A New UK Online Safety Regulator

Adam Kelly | Senior | Law | +44 161 234 6403 | adam.kelly@uk.ey.com

Amidst an industry wide drive to regulate online harmful behaviours, in March the House of Lords Select Committee put forward its recommendations for the improvement of internet safety (9 March 2019) and in April the Government published its Online Harms White Paper (8 April 2019). The reports give an indication of how the debate on online safety is developing and what the future of digital regulation holds.

The Government’s Online Harms White Paper (which is the focus of this article) proposes a new regulatory framework to tackle online harms and improve the accountability of digital organisations for user safety. This is a significant proposal for organisations operating in the digital world and raises a range of important social and industrial policy questions.

The internet is currently regulated in the UK by various bodies, such as the Information Commissioner’s Office (ICO), the Gambling Commission, the Advertising Standards Authority, Ofcom and the Competition and Markets Authority, to name a few. Each has responsibility for its own particular area of regulation and although regulators do work together where appropriate, there is no formal statutory connection between them. The White Paper proposes that a new regulator would coordinate the various regulators that currently oversee online activity in the UK, creating an overarching digital framework to address a number of online harms prevalent in today’s digital world, such as child sexual exploitation, terrorist content, modern slavery, revenge pornography, the encouragement of suicide, content uploaded from prisons, sexting and more.

The key legislative proposals include:

  • An independent regulator is to be appointed to enforce the new regulatory framework. The Government is consulting on whether the new regulator should be a new or existing body and has proposed that it will be funded by the industry in the medium term, while longer term funding options are explored.
  • The new regulatory framework will apply to organisations that allow users to share or discover user-generated content or interact with each other online.
  • Annual transparency reports will be required from in-scope organisations to give details of the harmful content in their platforms. Such reports will be published online by the regulator.
  • A new statutory duty of care will be placed on digital organisations to improve responsibility for the safety of users.
  • The new regulator will have various enforcement powers, including the power to levy substantial fines against organisations and individual executives as well as making search engines remove links to offending websites. However, the full extent of these powers has yet to be determined and forms part of the Government’s consultation. Commentators suggest that the Government will look to GDPR fines as an example of possible penalties for breach.
  • Where children are permitted to access online services, age-appropriate terms and safeguards must be in place. Protecting children is one of the major objectives of the Government in designing the new framework.
  • Organisations will be expected to have easy-to-access user complaints functions, which will be overseen by the new regulator. Where a user is unsatisfied with the response, it is proposed that an independent regulatory process will be available.
  • In order to uphold privacy, any requirements placed on organisations to scan platforms for illegal content will not apply to private channels. Exactly what will constitute ‘private channels’ also forms part of the consultation.

It is proposed that the new regulator will address the following five key concepts in implementing the new framework:

  1. A proportionate approach, taking into account the capacity of digital organisations to meet regulatory requirements.
  2. A legal duty of innovation, to avoid imposing impossible demands on smaller companies and start-ups.
  3. The need to make compliance straightforward, learning from other sectors and the support provided to organisations by other regulators, such as the Health and Safety Executive and the ICO.
  4. The use of technology to promote effective compliance solutions for all.
  5. The minimising of compliance costs, including the creation of machine executable regulation and data sharing.

Irrespective of the implementation of a new regulatory framework, the White Paper recommends taking early action to address online harms including:

  • Ensuring terms and conditions meet the standards that will be set by the new regulator, incorporating the published codes of practice as appropriate.
  • Enforcing terms and conditions effectively and consistently.
  • Preventing known terrorist content being made available to users.
  • Taking prompt, transparent and effective action following user reporting.
  • Supporting law enforcement investigations.
  • Directing users, who have suffered harm, to appropriate support.
  • Regularly reviewing efforts in tackling online harm and adapting internal processes to drive continuous improvement.

The new regulatory authority will be tasked with developing specific codes of practice to promote compliance.  

The consultation on the new regulation is now open and closes on 1 July 2019.

Watch this space as we will continue to monitor developments in the UK on the proposals for a new internet safety regulator.

The White Paper can be found here (published 8 April 2019):


The full report of the House of Lords Select Committee can be found here (published 9 March 2019):