July 17, 2023

Enabling better coordination between regulators in the Online Safety Bill

by Professor Lorna Woods, Professor of Internet Law, University of Essex; William Perrin, Trustee, Carnegie UK; Maeve Walsh, Carnegie Associate

The third blog in our series coinciding with the Online Safety Bill’s Lords Report Stage covers the ongoing need for improved regulatory coordination to ensure a robust regulatory regime.

Regulatory coordination has been a key part of our arguments for robust online regulation, even prior to the introduction of the Online Safety Bill to Parliament; see our proposal in 2020 for a system of regulatory interlock in response to the Online Harms White Paper.

Given the longevity of our work on regulatory coordination, as the Bill reaches its final stages in the Lords, we remain concerned that it doesn’t go far enough on this matter.

The OSB sets out a requirement for OFCOM to cooperate with overseas regulators (cl 104) but says nothing about domestic regulators. The Communications Act 2003 identifies the UK regulators with which OFCOM can share information with the result that if the other regulator is not on the list, OFCOM cannot share information (excluding the ICO for instance).  This leads to three problems:

  1. The regulators with which OFCOM can cooperate and share information
  2. The extent and nature of that cooperation; and
  3. The mechanism by which OFCOM is empowered to cooperate.

This last point is about process: is it better to list the regulators or to give a general power to cooperate. While the former gives certainty, it runs the risk of regulators being overlooked, or the powers needing to be updated more generally.

While the relationship established through the Digital Regulation Cooperation Forum (OFCOM/CMA/ICO/FCA) (DRCF) is well known, and OFCOM already has working relationships with the ASA and Internet Watch Foundation and others, the basis on which these working relationships happen is not always clear, and nor necessarily is the extent to which the regulators may cooperate. Are we looking at the exchange of best practice; the sharing of information on individual files, or the possibility of joint operations, for example? The DRCF itself has noted some of these issues.

The OSB should extend co-operation and information sharing in respect of online safety to include regulators overseeing the offences in Schedule 7 and the primary priority and priority harms to children. This would allow OFCOM to bring the immense skills of other regulators into its own work and ensure that the online safety regime is as effective as possible. [1] Elsewhere in regulation we note that the Financial Conduct Authority has a general duty to cooperate, so such a duty is possible. We also note that the external cooperation duty in Cl 104 is general in nature.

This issue has been raised throughout the Bill’s passage through the House of Lords. At Second Reading, both Baroness Harding and the Bishop of Manchester expressed their support for an amendment to make domestic regulatory coordination more robust. This was followed by amendment 201, put down by Lord Clement-Jones at Committee Stage, to insert a new clause to enable cooperation between domestic regulators. Nonetheless, during Committee debate the Government dismissed the amendment, suggesting the issues were already covered.

Carnegie UK disagrees. Without such an amendment, regulators will not be empowered (or compelled) to share their learning and evidence with other regulators potentially dealing with the same issues/harms from the same technology in a different sector. It is also not future proof, as new issues potentially falling into other regulated sectors arise.

The requirement for this is even more striking given the Government’s expectation in the AI White Paper of coordination and cooperation between sectoral regulators with an expectation that “existing regulatory forums may need to be supplemented or adapted to successfully implement the cross-cutting principles”. Amending the
OSB will provide a much-needed piece of the regulatory jigsaw in advance of further AI developments.

We therefore support Lord Clement-Jones who has re-tabled his Committee stage amendment for Report stage (amendment 253).

[1] The ICO has been named as a consultee when drawing up codes of practice and various items of guidance (clauses 36, 47, 58, 69, 73, 90, 116, 140 and 148); and the Government has amended the Bill at Committee stage to name the Children’s Commissioner, Victims’ Commissioner and Domestic Abuse Commissioner as statutory consultees on codes of practice (clause 36).