Taming Aggressive Algorithms

Uploaded on 2024-06-18 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW, BUSINESS-Services-Law, TECHNOLOGY-Key Areas-Social Media

Ofcom recently published more than 40 steps for tech firms to take in order to protect children online as part of its draft Children's Safety Codes of Practice.

The draft Codes come in response to the UK Online Safety Act 2023 which holds tech platforms legally responsible for keeping users safe online, particularly children. Under the Act, social media apps, search and other online services have new duties to assess the risk of harm to children and take steps to address it. Ofcom’s measures cover how services should comply with these new duties.

In response to the publication of Ofcom’s new measures, Technology Secretary Michelle Donelan reiterated the Government’s goal: “when we passed the Online Safety Act last year, we went further than almost any other country in our bid to make the UK the safest place to be a child online.”

Ofcom is not the only regulator taking steps to ensure better protection for children online; earlier this month, Ofcom teamed up with the Information Commissioner’s Office (ICO) to publish a joint statement, committing to collaborating on the regulation of online services. The ICO also recently published its Children’s code strategy for 2024-2025. What are the recommended steps for tech firms to take under Ofcom’s new Codes?

Ofcom’s recommended measures for social media, search and other online services include:

Age checks: Ofcom expects greater use of “highly-effective age-assurance”. In practice, this means using photo-ID matching, facial age estimation or reusable digital identity services to verify a user’s age. Ofcom is clear that payment methods which do not require the user to be over 18, self declaration of age and general contractual restrictions do not go far enough. In certain cases, tech platforms may need to prevent children from accessing the site entirely.

Safer and more controlled algorithms: Ofcom describes algorithms providing personalised recommendations to users as “children’s main pathway to harm online”. The draft Codes propose that tech firms alter their algorithms to filter out the most harmful content such as content relating to suicide, self-harm, eating disorders, and pornography from children’s feeds, and also reduce the visibility of other harmful content including violent hateful or abusive material, online bullying and content promoting dangerous challenges.

More effective content moderation: User-to-user services such as social media apps must ensure that swift action is taken against content harmful to children as part of their content moderation systems. Search engines must take similar steps and where a user is believed to be a child, large search engines must implement a safe search setting which removes the most harmful content. Content moderation teams are required to be well-resourced and trained.

Policies: Services must introduce clear policies on what type of content is allowed and how it is prioritised for review.

Strong governance and accountability: This includes services having a named person accountable for compliance with children’s safety requirements, an annual senior-body review of all risk management activities in relation to children’s safety and an employee Code of Conduct which sets out children’s safety standards to abide by.

Greater choice and support for children: Children must be able to provide negative feedback in response to recommended content so that they have control over what they do not want to see. Support tools should also be provided to enable children to have more control over their use of online services, such as options to disable comments on their posts and to block user accounts.

Consequences of Non-compliance

Ofcom Chief Executive Dame Melanie Dawes has said that once the measures are in force, “we won’t hesitate to use our full range of enforcement powers to hold platforms to account.” Where tech firms’ duties to protect children online are not performed, Ofcom will have the ability to take enforcement action including issuing a penalty of up to 10% of qualifying worldwide revenue or £18 million (whichever is greater) and requiring remedial action to be taken.

In addition to Ofcom’s statutory powers, the regulator may use alternative compliance tools which include:

  • Sending a warning letter. 
  • Undertaking compliance remediation – consisting of a period of engagement which gives the tech firm the opportunity to address or remedy any compliance concerns.
  • Opening an enforcement programme – to understand whether there is an industry-wide issue causing harm to underaged users and to determine an appropriate response.

Next Steps For Tech Firms

The Codes form part of a consultation which will run until 17 July 2024. According to Ofcom’s roadmap on implementing the Online Safety Act, Ofcom will finalise the Codes and submit them to the Secretary of State for approval in the first half of 2025.

Once the Codes come into force, tech firms must comply with their children’s safety duties and Ofcom can enforce against non-compliance.

Whilst this is over a year away, the message from Technology Secretary Michelle Donelan is clear: “To platforms, my message is engage with us and prepare. Do not wait for enforcement and hefty fines - step up to meet your responsibilities and act now.”

David Varney is Partner at independent UK law firm Burges Salmon  

Image:  Unsplash

You Might Also Read:

Cyber Security Education From Childhood Is Becoming Vital:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

« Instagram & Facebook Are Addictive For Children
Chinese Hackers Have A Global Impact »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

F-Response

F-Response

F-Response is a software utility that enables an investigator to conduct live Forensics, Data Recovery, and eDiscovery over an IP network using their tools of choice.

Vera Security

Vera Security

Vera is a data security platform that provides 360-degree visibility and control over critical business data, anywhere it's shared or stored.

eco

eco

eco, with more than 950 member organizations, is the largest Internet industry association in Europe.

Cyverse

Cyverse

Cyverse is a cyber-security firm which provides corporations with state-of-the-art cyber-security service-based and technological solutions made in Israel.

National Cyber Security Centre (NCSC) - New Zealand

National Cyber Security Centre (NCSC) - New Zealand

The role of the NCSC is to help New Zealand’s most significant public and private sector organisations to protect their information systems from advanced cyber-borne threats.

Wise-Mon

Wise-Mon

Wise-Mon is expert in its field of network monitoring and control. We give solutions to huge organizations with tens of thousands of ports, as well as small companies with one switch.

SCADASUDO

SCADASUDO

SCADASUDO is a cyber solution architecture and design office, established by leading experts in the field of OT (Industrial control) and IT (information Technology).

Evolution Equity Partners

Evolution Equity Partners

Evolution Equity Partners is an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies.

Sentor Managed Security Services

Sentor Managed Security Services

Sentor Managed Security Services is a cybersecurity company that enables organizations to exist in a digitally connected world.

Dutch Institute for Vulnerability Disclosure (DIVD)

Dutch Institute for Vulnerability Disclosure (DIVD)

DIVD's aim is to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them.

Scholarly Networks Security Initiative (SNSI)

Scholarly Networks Security Initiative (SNSI)

SNSI brings together publishers and institutions to solve cyber-challenges threatening the integrity of the scientific record, scholarly systems and the safety of personal data.

Aleo

Aleo

Aleo is building the world's leading developer platform for enabling absolute privacy on blockchains.

Ascent Solutions

Ascent Solutions

Ascent is built to help firms evolve their cybersecurity posture, modernize their Microsoft solutions, and accelerate their journey to the cloud.

Incyber

Incyber

Incyber is a fully integrated network and cybersecurity solutions provider contracted to safeguard public and private enterprise, high value data and sensitive industries.

Verastel

Verastel

Specializing in the niche space of proactive cyber-defense, and adaptive resilience, team Verastel is bolstering enterprise digital security like never before.

Karthik Consulting (KC)

Karthik Consulting (KC)

Karthik Consulting is a technology service provider specializing in IT services for the U.S. federal government.