Websites To Be Fined Over 'online harms' Under New UK Law

Internet sites could be fined or blocked if they fail to tackle "online harms" such as terrorist propaganda and child abuse, under British government plans. The Department for Digital, Culture, Media and Sport (DCMS) has proposed an independent watchdog that will write a "code of practice" for tech companies.
 
Senior managers could be held liable for breaches, with a possible levy on the industry to fund the regulator. But critics say the plans threaten freedom of speech. 
 
The Online Harms White Paper is a joint proposal from the DCMS and the Home Office. A public consultation on the plans will run for 12 weeks.
 
The paper suggests:
  • establishing an independent regulator that can write a "code of practice" for social networks and internet companies
  •  giving the regulator enforcement powers including the ability to fine companies that break the rules
  • considering additional enforcement powers such as the ability to fine company executives and force internet service providers to block sites that break the rules
Outlining the proposals, Digital, Culture, Media and Sport Secretary Jeremy Wright said: "The era of self-regulation for online companies is over.
 
"Voluntary actions from industry to tackle online harms have not been applied consistently or gone far enough."
Discussing financial penalties on BBC Breakfast, he said: "If you look at the fines available to the Information Commissioner around the GDPR rules, that could be up to 4% of company's turnover... we think we should be looking at something comparable here."
 
What are 'online harms'?
The plans cover a range of issues that are clearly defined in law such as spreading terrorist content, child sex abuse, so-called revenge pornography, hate crimes, harassment and the sale of illegal goods. But it also covers harmful behaviour that has a less clear legal definition such as cyber-bullying, trolling and the spread of fake news and disinformation.
 
It says social networks must tackle material that advocates self-harm and suicide, which became a prominent issue after 14-year-old Molly Russell took her own life in 2017. After she died her family found distressing material about depression and suicide on her Instagram account. Molly's father holds the social media giant partly responsible for her death.
 
Home Secretary Sajid Javid said tech giants and social media companies had a moral duty "to protect the young people they profit from". 
"Despite our repeated calls to action, harmful and illegal content - including child abuse and terrorism - is still too readily available online.
 
What do the Proposals say?
The plans call for an independent regulator to hold internet companies to account. 
It would be funded by the tech industry. The government has not decided whether a new body will be established, or an existing one handed new powers.
 
The regulator will define a "code of best practice" that social networks and internet companies must adhere to.
 
As well as Facebook, Twitter and Google, the rules would apply to messaging services such as Snapchat and cloud storage services.
 
The regulator will have the power to fine companies and publish notices naming and shaming those that break the rules.
The government says it is also considering fines for individual company executives and making search engines remove links to offending websites. Ministers "envisage" that fines and warning notices to companies will be included in an eventual bill. 
They are also consulting over blocking harmful websites or stopping them from being listed by search engines.
On the face of it, this is a tough new regime - and ministers have acted upon the demands of charities like the NSPCC which want what they regard as the "Wild West Web" to be tamed. 
 
But a closer look reveals all sorts of issues yet to be settled. 
Will a whole new organisation be given the huge job of regulating the internet? Or will the job be handed to the media regulator Ofcom? What sort of sanctions will be available to the regulator? And will they apply equally to giant social networks and to small organisations such as parents' message boards?
 
Most tricky of all is how the regulator is going to rule on material that is not illegal but may still be considered harmful. Take this example - Misinformation is listed as a potential harm.
 
So will the regulator tell companies that their duty of care means they must remove such material? The government now plans to consult on its proposals. It may yet find that its twin aims of making the UK both the safest place in the world online and the best to start a digital business are mutually incompatible.The white paper offers some suggestions that could be included in the code of best practice. It suggests the spread of fake news could be tackled by forcing social networks to employ fact-checkers and promote legitimate news sources.
 
But the regulator will be allowed to define the code by itself. The white paper also says social media companies should produce annual reports revealing how much harmful content has been found on their platforms. The children's charity NSPCC has been urging new regulation since 2017 and has repeatedly called for a legal duty of care to be placed on social networks.
A spokeswoman said: "Time's up for the social networks. They've failed to police themselves and our children have paid the price."
 
How have the Social Networks reacted?
Rebecca Stimson, Facebook's head of UK policy, said in a statement: "New regulations are needed so that we have a standardised approach across platforms and private companies aren't making so many important decisions alone. 
"New rules for the internet should protect society from harm while also supporting innovation, the digital economy and freedom of speech."
 
Twitter's head of UK public policy Katy Minshall said in a statement: "We look forward to engaging in the next steps of the process, and working to strike an appropriate balance between keeping users safe and preserving the open, free nature of the Internet."
 
TechUK, an umbrella group representing the UK's technology industry, said the government must be "clear about how trade-offs are balanced between harm prevention and fundamental rights".
 
Matthew Lesh, head of research at free market think tank the Adam Smith Institute, went further. He said: "The government should be ashamed of themselves for leading the western world in internet censorship. 
 
"The proposals are a historic attack on freedom of speech and the free press. "At a time when Britain is criticising violations of freedom of expression in states like Iran, China and Russia, we should not be undermining our freedom at home."
 
Freedom of speech campaigners Article 19 warned that the government "must not create an environment that encourages the censorship of legitimate expression". 
 
A spokesman said it opposed any duty of care being imposed on internet platforms.
They said that would "inevitably require them to proactively monitor their networks and take a restrictive approach to content removal".  "Such actions could violate individuals' rights to freedom of expression and privacy," they added.
 
BBC
 
You Might Also Read:
 
Regulation Might Actually Protect Facebook:
 
British Government Is Planning Internet Regulation:
 
 
 
« Critical Infrastructure Is Under Worldwide Attack
The Maritime Shipping Industry Should Be On Red Alert »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Bob's Business

Bob's Business

Bob's Business adopts a fresh approach to information security awareness and compliance training, delivering key information through the use of short animated movies.

Gurucul

Gurucul

Gurucul predictive security analytics protects against insider threats, account compromise and data exfiltration on-premises and in the cloud.

Redspin

Redspin

Redspin provide penetration testing, security assessments and consulting services.

RazorSecure

RazorSecure

RazorSecure offers products and services to enhance railway cyber security, by protecting and monitoring networks and key systems.

Network Box

Network Box

Network Box is one of the world's leading Managed Security Service Providers.

STM

STM

STM provides system engineering, technical support, project management, technology transfer and logistics support services for the Turkish Armed Forces.

Cyber-Physical Systems Security Institute (CPSSI)

Cyber-Physical Systems Security Institute (CPSSI)

CPSSI is a non-profit, by-invitation-only research and educational organization focused on practical and theoretical solutions to the cybersecurity challenges facing Cyber-Physical Systems.

Technology Ireland ICT Skillnet

Technology Ireland ICT Skillnet

Technology Ireland ICT Skillnet is a network of companies who collaborate to address skills needs within the technology sector.

Lionfish Cyber Security

Lionfish Cyber Security

Lionfish Cyber Evolution & Empowerment Model™ empowers SMBs to prepare and protect themselves against cyber threats using a unique combination of on-demand training, support and managed services.

Evina

Evina

Evina offers the most advanced cybersecurity and fraud protection for mobile payment.

BugDazz

BugDazz

BugDazz pentest as a service (PTaaS) platform helps bringing in real-time results, detail coverage, & easy remediation workflows with compliance-ready reports.

Adversa AI

Adversa AI

Adversa's mission is to build trust in AI and protect AI from cyber threats, privacy issues, and safety incidents.

Esprinet

Esprinet

The Esprinet Group is an enabler of the technology ecosystem: a team of people who promote access to technology through an extensive network of professional resellers.

LegalByte

LegalByte

LegalByte is a leading provider of comprehensive legal and forensic services dedicated to addressing the complex challenges of the digital age.

Lakera

Lakera

Lakera empowers developers and organizations to build GenAI applications without worrying about AI security risks.

Knostic

Knostic

Knostic is an early stage startup developing a risk management and governance platform designed for enterprise large language models (LLM).