Online Safety in the United Kingdom: What’s the Latest?

The children’s privacy and online safety regulatory landscape is evolving quickly. To keep up, companies subject to U.K. law should understand their users, enhance safety features and conduct risk assessments, all while preparing for more change. Here’s a look at recent developments.

UK and US United to Focus on Children's Safety Online

The U.K. and U.S. governments have joined forces in a new working group to “develop and promote common solutions, shared principles and global standards” that prioritise children’s online safety.

Why it matters: The collaboration signals the increasing global importance of children’s online safety and the need for online platforms to prioritise compliance with regulations.

The big picture: Both countries have individually enacted legislation to protect children online.

• The UK has adopted the Age-Appropriate Design Code and Online Safety Act.
• In the United States, several states have passed laws to safeguard teens on social media platforms and other online services.

What’s next: Platforms should prepare for increased regulatory scrutiny and compliance requirements on an international scale.

Ofcom Warns Tech Firms About New Safety Laws

On 17 October 2024, Ofcom issued a warning to tech firms that they could face enforcement action if they do not comply with new online safety laws which will apply from December 2024.

Why it matters: The Online Safety Act introduces stringent measures to protect users from illegal content and imposes significant penalties for noncompliance.

Details: The Online Safety Act will be implemented in phases, starting with a focus by the end of this year on illegal harms (Phase 1). Organisations will then have three months to assess and mitigate risks related to illegal content on their platforms.

The maximum penalty will be greater of £18 million and 10% of the qualifying worldwide revenue. In serious cases, a court may block access to the service in the UK.

The bottom line: Companies should act swiftly to align with the new requirements.

Learn more:

• Age Assurance for Internet Society Services
• Ofcom Implementation Timeline

ICO Scrutinises Children’s Privacy on Digital Platforms

The ICO’s Tech Lab recently audited 34 social media and video platforms for compliance with the Children’s Code. Eleven of those platforms were subject to further review following compliance concerns related to default privacy settings, geolocation and age assurance.

Why it matters: Ensuring children’s privacy online is a top regulatory priority in the UK. The ICO’s proactive approach highlights the importance of protecting children’s personal data.

What’s next: Following its audit, the ICO asked stakeholders for evidence on:

• How children’s personal data is used in recommender systems (algorithms that use people’s details to personalise content).
• Recent developments in using age assurance to identify children under 13.

The ICO’s consultation closed on 18 October 2024, which means that we can expect further guidance on the ICO’s compliance expectations in the coming months.

What Should Companies Consider Doing?

Organisations must adapt to evolving online safety regulations.

Why it matters: As legislation and guidance develop, companies face increasing regulatory oversight. They should take steps to comply or face potential penalties.

3 Ways Companies Can Prepare for Increased Scrutiny

1. Understand your users: Determine whether children use your services and which regulations apply to your company.
2. Review and enhance safety features: Evaluate mechanisms to protect users from illegal content. Investigate whether new technologies or procedures could bolster them.
3. Conduct risk assessments: Thoroughly assess risks to ensure legal compliance and readiness for investigations.

Want to know more? Contact one of the authors (Shannon Yavorsky, Adele Harrison and Colette Deamer) or another Orrick Team member.