Written evidence submitted by Virgin Media O2
Virgin Media response to the DCMS Sub-committee call for evidence: Online Safety and Online Harms
Date of submission: 3 September 2021
Introduction
Virgin Media O2 welcomes the opportunity to respond to the Draft Online Safety Bill Pre-Legislative Scrutiny Committee. We have been engaged in the policy development of online regulation since the publication of the Internet Safety Green Paper in 2017, and we are encouraged to see the proposals enter their legislative stage.
The Government’s goal is to make the UK the safest place to be online and the Online Safety Bill presents an opportunity to deliver on this ambition. The Draft Bill sets out a framework to create the conditions for a safer internet that will reduce the likelihood of users experiencing harm online and rebuild citizens’ trust in the internet. Yet, establishing such a comprehensive and novel regulatory system for online safety is not a simple task, and it is important that the proposals are properly scrutinised prior to being implemented so the regulatory regime can be as effective as possible.
The Draft Online Safety Bill
Summary of Recommendations
Questions
Does the draft Bill focus enough on the ways tech companies could be encouraged to consider safety and/or the risk of harm in platform design and the systems and processes that they put in place?
We believe the Duty of Care approach adopted in the Draft Online Safety Bill will be sufficient to motivate tech companies to consider safety and harm prevention in the design of their systems and processes. The Duty of Care model is the most appropriate regulatory mechanism for the online safety regime as it strikes the right balance between placing obligations on providers of user-to-user services and search services without creating overly prescriptive legislation that would inevitably struggle to adapt with rapid technological change.
We do not believe that primary legislation seeking to outline specific content or types of services would be successful in creating safer digital spaces for the long-term. What constitutes harmful content is subject to change and can be highly subjective. Primary legislation is not the correct vehicle to define that. Similarly, the types of services and how users interact with those services can evolve at a rapid pace, with new apps or platforms emerging and gaining popularity quickly. Thus, using duties of care and focusing on systems and processes allows the legislation to be adaptable and, to some extent, future-proof.
However, the structural complexity of the Draft Bill makes it unclear how the different duties of care will interact. Regulated services will be given different duties of care depending on their categorisation (in descending order of risk: Category 1, 2A, and 2B), which in turn depends on threshold conditions set by the Secretary of State (using criteria such as the number of users and functionalities). We support the flexibility within the Duty of Care model, which can ensure a regulated provider is subject to duties that are proportionate to its scale, but we believe there is potential for the duties to overlap. Government should make this clearer to avoid potential confusion that would limit the efficacy of the regulations.
Are there any contested inclusions, tensions or contradictions in the draft Bill that need to be more carefully considered before the final Bill is put to Parliament?
Virgin Media O2 believes that the scope of the legislation is largely correct, but there are parts of the Draft Bill that would benefit from further clarity before the final Bill is put to Parliament.
One such example of this is the lack of detail regarding the role or access facility providers in the process of Ofcom applying to the courts for an access restriction order. Section 93 details how Ofcom will be able to issue access restriction orders as part of its enforcement regime, which would block users in the UK from accessing non-compliant service providers who fall under the Duty of Care model. We are pleased that this clause details that these orders can only be used as a measure of last resort, after a number of other business disruption issues have been tried, and that Ofcom must apply to the courts before issuing an order.
However, as drafted, the clause does not specify what role, if any, access facility providers would play in the court order process. Section 93(3)(g) suggests that applications can be made ex parte, which is concerning given the wide-ranging requirements which could potentially be imposed on access providers under s93(3)(f) – which are not clearly specified. We believe that there is an important role for access facility providers in providing information on what is technically achievable so that any access restriction order issued is practical, deliverable and does not lead to unintended consequences, such as innocent third parties’ legitimate content being restricted. Under the current wording, there is a risk that an access restriction order could be imposed on a provider which:
a) cannot be delivered, and that access facility provider would therefore be unable to carry out its legal duties; or
b) would lead to blocking the lawful, legitimate content of innocent third parties.