The rapid advancement of digital technologies has transformed how people interact with each other, develop their businesses and spend their free time. Whilst digital advancements have facilitated innovation and growth, they have also exposed people to harm. This series of briefings will consider:-

  1. the new regulatory framework requiring businesses to protect their users against online harms (Part 1);
  2. what you can do if your private and / or confidential information is shared online without your consent (Part 2); and
  3. what you can do if you are being harassed online (Part 3).

If you would like further information or advice on anything discussed in these briefings, please contact Cheryl Gayer.

New regulatory framework imposing a duty of care on businesses to protect their users against online harms: what could this mean for you?

Online bullying and harassment has become an increasing problem and its damaging effect on mental health is widely publicised. Some businesses have been criticised for not having clear and effective processes for website users to report complaints and obtain redress. The government launched a consultation in April 2019 on a new regulatory framework designed to tackle online harms. In its initial response published on 12 February 2020, the UK government confirmed that it intends to appoint Ofcom to regulate online harms and provided some clarification about its plans.

Here is a summary of what the new regulatory framework entails and how businesses could be affected:

  • What is Ofcom?

Ofcom currently regulates communications services such as TV, radio, telecoms, broadband and postal services. Ofcom aims to ensure that businesses in the communications sector offer high quality services and that their consumers are protected from unfair treatment and privacy invasion.

  • Which businesses will be affected by the new regulatory framework?

Businesses whose websites facilitate the sharing of user-generated content will fall within the scope of the new regulatory framework. User-generated content includes comments, photos, videos, blogs and reviews. Whilst the government’s initial response estimates that less than 5% of businesses in the UK will be affected, it is unclear at this stage how many businesses will be affected. It is certainly notable that it is becoming more common for businesses to facilitate user-generated content as a means of marketing their brand.

  • What is the new duty of care on businesses?

Businesses that facilitate user-generated content on their websites will be under a duty to take responsibility for the safety of their users. Businesses in scope will need to have effective and accessible reporting mechanisms for users to raise concerns about harmful content and activity, to request the removal of harmful content and to appeal against content removal.

  • What is the differentiated approach between illegal content and harmful content?

Businesses in scope will need to have effective systems in place to minimise the risk of illegal content being generated on their websites and to remove any illegal content expeditiously. If the content is harmful but legal, businesses in scope will not be compelled to remove it but they will be required to explicitly state what content and behaviour they deem to be acceptable and to enforce those standards consistently and transparently. Harmful online content may include bullying, harassment and intimidation in public life.

  • How will the regulator oversee compliance with the duty of care?

Businesses in scope will be required to issue annual transparency reports to the regulator outlining the prevalence of harmful content on their platforms and what measures they have taken to address them. The regulator will publish these reports online and the regulator can require businesses to disclose additional information to inform its oversight or enforcement activity.

  • What sanctions could businesses face for non-compliance?

According to the government’s initial response, the regulator will have an escalating range of powers to take enforcement action against non-compliant businesses. These range from issuing notices and warnings to imposing fines and sanctioning business disruption measures and Internet Service Provider blocking. The government is also considering implementing a regime to hold senior management personally liable for non-compliance.

The government is expected to release more detailed proposals on the online harms regulation in the spring as well as codes of conduct offering guidance to businesses as to how to comply with it.