The new Digital Regulatory Co-operation Forum (DRCF) – made up of Ofcom, the Information Commissioner’s Office, the Competition and Markets Authority and, from April 2021, the Financial Conduct Authority – has recently published its first Annual Programme of Work. This blog post is an abridged version of our response to their call for feedback on the plan.
We welcome its formation and the formalisation of its role and its work, which brings a welcome degree of coherence and strategic co-ordination to those bodies responsible for the broad, overlapping and expanding areas of digital regulation in the UK. Carnegie UK Trust has worked very constructively with officials from all three organisations on the development of our proposals to date [1] and we look forward to establishing a similarly constructive relationship with the DRCF as it proceeds with its important work.
The establishment of the DRCF confirms the growing priority and expanding scale of the challenge for the Government and its regulatory bodies in addressing the impact of digital technology on all our lives.
The broad strategic priorities for the DRCF’s first year are broadly correct and a period of (A) “horizon scanning” as well as (B) analysis of where existing regulatory responsibilities and emerging regimes will need co-ordination is sensible. We welcome the fact that the latter priority area will include consideration of how “planned new regimes for online regulation may interact with wider existing regulation such as financial regulation, intellectual property rights and content regulation (including advertising content regulated by the ASA) and also that the DRCF is “considering a range of ideas about statutory support for co-operation and changes to our information sharing arrangements”. We look forward to seeing and commenting on the published evidence on this work.
However, a mechanism for joining up through a forum such as this is not – in and of itself – enough to address the harms that can emerge to users and consumers in the gaps between existing regulation. The overarching legislative and regulatory landscape needs to be designed in a coherent way too, with the powers it confers on the regulatory bodies within it also aligned and mutually reinforcing.
We believe there is an opportunity to make this work better in relation to Online Harms and would urge the DRCF members to focus early work on this aspect so that the UK Government’s Online Safety Bill is designed to be as effective as it can be upon introduction. We explained more on these proposals – which we call a system of “regulatory interlock” – in our blog from September last year.
With regard to the four areas of joint strategic work identified in the work plan (design frameworks, algorithmic processing, digital advertising technologies and end-to-end encryption) and the three areas relating to better joint working (data protection, the Age-Appropriate Design Code and VSP regulation, interactions in the wider digital landscape), we look forward to seeing the emerging thinking from the DRCF.
The scope of online harms
Our work has focused on a systemic approach to Online Harms and, in particular, the development of a statutory duty of care for online harm reduction, enforced by an independent regulator. We welcome the long-delayed confirmation, in the UK Government’s full response to the Online Harms consultation in December 2020, that Ofcom will be the lead regulator for Online Safety. We also welcomed the commitment that, in addition to the co-ordination and collaboration work via the DRCF: “Ofcom will have the power to co-designate other bodies to deliver aspects of the regulatory framework to make use of the significant expertise that sits outside Ofcom. The government will work with Ofcom to understand where this may be effective and beneficial to delivering the regulatory framework.” (para 3.29)
This does not in itself provide the necessary breadth of regulatory scope that, we feel, Ofcom needs if it is to address robustly the spectrum of harms that arise online. The scope of harm needs to be defined in the Online Safety Bill. At present, however there are two large areas of omission. The first of these are financial and consumer harms, are which the Government has “determined will be most effectively tackled by other mechanism and as such the legislation will not require companies to tackle online fraud. The second is misinformation and disinformation, except where this causes individual harm to a user, rather than societal harms such as undermining democracy or public confidence in vaccinations.
On disinformation, the DRCF’s annual work programme itself flags this as an area of concern: “increased access to a wide range of online content has many benefits, but it can also support the spread of disinformation and misinformation”. Yet, as things stand, that will not be within the remit any of the DRCF’s members can address.
On financial and consumer harm, the FCA (who will join the DRF from April 2021), have themselves called for an expansion of scope of the Online Safety Bill to be extended to address the scale of investment fraud that they are now seeing. This echoes similar calls from City of London Police and the National Centre for Economic Crime (part of the National Crime Agency) and a wide variety of consumer groups for online scams to be including in scope too. For example, in evidence to the Work and Pensions Select Committee in January 2021, Mark Seward (Executive Director of Enforcement and Market Oversight at the FCA )and Graham Biggar (Director General, NECC) said the following:
Mark Steward: Given the numbers that we have talked about this morning, we certainly see a good case for investment fraud to be included [in the Bill] as an online harm, given the scale of harm that investment fraud causes to consumers, leaving aside the existential harm that pension scams cause to consumers who need that money for their retirement.
Graeme Biggar: … I wholeheartedly support what Mark said and will broaden it slightly. I think it is the view of all the operational partners involved that the online world is an increasing vector for fraud. … It is not just investment fraud, but you see it in online shopping, romance fraud, across the board. … We all see this as a big problem, we all think that the online world needs to do more about it, and we all think that some form of regulation is necessary. The online harms Bill at the moment is a missed opportunity in that regard.[2]
Increasing evidence is being collected by the likes of Which?, the Money and Mental Health Policy Institute, UK Finance and PIMFA of the scale of financial harm online and the impact it has on consumers. But, with the best will in the world, neither the DRCF’s co-ordination mechanism nor Ofcom’s “co-designation” powers will help reduce the impact on individuals, nor assist the wide array of regulatory and enforcement bodies trying to tackle it, without that harm being designed into the Online Safety legislation from the outset.
The fact that the FCA is joining the DRCF from April 2021 is a significant move and reflects the increasingly online nature of consumer-to-business activity in financial markets and the resulting risks of harm that are emerging. But, again, without addressing the remit of the DRCF’s members to work directly with Ofcom to support its work on Online Harms, the impact of this in relation to (for example), consumer harms and fraud will be minimal.
We would therefore advise the DRCF – as it sets up its working arrangements for the years ahead – to think about how concerns in the areas that we have flagged above (when exacerbated by online regimes or data-driven incentives) flow over to the DRCF from other sector-specific regulators in the absence of a regulatory mechanism for this to do so.
[1] All our work, including submissions to Parliamentary select committees and government consultations, and blog posts on particular themes can be found here: https://www.carnegieuktrust.org.uk/project/harm-reduction-in-social-media/?blog=view
[2] https://committees.parliament.uk/oralevidence/1470/html/