person spends a staggering 6 hours and 42 minutes online daily.

The pros and cons of online communication

An online presence can afford anonymity to users, while also allowing everyone to reach out with their message and agenda to a much greater number of people than ever before in our history.

The abuse of this power was only a matter of time – the avalanche of claims regarding spread of misinformation, “fake news” and distribution of straight illegal content online shows that the instant connection of people comes at a price.

While for many of us this has long been a part of daily routine, governments across the world have only started looking at this issue relatively recently.

There has been a surge in articles about tighter regulations popping up across the news media. One of the recent legal developments in the UK relates to the ongoing discussion of the UK Online Safety Bill.

The foundation of this new regulation was laid in the Online Harms White Paper the UK Government published in April 2019.

Following more than a year-and-a-half of consultation with various stakeholders across society, the UK Government made public a full response outlining its vision for addressing harmful content online on 15 December 2020.

The text of the bill is expected to become public during the course of 2021 and the new legislation is anticipated to come in force later in the year or early 2022, so now is the time to start getting prepared.

Tackling online abuse via the law

The key feature of the new legislation is that it seeks to introduce a “duty of care” for companies:

• whose services host user-generated content accessed by users in the UK; or
• that facilitate public or private online interaction between services users (at least one of whom is in the UK).

The scope of application is intended to be very wide.

The online safety “duty of care” rules are intended to cover not just social media giants like Facebook but a wide range of internet services — from dating apps and search engines to online marketplaces, video sharing platforms and instant messaging tools, as well as consumer cloud storage and even video games that allow relevant user interaction.

Only a handful of online services are excluded from the scope: internet service providers, advertisements placed via direct contract between an advertiser and an advertising service, B2B and email services, and content published by a news publisher on its own website.

At the heart of the “duty of care” lies requirement for service providers to improve the safety of their users online. The ultimate intention of the Government is to increase the accountability of online platforms and service providers for monitoring and handling content that might be harmful for the users.

The legislation will make a distinction between Category 1 services (those that are described as “high reach, high risk” and therefore would attract greater scrutiny and more obligations under the legislation) and Category 2 services.

Both Category 1 and Category 2 companies will be required to take action regarding illegal content, assess the likelihood of children accessing services, and provide mechanisms that would allow users to report harmful content.

At the same time, in order to ensure that individual rights are protected, users should be given right to appeal a take-down.

Only Category 1 companies will be required to:

• take action with regards to legal but harmful content accessed by adults;
• assess reasonable risk of causing significant physical or psychological harm to adults;
• make clear what type of legal but harmful content is allowed at their platforms;
• publish transparency reports periodically.

Ofcom was confirmed to be a regulator with the power to enforce the legislation, impose fines and even come up with specific requirements and codes of conduct that would shape the scope of legislation (such as actual parameters that define Category 1 as opposed to Category 2 companies).

Criticism and commentary – will new laws work?

Although the final text of the legislation is far from being agreed and made public, the proposed changes have provoked a wave of heated discussion and speculation among users, scholars and practitioners.

The immediate criticism arose concerning the vagueness of a number of definitions crucial for the operation of the legislation, and the impact these new rules might have on the privacy and basic rights of individuals.

It is argued that the increased burden on service providers will encourage them to abandon end-to-end encryption - a privacy feature of certain online communications whereby only the sender and an end-receiver of the message can have access to the contents of this message.

The official record of the Parliament debate on the Online Harms Consultation shows that encryption was considered by MPs, and it was confirmed that “duty of care will apply even when communications are end-to-end encrypted” and that “encryption cannot serve as a protection blanket for criminals”.

At the same time, the official response by the Government is that users’ privacy is recognised as an important factor and the Government will ensure that new rules will be subject to stringent legal safeguards to protect users’ rights.

Another point raised by critics related to the fact that “harmful content” itself is unlikely to be properly defined and instead Ministers, rather than the Parliament, will have a great degree of control in determining what can be classified as “harmful”.

This might be particularly controversial in the case of obligations that are imposed on Category 1 companies to address “legal but harmful” content that might affect adults. It is argued therefore that freedom of expression and freedom of speech might be prejudiced by such development.

While publications posted by news media on their own websites are exempt from the application of the legislation, the status of these publications when shared externally via social networks is less clear.

Lastly, commentators question the adequacy of some enforcement procedures that will be granted to Ofcom under the act.

One of the powers of Ofcom will be to block non-compliant services in the UK – a measure that, as argued, is of limited use as the general public becomes more and more adept at using remote VPN software tools to get around geographical restrictions.

How will the new online regulation impact businesses?

It is important to remember a few crucial points.

Firstly, this legislation should not be looked at in isolation.

The UK is just one example of ongoing regulatory trends worldwide, with many countries seeking to govern online activities more strictly.

A number of pre- and post-Brexit EU Directives and legislations (such as P2B Regulation, AVMS Directive and the in-the-progress Digital Service Act which promises to completely overhaul EU regulation framework of the digital society) all serve as further testimony of the growing complexity of the legal regime.

Secondly, the final text of the UK legislation is far from being agreed and it is too early to judge the impact that legislation would have on online services. The Government has indicated in the Response that the vast majority of businesses and services in the UK will fall within Category 2 services, where slightly less strict obligations will apply.

With all the uncertainty that surrounds this new ground-breaking legislation, the one thing that is crystal clear is that this new law will spark more fierce public discussion on the balance of privacy and protection of fundamental freedoms against increasing need for security online.

If you would like advice on how your organisation can adapt to these fast-moving online changes please get in touch with our expert Tech and Commercial team.

Related News, Insights & Events