The Online Safety Bill becomes law—will it really make the internet a safer place?

The debate surrounding the Online Safety Bill has been hitting the news for a while. After six years in the making, as of September 19, 2023, the UK Parliament gave the final green light to the proposed legislation after some last minute amendments.

The over 300-page-long bill promises to make "the UK the safest place to be online," yet it has managed to gather criticism from all fronts—from VPN services and messaging platform providers, to politicians, civil societies, industry experts and academics. Commentators are especially worried that some provisions may end up enlarging the government's surveillance and censorship reach, curbing people's privacy and undermining safety online instead.

Now that the law is set to be soon enforced, the public is divided between those who see it as a win or threat to internet users in the UK. In reality, the balance seems to tip heavily towards those voicing their concerns.

New duties for digital platforms

As the Bill finally passed its last and final reading into the Parliament, Technology Secretary Michelle Donelan said to be "immensely proud" of this "game-changing piece of legislation" which promises to deliver a "better future for British people, by making sure that what is illegal offline is illegal online."

It rules out a series of new powers and obligations for social media platforms and digital services, and recognizes a list of new offences, too, including cyber-flashing and the sharing of "deepfake" pornography.

Digital platforms now have a "duty of care" to protect children and prevent them from accessing harmful and age-inappropriate content, while enforcing age limits. They need to give an option to users to filter out harmful content, while parents will be entitled to obtain information about their children from tech firms. Platforms are also required to be transparent of all the risks of using the services beforehand.

Tech firms are responsible for removing illegal content from their platforms, too—from child sexual abuse, extreme sexual violence and coercive behavior, to illegal immigration, self-harm, animal cruelty, and terrorism. Penalties for non compliance include fines up to £18 million or 10% of their global annual revenue, whichever is larger, and even prison time for the company's owners.

The Bill is now just waiting for Royal Assent, which will make it officially law. After that, Ofcom will be in charge of enforcing the new provisions. 

The law comes from a pressing demand to make the internet safer, especially after the death of 14-year-old Molly Russell was provoked by her exposure to self-harm content across Pinterest and Instagram. Campaigners have been also warning of an increase in child sexual abuse looming behind these digital spaces that needed legal actions to be halted.

That's why the UK's children charity NSPCC is said to be delighted by the long-awaited news. 

"We have campaigned strongly for change alongside brave survivors, families, young people and parliamentarians to ensure the legislation results in a much safer online world for children," said its Chief Executive, Sir Peter Wanless. "Children can benefit greatly from life online. Tech companies can now seize the opportunity to embrace safety by design." 

However, according to Robin Wilton from the internet freedom advocacy group Internet Society, emotive cases aren't "safe or sensible basis" upon which to build a new legislation.

"The government wants to highlight individual cases precisely because they are emotive, and they distract from systemic, societal problems to which technology is not the fix," he said. "I am also sure that for every one of them, one could find a similar survivor story about someone whose wellbeing, safety, or even life was protected because they were able to communicate privately thanks to encryption."

Wilton believes that the Bill also fails its second part of premises, namely "to make Britain the best place in the world to set up and run a digital business." He said the provisions will by desgn make things worse for UK businesses instead.

Some last-minute amendments have included all companies offering digital services, no matter their size or how many people they reach, under the scope of the bill. This means that, if before the Bill was thought to impact about 25,000 firms, the numbers are likely to spike considerably.

"There will be thousands more who now face a compliance burden whose cost we don’t know, but which is certainly more than the Government’s token impact assessment suggests," he said. "The OSB makes the UK an expensive place to set up and run a digital business, and proportionally, the smaller you are the higher the cost will be." 

Will UK users be safer?

Well, while Donelan, Ofcom and child protection campaigners are positive about the results achieved, tech experts, digital rights groups and even some politicians don't really agree.

The main concern lies around the duty of removing illegal content that is not only still quite vague in terms, but also dangerous for the future state of Britons' free speech, as commentators warn of increased levels of censorship online as a result.

Open Rights Group deemed the Bill as an "overblown legislative mess" that could undermine the freedom of expression of many people in the UK. They are especially concerned about the so-called prior restraint that will be imposed across social media—in their words, "a particularly draconian form of censorship that bans content before publication. A court doesn't judge content to be illegal, that's up to tech companies."

Commenting on this point, Wilton told TechRadar: "I haven’t yet heard a Minister explain how citizens are safer if any conversation they have can be eavesdropped on or censored. That wasn’t the case before the digital world, and it’s certainly not the case now that we live our lives digitally."

There are also the issues around age verification control that open up a series of privacy risks for users, no matter their age. Far from simply protecting kids, this provision, according to experts at Electronic Freedom Foundation, would inevitably "lead to adults losing their rights to private speech, and anonymous speech, which is sometimes necessary." 

And, while encrypted messages are saved from side-scanning for now, that's just a half-victory for privacy fighters as the government is still committed to doing so when this will be "technically feasible." And, considering other controversial provisions currently being pushed through Parliament on this regard, the Online Safety Bill may be just the tip of the UK Surveillance State iceberg.

All in all, the Online Safety Bill went through a long journey lined by hopes, promises, controversies and long debates. This means that its vast scope and application have been shaped along the way, especially by the continuous effort of experts and civil societies, for delivering "at least a slight improvement on earlier versions," tweeted The Free Speech Union.

Clause 13 seeking to enforce the notion of "legal but harmful content" was scrapped, and so was the criminal offence for saying something online or offline that causes "hurt feelings." Also the focus of the Bill appears now shifted from "paternalist providers" to "empowered users."

Despite these changes being welcomed, the firms behind encrypted communication services, including Proton, Signal and Meta, have nonetheless corroborated their vow to quit the UK if their choice will be between protecting their users' privacy or bending to the new law.

Commenting on this point, Tutanota's co-founder Matthias Pfau told TechRadar: "As freedom fighters, we would rather fight the Online Safety Bill in court than tinker with our built-in encryption that protects the data of millions of users around the world. We have not given in to China or Iran who already block access to Tutanota, and we will not do so for the UK."