September 19, 2023

It’s (nearly) here: a short guide to the Online Safety Act

by Professor Lorna Woods, Professor of Internet Law, University of Essex; William Perrin, Trustee, Carnegie UK; Maeve Walsh, Carnegie Associate

The Online Safety Bill reaches the end of the Parliamentary road today when the House of Lords meet to complete “ping pong” and approve the final version of the Bill. This short blog post sets out how it got here and what it will do.

Six years after the Government made policy commitments to improve Internet Safety in a Green Paper – and via successive White Papers, consultations, draft Bills, multiple Parliamentary Committee inquiries, debates, detailed scrutiny, and eight (yes, eight) Secretaries of State – all that stands in the way of it becoming law is Royal Assent. At that point, the real work begins – for OFCOM (who will receive many of their powers as soon as Royal Assent comes into effect) and for the companies it will now regulate.

But what difference will it make? The Bill is complex and its evolution has been nothing if not contentious. Sound, fury and intense tech industry lobbying in recent months on specific issues has threatened to mask the fundamentals of the Bill. The noise has also detracted from that rarest of things: broad consensus across all parties in Parliament that this regime is necessary, long-overdue and should now be implemented swiftly. Parliamentary debates – particularly in the Lords – have been unfashionably constructive and collaborative. Belatedly, the Government has responded in kind – ditching what had become an ingrained habit to resist “not-invented-here” amendments by accepting a series of important concessions. The Bill is better for it.

We have been writing for half a decade about where the Bill could be improved and what gaps could be filled. Much of our analysis and work with civil society colleagues has led to changes – for example on fraud and scam adverts, VAWG, getting the list of harms to children on the face of the Bill, categorisation, user empowerment and reining in Secretary of State powers. We would have liked to seen more improvements. But now is the time to focus on the future: what the Online Safety Act will do, how it will change companies’ behaviours and what difference it will make for users.

The Online Safety Act: a 12-point guide to what it will do

  • Ends the era of self-regulation – companies can no longer choose what to do and mark their own homework.
  • Puts a powerful, independent regulator (OFCOM) in charge of overseeing a risk management regime of all social media, with bigger or riskier companies having greater responsibilities.
  • Requires companies to understand the risks presented by the design and functionality of their service – both in spreading harmful content, and the design itself – and mitigate the most serious: they can no longer live in denial or pretend everything is fine.
  • Hands strong powers to OFCOM to get to the truth of what is happening on services and improves transparency for users – no more dissembling and distraction.
  • Introduces a powerful punishment and sanctions regime that bites unambiguously on companies whose social media is used in the UK no matter where they are in the world.
  • Holds companies to account if they do not prevent the most harmful content from reaching people, including:
    • child abuse and terrorism content
    • fraudulent or harmful adverts;
    • illegal content, including animal cruelty; and
    • for children, pornography
  • Introduces new criminal offences, including to prevent the encouragement of facilitation of self-harm, intimate image abuse, cyberflashing and epilepsy trolling.
  • Creates strong protections for children from predatory adults, harmful content and badly designed services that set out to manipulate or exploit them; and prevents children from accessing services that are not designed for them.
  • Gives bereaved parents the right to access their child’s data should a tragedy occur.
  • Delivers greater protections for women and girls, who are disproportionately affected by harms online, through new criminal offences and OFCOM guidance to services.
  • Empowers users to opt out of the some of the most harmful material on the largest or riskiest platforms including from anonymous accounts.
  • Protects freedom of speech and privacy.

There are still gaps which may well be closed by successive governments. Others, such as researcher access to data, may find their way into another legislative vehicle sooner.

So, this is by no means the end of the story (at times, more akin to a saga) on online safety regulation: technology evolves and harms will continue to emerge. But, having sketched out the outline for this approach way back in 2018 – around the time that the Government were also turning their attention to the need for regulation – we believe this is a moment to celebrate, for us and all those involved along the way: officials in DCMS and DSIT, and also HO and MoJ; MPs, Peers and their staffers; civil society campaigners; academics; supportive journalists; and yes, even those eight Secretaries of State and their Ministerial teams. We hope we speak for all of them in wishing OFCOM well as they pick up the pen to write the next – more detailed – chapter in the story.