Proposals from the department for culture, media and sport, aim to remove perceived shortcomings of the current regulatory landscape in the face of growing concerns ranging from cyberbullying to terrorist recruitment, and calls for online platforms to take 'robust action.'

Duty of care

Shortcomings include protection from legal liability until web platforms have either actual knowledge of illegal content or are aware of facts or circumstances from which it would have been apparent that it was unlawful and had failed to act expeditiously. Any new law will be enforced by an independent regulator, which will set out codes of practice for companies. This could either be an existing regulator, with Ofcom a 'strong candidate,' or a new body. The new regulatory regime will have at the heart a new statutory duty of care legally obliging tech firms to protect their users, compelling them to take reasonable and proportionate steps to stop and prevent harmful material. They must develop new ways to find illegal content, including illegal activity featured in live streams and online grooming. They will also be compelled to take steps to identify offenders and to work with law enforcement to bring them to justice. Tech firms will be required to submit annual transparency forms outlining the scale of the threat and their response. These reports will be published online to make them fully accountable to their users. Tech companies who don’t comply will be hit with heavy fines bigger firms receiving bigger fines, as well as publicly named and shame. Websites and apps who refuse to protect users could be blocked in the UK, and individual senior managers may face criminal charges.

“Tough penalties”

UK home secretary Sajid Javid said, “Tough penalties, yes. But entirely in keeping with the seriousness of the issue.” They have “failed to show the moral leadership we expect of those trusted with the right of self-regulation.” He also accused tech firms of dodging and evading, saying “I’m giving tech companies a message they cannot ignore. I warned you. And you did not do enough. So it’s no longer a matter of choice. It’s time for you to protect the users and give them the protection they deserve, and I will accept nothing else.” Bryony Hurst, partner at Bird & Bird, suggests “It appears that a key part of this framework will be codes of practice, to be developed by the new regulator, seeking input from tech companies and other stakeholders.  There will be specific codes of practice for each type of online harm, and a company can either choose to follow that code or, if it chooses not to, must be able to demonstrate that its alternative approach delivered at least the same impact.  Key to demonstrating compliance with the codes will be for companies to have clear and accessible terms of use; whereas these have always been provided by web platforms, regulatory scrutiny of them to date has been minimal and it has been of little consequence whether platforms follow them to the letter or merely pay them lip service.” Ms Hurst adds that things look set to change, “from now on, it appears that companies will have to say what they mean, and do what they say, or face strict penalties.”