The debate concerning the UK’s controversial Online Safety Bill (OSB) has continued to rumble on in recent days, with the UK Government reportedly again being warned that there is a real risk that certain messaging apps could be withdrawn from the UK if compromises cannot be reached on a number of issues.
The OSB, which is currently being debated in the House of Lords, aims to increase the responsibility of social media platforms for their users’ safety. It is intended to protect both children and adults in various ways.
Regarding children, the OSB will require social media platforms to take a number of steps, including:
- Removing illegal content swiftly or stopping it from appearing at all.
- Preventing children from accessing damaging content and content which is unsuitable to their age.
- Enforcing age-checking measures and age limits.
- Ensuring that the risks to children on the biggest social media platforms are more obvious.
- Implementing understandable and readily comprehensible ways for adults and children to report online problems.
Among other things, the OSB empowers Ofcom to oblige social networks to implement technologies to combat child sexual abuse content or terrorism, with the possibility of significant penalties for those that refuse to do so. This is regarded by some service providers as undermining the end-to-end encryption of their users’ data, with other commentators apparently suggesting that the OSB has been drafted in a deliberately opaque way in relation to this issue.
Providers of relevant messaging services have suggested that, as the vast majority of their users are based outside the UK, they would not be willing to take steps that would, in their view, compromise the security of their messaging services for such users and would instead withdraw from the UK market.
The UK Government, however, argues that strong encryption cannot be allowed to take precedence over safety and, in any event, takes the position that the OSB does not require services to jeopardise end-to-end encryption.
It appears that somewhat similar debates are taking place in the European Union in respect of the proposed Regulation to Prevent and Combat Child Sexual Abuse (CSAR). Among other concerns, critics of the CSAR are unhappy that effectively this would oblige all relevant service providers, including encrypted service providers, to scan messages, including end-to-end encrypted messages, to detect inappropriate content where it is feared that services are being utilised to distribute damaging subject matter.
Interestingly, it has been reported in The Guardian last week that certain leaked internal EU legal advice has suggested that significant concerns exist as to whether the proposed CSAR is lawful in this regard and the fact that it could lead to serious privacy and data protection risks, particularly around proportionality.
The leaked advice also reportedly raises concerns regarding proposed requirements in the CSAR around age verification technology, which it is feared could involve profiling of users, use of biometric technologies or the introduction of digital certification systems, leading to additional impacts on users’ rights.
Concerns regarding possible age verification requirements in the OSB have also been raised recently by organisations such as Wikipedia, with the Wikimedia Foundation indicating that Wikipedia would be reluctant to verify the ages of its users, partly because this would involve collecting additional data about readers and contributors and partly because this could also necessitate significant changes to its technical systems. There are fears that the OSB has the potential to block the website in the UK, leaving UK users and contributors unable to access it.
The Government is reportedly keen to find a way to resolve the debates around the OSB, particularly the issues in respect of encrypted messaging services and is apparently engaged in discussions with relevant parties. At this stage, an acceptable compromise that will satisfy all interested parties, is not immediately obvious, given the Government’s various concerns, particularly around child protection.
However, the withdrawal of widely-used messaging services in the UK would likely prove highly unpopular with users and could lead to further headaches for the Government. Moreover, if it is ultimately decided in the European Union that the CSAR requires amendment in order to address the concerns around end-to-end encrypted messages outlined above, this could raise further questions as to whether the similar provisions included in the OSB are appropriate.