Tech industry stakeholders have raised concerns over the ambiguity of an amendment to the new Online Safety Bill, which they say could harm the UK’s digital economy and result in jail time for senior managers of tech companies.
Also known as the Online Harms Bill, the legislation will make provision for communications regulator Ofcom to sanction tech companies such as social media firms for harmful content online. However, a new amendment to Section 11 of the Bill, which holds senior managers of tech companies liable for harmful content hosted on their websites, has been described as lacking definition.
Stakeholders say there is no clear picture of what criminal offences senior management of tech companies could be tied to, and this could deter venture capital funds (VCs) and tech executives from abroad doing business in the UK, impacting the digital economy.
It is the latest concern to be voiced about the sprawling Online Safety Bill, which is designed to protect people from viewing harmful content online but could threaten end-to-end encryption, and put UK data at risk of cyberattacks.
Online Safety Bill amendment ‘too broad’
The latest amendment, brought forward as part of the reporting stage of the Online Safety Bill, refers to ‘individuals providing regulated services: liability’. This clause of Section 11, refers to ‘two or more individuals who together are the provider of a regulated service’.
According to the draft Bill, an “officer” of a company could include a “director, manager, associate, secretary or other similar officers”. It could also include a “person purporting to act in any such capacity” or a partner if the company is incorporated outside of the UK.
This section of the draft bill lacks a clear process or definition says Anthony Walker, deputy CEO of tech vendor trade association techUK. “At the moment, we don’t even know what offences could have this senior management liability attached to them,” Walker says. “We think it’s not particularly workable.”
He also raised concerns about individuals taking criminal responsibility: “There’s a preconception that [officers] just means the most senior executive within a business. That’s not necessarily the case,” he says. “If you think about a start-up, it could be a named individual, but it’s unclear; that’s one of the weaknesses of this amendment.”
UK Government wants senior managers of tech companies to be accountable
The Government reluctantly backed the amendment after 50 of its MPs threatened to rebel and block the bill’s progress unless personal accountability for managers of tech companies was introduced.
During a debate on the bill yesterday, digital secretary Michelle Donelan told the House of Commons that senior managers of companies would be accountable if they did not block children from viewing damaging online content.
She said that the bill “will be carefully designed to capture instances where senior managers, or those purporting to act in that capacity, have consented or connived in ignoring enforceable requirements, risking serious harm to children”.
Donelan did confirm that the amendment would not affect individuals who had acted in “good faith to comply” in a proportionate way. She confirmed that criminal liability would be introduced for “bosses” who failed to comply with a notice from the regulator.
However, Rashik Parmer, chief executive of BCS, the Chartered Institute for IT, said that the introduction of criminal liability for senior managers must be paired with digital education.
“The technologists that I know care deeply about online safety,” he says. “But protecting young people takes a combination of both policy changes and long-term education.”
He concedes that tech leaders have an important part to play in keeping people safe on social media platforms: “It is vital that those responsible for creating the technology woven into our lives meet the very highest standards of competence, inclusivity, ethics and accountability.”
“But, if senior manager liability is introduced it must be balanced with programmes of digital education and advice, so young people and their parents can confidently navigate the risks of social media over a lifetime,” he concluded.
Negative implications of the Online Safety for the UK digital economy
The latest bill amendment could also see VCs and senior managers in companies outside of the UK pulling away from doing business in the country, says techUK’s Walker.
“If you’re setting up a business in the UK or if you’ve got a large business and you’re thinking about relocating some of your big senior executives, your legal team will look at the regulatory environments and risk,” Walker argues. “The problem here is that general counsel could look at the UK and see that there is open-ended senior management liability… so maybe they won’t put them in the UK.
“There’s a risk that [the UK] loses the investment pool that having senior executives in business in-country enables.”
The other downside to the draft amendment is that start-ups and scale-ups could miss out on VC funding because they could also be at risk from some of the proposed clauses,” Walker says.
“There’s a risk that [the government will] make the UK less attractive to VCs and less attractive as an investment location,” he adds. “There’s a sense of it tipping the balance a bit away from the UK being seen as a well-regulated market.”
In a statement, the Department for Digital, Culture, Media and Sport (DCMS) said: “The government is carefully considering all proposed amendments to the world-leading Online Safety Bill.”
Tech Monitor requested an updated impact assessment relating to the amendment but didn’t receive a comment by the time of publication. It is expected that 25,100 businesses that fall into the bill’s scope and will spend £250m to avoid legal action by regulator Ofcom.
The Online Safety Bill passed its third reading yesterday and will go to the House of Lords for consideration.