In light of the political and policy deadlock in the United States (U.S.) on social media regulation (notably on Section 230), changes in regulation of these platforms will occur overseas.
The United Kingdom (UK) could soon have a new regulatory scheme in place that would require platforms like Facebook, Instagram, YouTube, TikTok, and others to meet moderation standards or face fines as high as £18 million or 10% of “qualifying worldwide revenue, whichever is greater,” and possible criminal liability. The Office of Communication (OFCOM) would get new authorities to ensure that three classes of platforms meet the new standards: 1) internet services that provide “user-generated content” (e.g. Instagram or Snapchat); 2) search engines; and 3) internet services providing or publishing pornography. These new requirements range from more transparent and predictable moderation policies users can contest and appeal to identifying and taking down some harmful and illegal content to identifying and mitigating risks to adults and separate risks to children.
The new government has resumed the Johnson government’s push to enact the “Online Safety Bill” and the revised legislation moved this week from the House of Commons to the House of Lords. However, as has been the process since the first version of the bill was introduced in May 2021 following a white paper published two years earlier (see here for my analysis and explanation of the history and original bill), the bill has undergone significant changes. In the run up to unveiling this first bill, the Johnson government agreed to new criminal offenses, protecting children from pornography, online scam advertising, and anonymous trolling (here, here, here, and here.)
A number of stakeholders celebrated news in late 2022 that provisions were stricken requiring platforms to remove legal but “harmful” content. Instead platforms must provide adult users with controls so they screen out content they do not want to see.
Late last year, the Secretary of State for Digital, Culture, Media and Sport (DCMS) Michelle Donelan wrote “an open letter to parents, carers and guardians, setting out the key measures in the government’s Online Safety Bill” and the DCMS issued a “guide” to the revised bill.
More recently, in order to secure passage from Commons, the Tory government in London conceded to demands from party members this week. One account said new British Prime Minister Rishi Sunak faced defeat on language to add criminal liability for social media senior officials for failing to comply with the children safety requirements. Apparently, backbench Tories were prepared to vote with opposition Labour MPs, but seeing an inevitable defeat, Sunak’s government gave way. The language will supposedly get added during consideration in the House of Lords. Nonetheless, the bill may face longer odds of passage in the House of Lords.
Nonetheless, the government has provided a summary of changes. The DCMS published an “Overview of expected impact of changes to the Online Safety Bill” that “outlines the rationale driving the changes made to the Online Safety Bill during House of Commons passage and provides an initial, qualitative assessment of where changes to costs are expected and whether these changes are likely to be increases or decreases from the accompanying final impact assessment (IA).”
Additionally, for those interested in a high-level explanation of how platforms would need to change their operations in the UK, the latest Explanatory Memorandum accompanying the revised bill to the upper chamber of Parliament provides this summary:
Additionally, the UK is not the only government taking action. In mid-2021, Australia enacted the “Online Safety Bill 2021” and the “Online Safety (Transitional Provisions and Consequential Amendments) Bill 2021” (see here for more detail and analysis of the bills as introduced.) More recently, the European Union enacted the “Digital Services Act” (Regulation (EU) 2022/2065) that includes “[m]easures to counter illegal content online, including illegal goods and services.”
The European Data Protection Board (EDPB) summarized the results of its 17 January plenary meeting. The Board said it is working on its opinion of the draft adequacy decision for the EU-U.S. Data Privacy Framework. The EDPB “adopted a report on the findings of its first coordinated enforcement action, which focused on the use of cloud-based services by the public sector” and “a report on the work undertaken by the Cookie Banner Task Force.”
The United States (U.S.) National Institute of Standards and Technology (NIST) issued the CSF 2.0 Concept Paper as part of its process to revise the NIST Cybersecurity Framework (CSF) that “outlines more significant potential changes in the CSF…informed by extensive feedback in response to the NIST Cybersecurity Request for Information and the first workshop on CSF 2.0.”
The European Parliament voted to ratify the Second Additional Protocol to the Convention on Cybercrime (Budapest Convention), the aim of which “is to provide common rules at international level to enhance co-operation on cybercrime and the collection of evidence in electronic form for criminal investigations or proceedings” according to the European Commission.
The United States (U.S.) National Telecommunications and Information Administration (NTIA) announced “a Request for Comment on how companies’ data practices may impose outsized harm on marginalized or underserved communities.”
Ireland’s Data Protection Commission (DPC) announced “it has fined WhatsApp Ireland €5.5 million (for breaches of the GDPR relating to its service)” and has directed the company “to bring its data processing operations into compliance within a period of six months.”
Two European Union cybersecurity measures have taken effect: NIS 2(Directive (EU) 2022/2555) and the CER Directive (Directive (EU) 2022/2557), which the European Commission characterizedas “two key directives on critical and digital infrastructure [that] will enter into force and will strengthen the EU's resilience against online and offline threats, from cyberattacks to crime, risks to public health or natural disasters.”
The European Parliament adopted a report that “asks for harmonised rules to give parents a good overview of and control over what games their children play as well as how much time and money they spend playing” including “clearer information on the content, in-game purchase policies and target age group of games, possibly along the lines of the Pan European Game Information (PEGI) systemalready used in 38 countries.”
The United States (U.S.) National Artificial Intelligence Research Resource Task Force voted to approve its “implementation plan and roadmap” for the National Artificial Intelligence Research Resource. The entity submitted its interim report in May 2022.
Brazil’s National Data Protection Authority (ANPD) published its “Follow-up and Execution Balance of the ANPD Regulatory Agenda for the 2021-2022 biennium” that “details the progress of the Agenda's projects.”
Tweet of the Day
“The clock is ticking on a TikTok ban” — recode
“US obtains exclusion of NGOs from drafting AI treaty” — Euractiv
“Alarmed by A.I. Chatbots, Universities Start Revamping How They Teach” — New York Times
“Norton LifeLock says thousands of customer accounts breached” — Tech Crunch
§ 18 January and 19 January
o The United States (U.S.) National Institute of Standards and Technology’s (NIST) Internet of Things (IoT) Advisory Board will hold a meeting.
§ 19 January
o The United States (U.S.) Federal Trade Commission will hold an open meeting.
§ 23 January
§ 26 January
o The United States (U.S.) Federal Communications Commission will hold an open meeting.
o The United States (U.S.)-China Economic and Security Review Commission will a public hearing on “China's Military Diplomacy and Overseas Security Activities.”
§ 1 February
§ 15 February
o The United States (U.S.) National Institute of Standards and Technology (NIST) will hold the Journey to the NIST Cybersecurity Framework (CSF) 2.0 | Workshop #2.
§ 1 and 2 March
o The United States (U.S.) National Institute of Standards and Technology’s Information Security and Privacy Advisory Board (ISPAB) will hold its first quarterly meeting of the year.
§ 29 and 30 April
o The G7 Digital and Technology Ministers' Meeting will take place.