Internet service providers will need to assess whether they come within the scope of the recently published draft legislation and, if so, take stock of their regulated content and duties of care.
The detail of the first draft of the Online Safety Bill published on 12 May 2021 is set to have a major impact on a broad range of providers of internet platforms and services – not least the financial cost of compliance and the liability risk. Even before the Bill’s publication, the government’s full response in December 2020 to its Online Harms White Paper consultation gave a good idea of how it might shape up and the scale of its significance for the online industry.
Although the specific wording in the first draft of the Bill now gives a further sense of the types of services that are likely to be within its scope in some cases an element of uncertainty remains over what types of platform and service will fall within its remit.
The first draft identifies two primary categories – “user-to-user services” and “search services” – that could be within its scope, with different obligations tied to each. The draft Bill also sets out a list of services which, even if they are caught by these definitions, will fall outside the scope of the Bill’s obligations. What types of online platform will be included in these categories and what will be considered as exempt?
User-to-user services are internet services that allow users to generate, upload or share content that can be encountered by other users on that service (whether the content is shared publicly or privately). This category of services would include user-generated content services such as social media platforms, video sharing platforms, dating services and peer-to-peer services.
But a service may still be a user-to-user service even if only a portion of it allows user-generated content to be shared; for instance, a site that is not dedicated to allowing this type of content but provides an online forum functionality within which users can interact and post.
The Bill also makes it clear that a user of a service will be deemed to “encounter” content created by others if that content can be shared with them via the service’s functionality. This means that a service with the functionality to send direct messages to others – whether a dedicated instant messaging service or a website with user message functionality – will also be classed as a user-to-user service.
News sites and other websites which contain editorial content published by the provider of the service, without the ability for users to post their own content, would not fall within the definition of user-to-user services: and, even if a news publisher site has limited commenting functionality below its articles, this user content functionality may still be exempt.
Encompassing internet services that are, or include, a search engine and are not otherwise user-to-user services, the category of search services will clearly have within its scope the likes of the Google and Bing search engines. Even if only focussed on a specific topic or genre of content rather than the whole internet, services that search large numbers of websites or databases will also fall within this category. The fact that a search can be initiated by any means will also bring into scope search services provided via speech-based virtual assistants, such as Siri on Apple products, or Amazon’s Alexa.
Importantly, if a service includes the ability to search just one website or database, it will not fall within the definition of a “search service”. This means that a website will not be caught solely by virtue of having an internal search functionality, the results of which are limited to hits from that website.
Email, SMS, MMS and voice calls
Services – even if they are caught by the above definitions – that will fall outside the scope of the Bill’s obligations include email, SMS, MMS and one-to-one live aural communications but only to the extent that each of these types of content are the only user-generated content enabled by the relevant service. However, video calling services and instant messaging through apps do not fall within these exempt categories.
The carve-out for email, SMS, MMS and voice calls was expected based on the government’s white paper response, but will nevertheless disappoint those campaigners lobbying for the Bill to cover broader forms of fraudulent content, such as online scams in any guise, including via email and SMS.
Although the government’s press release accompanying the Bill made a point of highlighting that “measures to tackle user-generated fraud will be included in the Bill“, citing the example of romance scams or fake investment opportunities posted or sent by users of social media as being covered by the Bill, online fraud material will only be caught to the extent it is distributed via a regulated user-to-user service or search service.
Any scams targeted via email or SMS will very much remain outside the scope of the Bill. It remains to be seen whether pressure from consumer groups will lead to an expansion of the Bill in future iterations to incorporate scam content via other media, but it seems unlikely as this would require a vast overhaul of the overall scope of the Bill.
Internal business services
Another exempt group, internal business services, includes internal business resources or tools provided by the business and made available only to a closed group of individuals for uses connected with the business, including management, employees, officers, contactors, consultants or auditors. This would capture services such as employee intranets and portals provided by an employer.
The explanatory notes to the Bill also mention that internal business services may encompass productivity and collaboration tools, content management systems, customer relationship management systems and database management software.
The question of who “provides” the service is essential. The Bill states that the “provider” will be the entity that has control over who can use the service, but, where a party simply provides an “access facility” for a user-to-user service, it will not be deemed to be the “provider”.
If an enterprise software provider – for example, a software-as-a-service business collaboration tool – licenses its software to another business for internal use and the business has control of who can access the service, the business rather than the enterprise software provider will be considered the service provider. In this scenario, the business may be able to benefit from the “internal businesses services” exemption, but the enterprise software provider simply by licensing to the business appears to be outside the scope of the Bill.
Limited functionality services
There is an exemption also for “limited functionality services”, in which the user-to-user aspects of the service are limited to interactions such as:
- comments and reviews on content posted by or on behalf of the service provider itself (for example, reviews of a product listed for sale on a website or comments on an article);
- the functionality to share those comments and reviews on another service; and
- the functionality for other users to express a view of those comments and reviews or the main content via mechanisms such as “like” and “dislike” buttons, emojis, symbol or ratings and scores.
The intention, as confirmed by the Bill’s explanatory notes, is to capture ‘below the line’ content on media and editorial articles, or reviews where a website provides goods or services directly. However, any service which includes user content functionality beyond just this limited type of user comment functionality will not be exempt.
Public bodies and additional services
User-to-user services or search engines provided by certain public bodies are also exempt.
The Bill gives a significant amount of flexibility for additional services to be added to the list of exempt services and – more worryingly for certain platforms – for one-to-one live voice calls and limited functionality services to be removed from the exempt list if the secretary of state considers these pose a risk of harm to users in the UK.
The logic here is for a flexible framework to be implemented that can be responsive to technological changes. However, this provides extraordinary discretion to the government and a looming threat that services which carry out a scoping exercise and determine that they fall outside the current framework could be transitioned into scope at relatively short notice.
‘Links with the United Kingdom’
If a service falls within the definition of a user-to-user service or search service, and is not an exempt service, then the final question determining whether the service will be within scope as a regulated service is whether it “has links with the United Kingdom”. This will be the case if the service has a significant number of users in the UK (whether individuals or UK-incorporated businesses), if the UK is a target market, or if the service can be accessed in the UK and there are reasonable grounds to believe that content on it could cause a material risk of significant harm to individuals in the UK.
This is a broad remit. The Bill has extra-territorial effect, and the various obligations it sets out, as well as Ofcom’s information gathering powers and powers to request interviews, will apply equally to services provided from outside the UK as to services provided from within the UK – provided a UK link can be established.
The Bill does not specify what a “significant number” of UK users would be, and there is likely to be a debate around this. In any event, factors such as whether the service is being advertised via UK media, whether there is a British English language option, or whether the service in question is hosted on a .co.uk domain, will all be relevant in assessing whether the UK is a target market for a service, thereby bringing many services within scope regardless of number of UK users.
Osborne Clarke comment
The Bill is going to have a big impact for numerous internet services. Given the threat of fines reaching £18 million or 10 per cent of annual global turnover, it will be vital for providers of internet services to carry out a thorough “scoping exercise” to consider whether they operate the type of service caught by the Bill. If they do, they will need to assess the types of regulated content that might be encountered on their service to ascertain how best to discharge the various duties of care set out the Bill.
For companies at the fringe of the various vague definitions in the Bill, whether their service will be included or not in these categories could be hugely financially significant both in terms of the cost of compliance and the liability risk. It may be that such UK-facing companies need to undertake impact assessments in order to come to a view as to whether the additional user functionality on the service is worth the additional compliance burden that may now be attached to it.
This is the first article in our OSB in Focus series about the UK’s draft Online Safety Bill and will be followed by a look at the types of Regulated Content that will come within its scope. The series can be found here and will take an in-depth look at the specific topics, issues and applications of the proposals, and how they should be dealt with in practice.
#rhoa #maatiedtomedicine #couplescourttv @couplescourttv #gregoryevans #dating #datingscams #onlinedating #romance #romancescams #sexoffenfer #fakeprofile #fakeprofiles #boyfriends #cheaters #cheatingwife #swingers #swingercouple #pof #fakeprofile #cheatinghusband #scams #love #lovescams #worsedates #sex #ncs #metoomovement #metoo #muterkelly #activist #metoo #donaltrump #sextrafficking