It has been a busy week in the UK. Yesterday the Government finally published its “initial response” to the Online Harms consultation. That’s the consultation which was concluded in July last year (admittedly a lot has happened since then e.g. a General Election and leaving the EU). We are promised a full response to the consultation in the “Spring”, which probably means August.
Two Cabinet Ministers signed and launched the initial response document. Today there was a Cabinet Reshuffle and one of them left the Government. Baroness Morgan, who was Secretary of State at DCMS has moved on (this was widely expected, not a shock) to be replaced by Mr Oliver Dowden MP. However, the other signatory, Priti Patel MP from the Home Office, is still there. There is not expected to be any break in continuity of policy. What we saw yesterday is the outline of what we are likely to get.
We also have a brand new Chair of the DCMS Select Committee, the Parliamentary scrutiny body charged with oversight of the DCMS. Julian Knight MP has already been baring his teeth. And he was harrying the Government again today.
What a surprise! There were no surprises
The core idea is to be a newly created duty of care which online businesses will be expected to observe in respect of all their users. There will be a major emphasis on getting businesses to show they have analysed risks and taken appropriate steps to mitigate them. Crucially, businesses will be expected to enforce their own terms and conditions of service.
In the days running up to yesterday I was told explicitly by two different people that one very important idea (age verification for pornography sites) was going to be promoted from being merely “on ice“to being dropped altogether. It hasn’t been. In fact on one reading of yesterday’s text you could argue the Government is taking a more expansive view. How else do you interpret these passages?
“Under our proposals we expect companies to use a proportionate range of tools including age assurance, and age verification technologies to prevent children from accessing age-inappropriate content and to protect them from other harms. This would achieve our objective of protecting children from online pornography, and would also fulfil the aims of the Digital Economy Act.”
” (Our) proposals assume a higher level of protection for children than for the typical adult user, including, where appropriate, measures to prevent children from accessing age-inappropriate or harmful content. This approach will achieve a more consistent and comprehensive approach to harmful content across different sites and go further than the Digital Economy Act’s focus on online pornography on commercial adult sites.” (note the very welcome reference to “harmful” content)
The Regulator, powers and penalties
The body that is going to be charged with overseeing all this is to be Ofcom but beyond that it is still not clear what range of powers it will have at its disposal. The tone of the language and the approach is tough. ISP blocking has not been ruled out, neither have heavy fines, maybe criminal liability. The usual suspects are already bridling.
The main focus of the Regulator’s remit is clearly going to be social media services but several of the items mentioned in the response go way beyond social media sites. We are going to need some closer delineation of boundaries.
Interim codes of practice
The government said it
“expects companies to take action now to tackle harmful content or activity on their services. For those harms where there is a risk to national security or to the safety of children, the government is working with law enforcement and other relevant bodies to produce interim codes of practice.
The interim codes of practice will provide guidance to companies on how to tackle online terrorist and Child Sexual Exploitation and Abuse (CSEA) content and activity. The codes will be voluntary but are intended to bridge the gap until the regulator becomes operational, given the seriousness of these harms. We are continuing to engage with key stakeholders in the development of the codes to ensure that they are effective. We will publish these interim codes of practice in the coming months.”
No mention was made of the interplay of all these matters with the AVMSD which is also overseen by Ofcom, and the data privacy laws, which are overseen by the ICO . Both are highly relevant to the emerging landscape. And one wonders where the work of the Centre for Data Ethics and Innovation will fit in.
Time is not on our side
Having opened this blog with The Beatles, I will close with The Rolling Stones (sort of). Time is definitely not on our side. I have heard some appalling estimates of likely timescales for getting the Ofcom show on the road although, apparently, it is once again being suggested that at least the measures directed at pornography sites could come on stream sooner. In which case we can all be thankful for small mercies.
Watch this space.