The government has issued the first draft codes of practice under the controversial Online Safety Act (OSA), which became law last month.
UK telecoms regulator Ofcom has published guidelines on how tech firms can comply with the long-awaited legislation and protect children from coming into contact with harmful content online.
The guidance is part of the first set of draft codes of practice under the OSA. This one focuses on how user-to-user (U2U) services – including social media platforms, online games and search engines – will be expected to respond to different types of illegal content.
OSA has been described as a “landmark” legislation, aimed at preventing the spread of child sexual abuse material, terrorism content and fraud. According to Ofcom, its first priority will be protecting children.
The codes recommend that platforms avoid presenting children with lists of suggested friends or allowing children to appear in other users’ connection lists. It also proposes that accounts outside a child’s connection list should be unable to send them direct messages and to hide children’s location information.
Ofcom also recommended that platforms allow users to block other users, and put in place risk assessments when they make changes to their recommendation algorithms. In addition, it suggested the use of hash-matching technology to identify illegal images of abuse the websites hosting such material.
“Children have told us about the dangers they face, and we’re determined to create a safer life online for young people in particular,” said Dame Melanie Dawes, Ofcom chief executive.
“Our figures show that most secondary school children have been contacted online in a way that potentially makes them feel uncomfortable. For many, it happens repeatedly. If these unwanted approaches occurred so often in the outside world, most parents would hardly want their children to leave the house. Yet somehow, in the online space, they have become almost routine. That cannot continue.”
The guidelines are currently in a draft form, and will be presented for parliamentary approval towards the end of 2024. But, even if approval is granted, the recommendations will not become legally binding. Instead, tech companies can take a different approach, as long as they comply with the OSA’s overarching rules.
The regulator also stressed that it did not intend to break end-to-end encryption, a possibility that led companies WhatsApp and Signal to consider leaving the UK, as they claim it would leave their customers vulnerable to attacks.
Technology secretary Michelle Donelan said the publication of the first codes would help with “cleaning up the Wild West of social media and making the UK the safest place in the world to be online”.
In its original form, the bill gave regulators wide-ranging powers to sanction digital and social media companies such as Google, Facebook, Twitter and TikTok. However, it has been significantly watered down in revisions over the past year.
If social media platforms do not comply with these rules, Ofcom could fine them up to £18m or 10 per cent of their global annual revenue, whichever is largest. In addition, tech executives could personally face criminal charges if their platforms consistently fail to protect children.
Ofcom is expected to publish more recommendations regarding internet regulation in the next few months. The consultation period for this first set of guidelines will close on 23 February 2024.
