For three premierships now, politicians, pundits, and think tanks have been discussing the Online Safety Bill—the UK’s attempt to lead the world in online safety. Severe criticism of the bill has led it to be redrafted repeatedly, most recently with promises to remove provisions regulating “legal but harmful” content for adults and criminalizing harmful communications. These changes are a positive development, but they are not enough to protect users’ privacy and freedom of expression. Parliament needs to understand that the latest iteration of the Online Safety Bill is still fatally flawed.
Instead of trying to force the entire bill through Parliament during this session, lawmakers should chop it up into a series of smaller, more targeted bills that address child safety, illegal content, and online harms separately next session. Doing so would provide lawmakers with more time to consider how best to address critical issues still facing the Online Safety Bill, including how it threatens end-to-end encryption and user privacy.
The Online Safety Bill attempts to make the Internet safer by establishing binding and enforceable legal obligations for how online services handle content. The most recent proposed changes fix some of the bill’s civil liberties issues, namely the unintentional threats to free speech that arise from dictating what is harmful but not unlawful for adults and criminalizing harmful communications. While these are incredibly welcome developments, they are only the start of the progress that is needed.
The Online Safety Bill still threatens end-to-end encryption—a critical tool for free expression and online safety—because the bill still covers private messaging services like Signal and WhatsApp that rely on it. End-to-end encryption ensures that only users communicating with each other can access their messages. But because the bill allows Ofcom to require online services to search private messages for illegal content, online services will be incentivized to undermine end-to-end encryption or, worse, leave the UK entirely. There is just no other way to moderate content at scale in end-to-end encrypted services. Undermining these private communications would make everyone’s online communications less secure and have real-world consequences for vulnerable communities like dissidents, LGBT+ youth, and abuse survivors who rely on digital privacy to stay safe from threats of persecution or violence. Removing encrypted communications from the scope of the Online Safety Bill would help preserve private free speech and users’ rights to private communications online.
The Online Safety Bill also still contains other measures that undermine free expression. It still enables Ofcom and the Secretary of State for Digital, Culture, Media, and Sport to mandate that online services put content deemed to be harmful to an “appreciable number of children in the United Kingdom” behind an age assurance wall. Users may find that they have to provide their personal information to access any number of public websites the UK government deems unsuitable for children.
Because the legislative timeline in the current session doesn’t offer enough time for Parliament to solve these fundamental issues, UK lawmakers should address them with new legislation next session. For example, splitting the Online Safety Bill into separate bills for proposed child safety obligations and the illegal content obligations would allow policymakers in the next Parliamentary session to discuss in detail and rectify the nuanced legal and policy issues that each set of obligations raises.
The UK needs to get this legislation right the first time before the government creates an online safety regime that doesn’t protect online safety, digital privacy, and content moderation.