The Global Network Initiative (GNI) appreciates the opportunity to provide feedback on Ofcom’s proposals for how internet services that enable the sharing of user-generated content (‘user-to-user services”) and search services should identify, assess, and mitigate risks to children’s safety under the Online Safety Act, 2023.
Broadly, GNI appreciates Ofcom’s continued emphasis on a systems-and-processes approach in the draft guidelines to children’s online safety, which is consistent with our previous recommendations related to the design and implementation of the Online Safety Act (the Act). We are nevertheless concerned that the detailed approach set out in the consultation documents is likely to impose a very broad set of potentially unnecessary obligations on an extremely wide range of services, and in doing so contravene those same obligations and commitments.
In theory, a “children’s access assessment” that allows services that have put in place effective age assurance measures or do not have a “significant number of users who are children” to avoid undertaking potentially burdensome children’s risk assessments and safety duties makes sense. However, the approach set out in the consultation documents makes it highly unlikely that any services will be able to take advantage of this affordance unless they are willing to rely on costly and uncertain approaches to age assurance. This is because the approach set out to determining what constitutes “a significant number” of children makes it very difficult, if not impossible, to credibly determine that the “child user condition” is not met.
Separately, GNI has concerns about the application of age assurance methods for online safety. GNI recommends Ofcom develop and incorporate an assessment process to identify and mitigate risks associated with age assurance systems. In addition, it would be important to exercise transparency with such assessments to help academics, civil society organisations, and users better understand how services are addressing risks, and allow them to hold Ofcom accountable for its regulatory obligations.
Ofcom also requires all services to name a person accountable to the most senior governance body for compliance with illegal content duties and reporting and complaints duties. GNI has responded to the growing trend of potential liability for company personnel under content regulation in various jurisdictions, noting that without sufficient safeguards and protections, such requirements make it less likely that companies will push back on overbroad government demands or restrictions. Under certain circumstances, senior managers could face administrative or criminal prosecution under the OSA if they fail to comply with an Ofcom information notice.
As a result, GNI recommends Ofcom ensure consistency with the principle of necessity, which places the burden on States (in this case, Ofcom) to establish that a regulatory approach that limits freedom of expression constitutes “the least restrictive means” of achieving a legitimate objective (in this case, child safety).