18 March 2022
UK: DCMS publishes Government response to Joint Committee report on draft Online Safety Bill
The Department for Digital, Culture, Media & Sport ('DCMS') published, on 17 March 2022, the Government response to the Joint Committee report on the draft Online Safety Bill, published in December 2021. In particular, the Government response provides responses to key recommendations of the Joint Committee, as seen below:
- to the recommendation that the bill should be restructured and that Ofcom should meet core objectives, including ensuring that service providers safeguard the freedom of expression and privacy, and comply with mandatory codes of practice, the Government response outlines that reformulating the framework in this way would leave Ofcom with a series of high-level duties which would likely create an uncertain and unclear operating environment;
- to the recommendation that the Government needs to provide more clarity on how providers with encrypted services should comply with the safety duties ahead of the Bill being introduced into Parliament, the Government response outlines that, although the UK Government agrees with the responsible use of encryption as a means for protecting users' privacy online, there will not be a one-size fits all approach, as the risk presented will depend on a range of factors, including the wider design of a service;
- to the recommendation that platforms that allow anonymous and pseudonymous accounts should be required to include the resulting risks as a specific category in the risk assessment on safety by design, the Government response provides that this is already covered by the bill as companies already need to risk assess harms that are associated with functionalities that allow users to create anonymous profiles;
- to the recommendation that enforcement of people's data privacy and data rights would remain with the Information Commissioner's Office ('ICO'), with clarity on information sharing and responsibilities, the Government response outlines that, although this will be the case, the Government intends for Ofcom to engage with the ICO and all relevant stakeholders on these issues when developing their codes, further noting that Ofcom will be required to consult with the ICO when developing the codes of practice; and
- to the recommendation that the bill should require Ofcom to establish minimum standards for age assurance technology and governance linked to risk profiles to ensure that third party and provider-designed assurance technologies are privacy-enhancing, rights-protecting, and that in commissioning such services providers are restricted in the data for which they can ask, the Government response expresses its agreement and notes that the bill includes duties on both Ofcom and all services in relation to user privacy, highlighting, however, that the collection of personal data is out of the scope of the bill, is the remit of the ICO, and is covered in existing data protection legislation, including the Age Appropriate Design Code.
Furthermore, the DCMS published the revised bill for introduction.
You can read the press release here, the Government response here, and the Joint Committee report here, and track the progress of the bill here.