Radar - March 2023 – 2 / 4 观点
The Online Safety Bill (OSB) is currently at Committee Stage in the House of Lords and heading towards its final stages. Under the OSB, all regulated firms will be required to do a risk assessment of illegal content that may appear on their service. Services likely to be accessed by children will also have to assess the risk of content which is harmful to children.
Ofcom's role with regard to risk assessments is to provide guidance on carrying them out, including by explaining what type of content needs to be covered, how harmful content might appear on a service and good risk management practice as a part of service design, organisational culture, and strong governance.
Ofcom has set out its planned approach to risk assessments under the Online Safety Bill.
Ofcom's proposed approach to risk across the online safety regime will be framed to achieve that:
Ofcom says its guidance will cover the kinds of evidence to be considered in risk assessments and what is likely to meet the requirement that assessments are "suitable and sufficient" for different types of organisation – larger services are likely to have a higher bar to meet in this respect. To that end, Ofcom plans to outline an additional set of evidence inputs for services which need to consider a range of sources of evidence to inform their risk assessments.
While recognising there is no 'one size all' approach, Ofcom says a good risk assessment should help a service anticipate and address the ways in which their users could be exposed to greater risks of harmful content. They should ask questions like:
Ofcom has developed a four-step process which can be applied by services of all types and sizes:
Going forward, Ofcom says it is working with service providers and regulatory counterparts to help improve risk assessment coherence under different regimes, notably, the EU's Digital Services Act.
Ofcom plans to launch consultations on its risk assessment guidance on illegal content and on children's risk assessments, as soon as its powers under what will become the Online Services Act, have commenced. Ofcom also plans to publish a sector-wide register of risk assessing the risks of harm presented by illegal content on user-to-user and search services, and risk profiles which will set out key risk factors services should take account of when they conduct their assessments. It will also produce Illegal Content Judgments Guidance to explain the offences covered by the OSB and help services make judgments about whether content is illegal content.
Much of Ofcom's approach to risk assessments has been informed by its role under other principles-based legislation, as well as by a wide ranging literature review. It says it has learned from a review of best practice and industry standards, that good risk management is not a single process but a broader approach by companies which puts risk-awareness at the forefront of decision making – a culture or risk-awareness and prioritisation by all teams across an organisation. Video Service Providers should note Ofcom's recommendation that they complete risk assessments even though not required to do so under the current VSP Regulations. Ofcom also refers to the importance of internationally recognised risk governance standards (eg ISO 31000 and the Three Lines Model) in helping with a risk-focused culture as a fundamental part of an organisation's governance and leadership.
Ofcom cannot begin consulting on more detailed risk assessment guidance until the OSB becomes law, but this document sets out a framework for its priorities and the direction it is likely to take. Impacted service providers can begin steps to set up reporting and review processes now, even if the detail of what will be required is not yet clear.
Once Ofcom's guidance has been finalised, relevant services will have three months to complete their first illegal content risk assessments.
Debbie Heywood looks at the latest proposals for changing UK data privacy law following the publication of a second Data Protection and Digital Information Bill.