Delicate balance required, as regulators and lobbyist warn of the risks of over-regulation while research indicates users seek greater protection.

By Alain Traill

Both the ICO and the outgoing Chief Executive of Ofcom have sounded a cautious note regarding the possible consequences of UK proposals to introduce a new regulatory regime intended to combat online harms. The Internet Association — a Washington based lobbying group — has also voiced its concerns, suggesting that they risk discouraging businesses from continuing to operate in the UK.

The ICO did, however, offer support for key aspects of the proposals, and acknowledged that they identify an “important gap in the existing regulation of the internet”. Furthermore, research carried out on behalf of both Ofcom and the ICO has shown an increasing appetite for online regulation among UK web users.

The proposals, released earlier this year in the form of a consultation, aim to pave the way for a sweeping new regime to combat a non-exhaustive list of “online harms”, including the introduction of a duty of care to keep users safe and to tackle illegal and harmful activity and the possibility of significant fines in the event of non-compliance. The regulators’ warning came as the consultation closed and the proposals moved to the next stage.

Ofcom’s Chief Executive Sounds a Cautious Note

According to a speech by Sharon White at an NSPCC conference on 26 June, the new regime should be “proportionate” and should “protect freedom of speech”. Ms. White also warned that “blunt regulation” could in effect curtail the opportunities the internet provides for  users and organisations alike to share views. In particular, she referred to criticisms from news organisations, which are in part concerned that the proposals would have precisely the opposite effect to that outlined above in terms of online freedoms. Notably, Ms. White stressed that the new rules should be “targeted and balanced”. This is especially significant given the wide range of organisations and services in scope, the open-ended concept of online harms, and the broad range of potential enforcement powers, including the ability to “disrupt business activities” (for example, by blocking access to sites via internet service providers) and to issue potentially large fines.

ICO Echoes Concerns, Highlights Gaps in Proposals, and Calls for Coordination

Ofcom’s appeal for proportionate regulation was echoed by the ICO in its response to the consultation (issued 2 July), as it pointed out the need to “balance conflicting rights”. Interestingly, the ICO stressed the importance of both the codes of practice suggested in the proposals and the regulator of the new regime, being independent from government.

In terms of content, the ICO reiterated that it was “surprised and disappointed” at the failure of the proposals to actively target electoral interference, transparency in online political advertising, and micro targeting. As noted in this previous blog post, the list of online harms in the proposals is non-exhaustive. Whether or not that is ultimately reflected in the legislation, many will expect the additional “harms” identified by the ICO (and in other responses to the consultation) to be expressly called out.

Drawing on experience as an existing regulator in the online space, the ICO also offered a series of insights and suggestions as to how the new regime might operate. A common theme was coordination. On one hand, the ICO suggested a model whereby various regulators might collaborate in joint investigations — outlining existing statutory frameworks that enable this model as potential starting points. On the other hand, the ICO pointed to a series of existing concepts under data protection law and regulatory approaches developed by it, which it suggested might be leveraged as part of the new regime. These include the methodology created by the ICO for algorithmic auditing (i.e., auditing  applications that use artificial intelligence) and aspects of the ICO’s Age Appropriate Design Code, which will set standards for online services accessed by children when it comes into force (potentially later this year). Notably, the ICO was “supportive” of the proposal to allow designated bodies to bring “super complaints” to the regulator, and of the suggestion that Ofcom might be the designated lead regulator for online harms.

Internet Association Voices its Concerns

The Internet Association — which lobbies on behalf of a host of major technology companies — has also published its response to the proposals (28 June), in which argues that they risk creating “a disincentive for existing businesses to continue to provide their services in the UK”. Among a series of specific concerns, the response highlights the concept of a ‘duty of care’ and the potential for this to both create legal uncertainty (e.g. given the difficulty in clearly defining “online harm”) and be “unmanageable” in practice (e.g. given the perceived lack of technological solutions to entirely eliminate the risk of harmful content being shared).

Increasing Appetite for Online Regulation Among UK Users

In the meantime, however, research conducted in May of this year on behalf of Ofcom and the ICO has highlighted an increasing public appetite for regulation of online platforms. Specifically, 70% of adult respondents advocated more regulation for social media sites (up from 52% in 2018), while 64% (up from 46%) advocated more regulation for video-sharing sites and 61% (up from 40%) for instant messaging services.

Interestingly, 30% of adult respondents advocated more regulation for UK newspaper websites — up from the previous figure of 28% — seemingly emphasising that users see the level of threat as varying significantly depending on the platform in question. This approach is arguably in line with the ICO and Ofcom calling for a targeted approach to regulation.


The concerns noted by the ICO, Ofcom and the Internet Association on the one hand and an increasing desire for regulation from users on the other, highlights the delicate balance required under the new regime. As outlined in this previous blog post, a number of questions must be addressed in order to ensure that the scope and extent of the new regime is clear and appropriate and that the regulatory framework operates effectively. The insights offered by existing regulators in the online and communications fields are clearly invaluable in this respect. However, to what extent the proposals will ultimately be refined before they enter into law remains to be seen.

The Online Harms consultation closed on 1 July and the government is working to a strict timetable for implementation, with Culture Secretary Jeremy Wright confirming (at the NSPCC conference on 26 June) the intention to respond to results before the end of the year and to introduce legislation “as soon as possible next year”. Organisations across the online space will be keeping a close eye on the outcome.