POSR0002

Written evidence submitted by Carnegie UK, Reset

 

Introduction

  1. This is a joint submission from Carnegie UK and Reset. We welcome the opportunity to submit this evidence into the PAC inquiry and would be happy to speak about it further with Committee officials and/or members. We note that the Permanent Secretary for the Department for Science, Innovation and Technology and the Ofcom Chief Executive are due to attend a hearing of the Committee on 26 October and suggest below a few specific questions that might be put to them during that discussion.
     
  2. About Carnegie UK: Carnegie UK has been at the forefront of the debate in the UK on digital regulation. We created the approach that underpins the Online Safety Bill, which is shortly to complete its Parliamentary passage: a statutory duty of care which focuses on systems and processes and is enforced by a regulator. Since 2018 we have been working with parliamentarians, civil society and the government to develop and refine proposals for online harm reduction. William Perrin (Carnegie UK Trustee) and Prof Lorna Woods (University of Essex) have given evidence on the Bill to numerous Parliamentary committees and were awarded OBEs for their work in 2020. Our work can be found here; and a dedicated resource page for our analysis and publications on the Online Safety Bill specifically is here.
     
  3. About Reset: Reset (www.reset.tech) seeks to improve the way in which digital information markets are governed, regulated and ultimately how they serve the public. We do this through supporting new public policies across a variety of areas including data privacy, competition, elections, content, security, taxation and education.

 

The NAO Report

  1. The NAO report identifies a number of important positives with regard to Ofcom’s preparedness for taking on its new role, which we highlight below, and raises some significant concerns which are largely within the Government’s hands to address. We feel there also may be some gaps in the analysis which will have a bearing on Ofcom’s approach to its new role, which the Committee might wish to explore when it has DSIT and Ofcom officials before it.
     
  2. From Carnegie UK’s experience, having tracked the development of the Online Safety Bill from its inception and engaged with Ofcom officials – at many different levels of seniority and in a variety of for a – during that time, we would agree with the NAO’s analysis that the regulator has:
     

 

  1. Of concern, at this stage on the critical path to implementation of the regime, are the NAO’s findings relating to:

 

Gaps in the analysis

Managing expectations

  1. The NAO report finds that “Ofcom has recognised a risk of stakeholders expecting immediate change on Royal Assent and has in place a communications strategy for managing these expectations and addressing misunderstandings about its role”. (NAO report para 1.16) It particularly refers to the fact that the regulator cannot act on individual pieces of content or on individual complaints. In its recommendations, the NAO specifically says this communication plan should also cover “Ofcom’s role during implementation to give confidence in the credibility of the new regime with the public, industry and others”. It also notes that it needs to “develop its plans to inform industry about its requirements, particularly ensuring data requests are coordinated and proportionate”.
     
  2. There is another aspect of expectation management which is missing here: the management of stakeholders in civil society who have campaigned – often over many years - for the Bill as a whole or for specific provisions within it. To each of those groups, their particular issue will – justifiably – be viewed as the overwhelming priority for Ofcom’s implementation phase. Notably the NAO did not include any representatives from civil society in its interviewee list for its report and the report is silent on whether the regulator has done sufficient mapping of that landscape to inform its stakeholder engagement plans or included these constituent groups in its communications plans. Failure to do so is likely to result in potentially quite public and noisy pressure on the regulator and also have a bearing on wider public confidence in the regulator’s credibility and competence. 
    What are Ofcom’s practical plans to manage this?
     
  3. A similar expectation management strategy is required for Parliamentarians, many of whom – particularly in the Lords – have also had to push the Government hard for concessions on the Bill or reassurances as to the implementation. It is also worth Ofcom bearing in mind that many of the debates on the Bill in both Houses have returned frequently to the issue of “take down” of content, particularly in the context of the most harmful occurrences. While Ofcom itself is clear in its messaging about the systemic nature of the regulatory framework, reiterating this will need to be a permanent part of its communications strategy, both for users of online services and for those who represent them in Parliament. In the closing debates on the Bill in both the Commons and the Lords, thoughts were already turning to implementation: given the unprecedented consensus on the shape of the legislation across all sides of the House, and the exhortations from the Opposition for the Government to get on with it – particularly given the protracted history of the Bill – this is also a constituency that Ofcom should be actively managing in order to build trust, engagement and transparency in the months and years ahead. What are Ofcom’s practical plans to manage this? How will DSIT support them in this role? Do the governance arrangements set out in part two cover this aspect of joint engagement and, where necessary, risk mitigation?

 

Ofcom’s ability to withstand Big Tech lobbying

  1. The NAO report mentions Ofcom’s plans for industry engagement, with a “dedicated supervision unit” set up with responsibility for “building and maintaining relationships with what Ofcom expects to be the 20 largest and riskiest service providers and promoting the compliance of small providers” (para 2.12). Later, the report says that “several industry representatives expressed concern about the potential burden of compliance and the demands this would place on their resources … Larger companies noted that, despite their size, their regulatory compliance resources were limited and greatly outnumbered by Ofcom’s resources. They also described receiving requests from Ofcom for information that would require significant effort to answer”. (para 3.10)
  2. It is not clear whether these “larger companies” are the same as the “20 largest and riskiest service providers” that will have the most attention from Ofcom, or are just larger than the “one-person business” that the NAO also reports feedback from in the paragraph quoted above. If the latter – and they are in effect SMEs – then those concerns are valid and have been well rehearsed during the Bill’s development, particularly through trade bodies such as COADEC (now the Start-Up Coalition). The regime’s proportionate, risk-based approach should provide the reassurances required here while its focus on safety-by-design should, in the long-term, ensure that any company designing or developing a service that is to be regulated by Ofcom would bake-in to their set-up measures which would meet the baseline requirements set out in the regime and thus reduce the compliance overheads.
     
  3. If, however, the "larger companies" quoted in para 3.10 above are among those who will fall into the “20 largest and most riskiest” for supervision by Ofcom, then this feedback is very telling and reflects one of the biggest risks to Ofcom’s ability to deliver effectively the online safety regime: industry lobbying. These are some of the biggest, richest companies in the world with vast resources that could be easily redirected to ensuring more than adequate regulatory compliance on the scale and quality that Ofcom requires. The fact that the NAO reports such concerns without comment or criticism reflects the challenge ahead for the regulator: the scale of the lobbying during the passage of the legislation will not let up once it has passed into law but will now be primarily targeted, but covertly, at Ofcom and the officials who engage with the companies concerned. Every piece of the regulatory jigsaw – codes, guidance, consultations, categorisation and risk assessment advice – will be contested with a view to diluting its effect and reducing the “compliance burdens” associated with it. What measures has Ofcom put in place to build resilience in its officials during this implementation phase and ensure that the design of the legislation, which has democratic legitimacy, is not watered down along the way? What has Ofcom learnt about tech company tactics in this regard from the first two years of overseeing the VSP regulatory regime and how will this prepare them in the new role?
     
  4. A further area of pressure from regulated services will be via litigation. While a certain amount of legal challenge is an expected part of the way in which the limits and boundaries of the regime will be tested, particularly once Ofcom starts its enforcement action, it could also be an easy, parallel lobbying route for well-funded tech companies should they wish to test Ofcom’s resilience (and resources) via Judicial Reviews and slow down implementation and enforcement. Has Ofcom considered previous examples of such tactics by industry in other regulatory regimes and, if so, how will this inform their approach?

Departmental reorganisations

  1. The NAO report references the fact that a major Machinery of Government change took place earlier this year, with digital policy moving from DCMS to the newly formed DSIT. It is silent on whether these changes materially affected the civil service relationship with the regulator during this period or on how the joint sponsorship of Ofcom (now split between DCMS on broadcasting and broadband and DSIT on online safety) will be effective and/or is reflected in the emerging governance arrangements.
     
  2. A further consideration here is the impact of a General Election – expected within the next 15 months – and how both the political instability during that period and the impact of purdah when it is eventually called, will impact on Ofcom’s decisions and publication schedule and/or its ability to rely on Ministerial engagement when required. A further consideration is the potential for further Departmental reorganisations under a new Government to impact on its forward programme of work. How far has Ofcom factored in contingency for this into their planned programme of work? Where do they feel the biggest risks from the wider political context lie in the next 18 months?

The impact of Government policy and legislative decisions that will directly impact Ofcom’s work.

  1. We note that the scope of the Committee’s inquiry prevents the scrutiny of “the Bill’s contents itself, nor any policy decisions relating to it”. We feel, however, that there are three specific areas where the Government made policy decisions during the course of the Bill’s passage that have a direct consequence on the subject under consideration here and which the Committee might wish to probe further when its witnesses appear before it:
     

October 2023