Act of Parliament | |
Long title | An Act to make provision for and in connection with the regulation by OFCOM of certain internet services; for and in connection with communications offences; and for connected purposes. |
---|---|
Citation | 2023 c. 50 |
Introduced by | Michelle Donelan, Secretary of State for Science, Innovation and Technology (Commons) The Lord Parkinson of Whitley Bay, Parliamentary Under-Secretary of State for Arts and Heritage (Lords) |
Territorial extent |
|
Dates | |
Royal assent | 26 October 2023 |
Commencement | On royal assent and by regulations. |
Status: Current legislation | |
History of passage through Parliament | |
Text of statute as originally enacted | |
Text of the Online Safety Act 2023 as in force today (including any amendments) within the United Kingdom, from legislation.gov.uk. |
The Online Safety Act 2023 [1] [2] [3] (c. 50) is an act of the Parliament of the United Kingdom to regulate online speech and media. It passed on 26 October 2023 and gives the relevant Secretary of State the power, subject to parliamentary approval, to designate and suppress or record a wide range of speech and media deemed "harmful". [4] [5]
The act requires platforms, including end-to-end encrypted messengers, to scan for child pornography, despite warnings from experts that it is not possible to implement such a scanning mechanism without undermining users' privacy. [6]
The act creates a new duty of care of online platforms, requiring them to take action against illegal, or legal but "harmful", content from their users. Platforms failing this duty would be liable to fines of up to £18 million or 10% of their annual turnover, whichever is higher. It also empowers Ofcom to block access to particular websites. It obliges large social media platforms not to remove, and to preserve access to, journalistic or "democratically important" content such as user comments on political parties and issues.
The bill that became the act was criticised for its proposals to restrain the publication of "lawful but harmful" speech, effectively creating a new form of censorship of otherwise legal speech. [7] [8] [9] As a result, in November 2022, measures that were intended to force big technology platforms to take down "legal but harmful" materials were removed from the bill. Instead, tech platforms are obliged to introduce systems that will allow users to better filter out the "harmful" content they do not want to see. [10] [11]
The act grants significant powers to the secretary of state to direct Ofcom, the media regulator, on the exercise of its functions, which includes the power to direct Ofcom as to the content of codes of practice.[ vague ] This has raised concerns about the government's intrusion in the regulation of speech with unconstrained emergency-like powers that could undermine Ofcom's authority and independence.
Within the scope of the act is any "user-to-user service". This is defined as an Internet service by means of which content that is generated by a user of the service, or uploaded to or shared on the service by a user of the service, may be read, viewed, heard or otherwise experienced ("encountered") by another user, or other users. Content includes written material or messages, oral communications, photographs, videos, visual images, music and data of any description. [12]
The duty of care applies globally to services with a significant number of United Kingdom users, or which target UK users, or those which are capable of being used in the United Kingdom where there are reasonable grounds to believe that there is a material risk of significant harm. [12]
The idea of a duty of care for Internet intermediaries was first proposed in Thompson (2016) [13] and made popular in the UK by the work of Woods and Perrin (2019). [14]
The duty of care in the act refers to a number of specific duties to all services within scope: [12]
For services 'likely to be accessed by children', adopting the same scope as the Age Appropriate Design Code, two additional duties are imposed: [12]
For category 1 services, which will be defined in secondary legislation but are limited to the largest global platforms, there are four further new duties: [12]
This would empower Ofcom, the national communications regulator, to block access to particular user-to-user services or search engines from the United Kingdom, [15] [16] [17] including through interventions by internet access providers and app stores. The regulator will also be able to impose, through "service restriction orders", requirements on ancillary services which facilitate the provision of the regulated services.
The act lists in section 92 as examples (i) services which enable funds to be transferred, (ii) search engines which generate search results displaying or promoting content and (iii) services which facilitate the display of advertising on a regulated service (for example, an ad server or an ad network). Ofcom must apply to a court for both Access Restriction and Service Restriction Orders. [12] Section 44 of the act also gives the Secretary of State the power to direct Ofcom to modify a draft code of practice for online safety if deemed necessary for reasons of public policy, national security or public safety. Ofcom must comply with the direction and submit a revised draft to the Secretary of State. The Secretary of State may give Ofcom further directions to modify the draft, and once satisfied, must lay the modified draft before Parliament. Additionally, the Secretary of State can remove or obscure information before laying the review statement before Parliament. [18]
The act has provisions to impose legal requirements ensuring that content removals do not arbitrarily remove or infringe access to what it defines as journalistic content. [15] Large social networks would be required to protect "democratically important" content, such as user-submitted posts supporting or opposing particular political parties or policies. [19] The government stated that news publishers' own websites, as well as reader comments on such websites, are not within the intended scope of the law. [15] [17]
Section 212 of the act repeals part 3 of the Digital Economy Act 2017, which demands mandatory age verification to access online pornography but was subsequently not enforced by the government. [20] The act will include within scope any pornographic site which has functionality to allow for user-to-user services, but those which do not have this functionality, or choose to remove it, would not be in scope based on the draft published by the government. [12]
Addressing the House of Commons DCMS Select Committee, the Secretary of State, Oliver Dowden, confirmed he would be happy to consider a proposal during pre-legislative scrutiny of the act by a joint committee of both Houses of Parliament to extend the scope of the act to all commercial pornographic websites. [21] According to the government, the act addresses the major concern expressed by campaigners such as the Open Rights Group [22] about the risk to user privacy with the Digital Economy Act 2017's [23] requirement for age verification by creating, on services within scope of the legislation, "A duty to have regard to the importance of... protecting users from unwarranted infringements of privacy, when deciding on, and implementing, safety policies and procedures." [12]
In February 2022 the Digital Economy Minister, Chris Philp, announced that the act would be amended to bring commercial pornographic websites within its scope. [24]
The Act adds two new offences to the Sexual Offences Act 2003: sending images of a person's genitals (cyberflashing), [25] or sharing or threatening to share intimate images. [26]
The draft bill was given pre-legislative scrutiny by a joint committee of Members of the House of Commons and peers from the House of Lords. The Opposition Spokesperson, Lord Ponsonby of Shulbrede, in the House of Lords said, "My understanding is that we now have a timeline for the online harms Bill, with pre-legislative scrutiny expected immediately after the Queen’s Speech—before the Summer Recess—and that Second Reading would be expected after the Summer Recess." [27] But the Minister replying refused to pre-empt the Queen's Speech by confirming this.
In early February 2022, ministers planned to add to their existing proposal several criminal offences against those who send death threats online or deliberately share dangerous disinformation about fake cures for COVID-19. Other new offences, such as revenge porn, posts advertising people-smuggling, and messages encouraging people to commit suicide, would fall under the responsibilities of online platforms like Facebook and Twitter to tackle. [28]
In September 2023, during the third reading in the Lords, Lord Parkinson presented a ministerial statement from the government claiming the controversial powers allowing Ofcom to break end-to-end encryption would not be used immediately. [6] Despite the government's claim the powers will not be used, the provisions pertaining to end-to-end encryption weakening were not removed from the act and Ofcom can at any time issue notices requiring the breaking of end-to-end encryption technology. This followed statements from several tech firms, including Signal, suggesting they would withdraw from the UK market rather than weaken their encryption.
The UK National Crime Agency, part of the Home Office, has said the act is necessary to protect children. [29] The NSPCC has been a prominent supporter of the act, saying it will help protect children from abuse. [30] The Samaritans, that had made strengthening the act one of its key campaigns "to ensure no one is left unprotected from harmful content under the new law" [31] gave the final act its qualified support, also saying the act fell short of the promise to make the UK the safest place to be online. [32]
The international human rights organization Article 19 stated that they saw the Online Safety Act 2023 as a potential threat to human rights, describing it as an "extremely complex and incoherent piece of legislation". [33] The Open Rights Group described the Online Safety Bill (OSB) as a "censor's charter". [34]
During an interview for the BBC , Rebecca MacKinnon, the vice president for global advocacy at the Wikimedia Foundation, criticised the OSB, saying the threat of "harsh" new criminal penalties for tech bosses would affect "not only big corporations, but also public interest websites, such as Wikipedia". [35] In the same instance, MacKinnon argued the act should have been based on the European Union's Digital Services Act, which reportedly included differences between centralised content moderation and community-based moderation. [35] In April 2023, both MacKinnon and the chief executive of Wikimedia UK, Lucy Crompton-Reid, announced that the WMF did not intend to apply the age-check requirements of the act to Wikipedia users, stating that it would violate their commitment to collect minimal data about readers and contributors. [36] [37] On 29 June of the same year, WMUK and the WMF officially published an open letter, asking the government and Parliament to exempt "public interest projects", including Wikipedia itself, from the OSB before it entered its report stage, starting on 6 July. [38] [39]
Apple Inc. criticised legal powers in the OSB which threatened end-to-end encryption on messaging platforms in an official statement, describing the act as "a serious threat" to end-to-end encryption, and urging the UK government to "amend the Bill to protect strong end-to-end encryption". [40] [41]
Meta Platforms has criticised the plan, saying, "We don't think people want us reading their private messages ... The overwhelming majority of Brits already rely on apps that use encryption to keep them safe from hackers, fraudsters and criminals". [29] Head of WhatsApp Will Cathcart voiced his opposition to the OSB, stating that the service would not compromise its encryption for the proposed law and saying "The reality is, our users all around the world want security – ninety-eight percent of our users are outside the UK, they do not want us to lower the security of the product and just as a straightforward matter, it would be an odd choice for us to choose to lower the security of the product in a way that would affect those ninety-eight percent of users." [42] [43] He also stated in a tweet that scanning everyone's messages would destroy privacy. [44]
Ciaran Martin, a former head of the UK National Cyber Security Centre, accused the government of "magical thinking" and said that scanning for child abuse content would necessarily require weakening the privacy of encrypted messages. [29]
In February 2024, the European Court of Human Rights ruled, in an unrelated case, that requiring degraded end-to-end encryption "cannot be regarded as necessary in a democratic society" and was incompatible with Article 6 of the European Convention on Human Rights. This decision may potentially form part of the basis of legal challenges to the Online Safety Act 2023. [45]
The Office of Communications, commonly known as Ofcom, is the government-approved regulatory and competition authority for the broadcasting, telecommunications and postal industries of the United Kingdom.
The Communications Act 2003 is an Act of the Parliament of the United Kingdom. The act, which came into force on 25 July 2003, superseded the Telecommunications Act 1984. The new act was the responsibility of Culture Secretary Tessa Jowell. It consolidated the telecommunication and broadcasting regulators in the UK, introducing the Office of Communications (Ofcom) as the new industry regulator. On 28 December 2003 Ofcom gained its full regulatory powers, inheriting the duties of the Office of Telecommunications (Oftel). Among other measures, the act introduced legal recognition of community radio and paved the way for full-time community radio services in the UK, as well as controversially lifting many restrictions on cross-media ownership. It also made it illegal to use other people's Wi-Fi broadband connections without their permission. In addition, the legislation also allowed for the first time non-European entities to wholly own a British television company.
An age verification system, also known as an age gate, is any technical system that externally verifies a person's age. These systems are used primarily to restrict access to content classified, either voluntarily or by local laws, as being inappropriate for users under a specific age, such as alcohol, tobacco, gambling, video games with objectionable content, pornography, or to remain in compliance with online privacy laws that regulate the collection of personal information from minors, such as COPPA in the United States.
In the United States, Section 230 is a section of the Communications Act of 1934 that was enacted as part of the Communications Decency Act of 1996, which is Title V of the Telecommunications Act of 1996, and generally provides immunity for online computer services with respect to third-party content generated by its users. At its core, Section 230(c)(1) provides immunity from liability for providers and users of an "interactive computer service" who publish information provided by third-party users:
No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.
The Digital Economy Act 2010 is an act of the Parliament of the United Kingdom. The act addresses media policy issues related to digital media, including copyright infringement, Internet domain names, Channel 4 media content, local radio and video games. Introduced to Parliament by Lord Mandelson on 20 November 2009, it received royal assent on 8 April 2010. It came into force two months later, with some exceptions: several sections – 5, 6, 7, 15, 16(1)and 30 to 32 – came into force immediately, whilst others required a statutory instrument before they would come into force. However some provisions have never come into force since the required statutory instruments were never passed by Parliament and considered to be "shelved" by 2014, and other sections were repealed.
Damian Noel Thomas Collins is a British Conservative Party politician who formerly served as a junior Minister for Tech and the Digital Economy in the Department for Digital, Culture, Media and Sport between July and October 2022. He served as the Member of Parliament (MP) for Folkestone and Hythe from 2010 to 2024.
The Authority for Television on Demand (ATVOD) was an industry body designated by Ofcom as the "co-regulator" of television on demand (VOD) in the UK from 2010 until 2015. ATVOD was founded following a European Union directive on the regulation of audiovisual media. It was responsible for regulating on-demand services such as ITV Player and Channel 4's All 4, as well as paid-for content on websites which were deemed to be "tv-like". ATVOD's role with regard to VOD ended on 31 December 2015, when the function was taken over by Ofcom directly.
The Draft Communications Data Bill was draft legislation proposed by then Home Secretary Theresa May in the United Kingdom which would require Internet service providers and mobile phone companies to maintain records of each user's internet browsing activity, email correspondence, voice calls, internet gaming, and mobile phone messaging services and store the records for 12 months. Retention of email and telephone contact data for this time is already required by the Data Retention Regulations 2014. The anticipated cost was £1.8 billion.
Mass media regulations or simply media regulations are a form of media policy with rules enforced by the jurisdiction of law. Guidelines for mass media use differ across the world. This regulation, via law, rules or procedures, can have various goals, for example intervention to protect a stated "public interest", or encouraging competition and an effective media market, or establishing common technical standards. The principal targets of mass media regulation are the press, radio and television, but may also include film, recorded music, cable, satellite, storage and distribution technology, the internet, mobile phones etc. It includes the regulation of independent media.
The precise number of websites blocked in the United Kingdom is unknown. Blocking techniques vary from one Internet service provider (ISP) to another with some sites or specific URLs blocked by some ISPs and not others. Websites and services are blocked using a combination of data feeds from private content-control technology companies, government agencies, NGOs, court orders in conjunction with the service administrators who may or may not have the power to unblock, additionally block, appeal or recategorise blocked content.
Since its inception 28 years ago, the FPB has had the responsibility of classifying films, games and certain publications in line with South African values and norms under the overarching application of the Bill of Rights. This approach has a distinct difference from the censorship regime used by the Apartheid government to advance the then state’s discriminatory and dehumanising political agenda.
The Digital Economy Act 2017 is an act of the Parliament of the United Kingdom. It is substantially different from, and shorter than, the Digital Economy Act 2010, whose provisions largely ended up not being passed into law. The act addresses policy issues related to electronic communications infrastructure and services, and updates the conditions for and sentencing of criminal copyright infringement. It was introduced to Parliament by culture secretary John Whittingdale on 5 July 2016. Whittingdale was replaced as culture secretary by Karen Bradley on 14 July 2016. The act received royal assent on 27 April 2017.
Human rightsandencryption are often viewed as interlinked. Encryption can be a technology that helps implement basic human rights. In the digital age, the freedom of speech has become more controversial; however, from a human rights perspective, there is a growing awareness that encryption is essential for a free, open, and trustworthy Internet.
The Information Technology Rules, 2021 is secondary or subordinate legislation that suppresses India's Intermediary Guidelines Rules 2011. The 2021 rules have stemmed from section 87 of the Information Technology Act, 2000 and are a combination of the draft Intermediaries Rules, 2018 and the OTT Regulation and Code of Ethics for Digital Media.
The EARN IT Act is a proposed legislation first introduced in 2020 in the United States Congress. It aims to amend Section 230 of the Communications Act of 1934, which allows operators of websites to remove user-posted content that they deem inappropriate, and provides them with immunity from civil lawsuits related to such posting. Section 230 is the only surviving portion of the Communications Decency Act, passed in 1996.
The Digital Services Act (DSA) is an EU regulation adopted in 2022 that addresses illegal content, transparent advertising and disinformation. It updates the Electronic Commerce Directive 2000 in EU law, and was proposed alongside the Digital Markets Act (DMA).
The Online Streaming Act, commonly known as Bill C-11, is a bill introduced in the 44th Canadian Parliament. It was first introduced on November 3, 2020, by Minister of Canadian Heritage Steven Guilbeault during the second session of the 43rd Canadian Parliament. Commonly known as Bill C-10, the bill was passed in the House of Commons on June 22, 2021, but failed to pass the Senate before Parliament was dissolved for a federal election. It was reintroduced with amendments as the Online Streaming Act during the first session of the 44th Canadian Parliament in February 2022, passed in the House of Commons on June 21, 2022, and passed in the Senate on February 2, 2023. It received royal assent on April 27, 2023, after the consideration of amendments by the House.
A State Opening of Parliament took place on 11 May 2021. Queen Elizabeth II opened the second session of the 58th Parliament with the traditional Queen's Speech. The event was significant as it involved many restrictions due to the COVID-19 pandemic in the United Kingdom.
The Online Harms Act, commonly known as Bill C-63 or the Online Harms Bill, is a bill introduced in the 44th Canadian Parliament. It was first introduced in 2021 by Justice Minister David Lametti during the second session of the 43rd Canadian Parliament as Bill C-36. A revised version was introduced on February 26, 2024, by Minister of Justice Arif Virani during the first session of the 44th Canadian Parliament.
The Kids Online Safety Act (KOSA) is a proposed legislation first introduced in Congress in 2022. The bill aims to establish guidelines to protect minors from harmful material on social media platforms through a "duty of care" system and requiring covered platforms to disable "addicting" design features to minors.
{{citation}}
: CS1 maint: location missing publisher (link)