Online Harms Bill likely to make things worse rather than better

Online harms

With coverage of coronavirus and Brexit reaching saturation point, it would be easy to think that this was all the UK Government was thinking about right now. But this isn’t the case, which is not altogether a good thing.

Earlier this week, they published a white paper of the Online Harms Bills, a piece of legislation that is expected to come before Parliament early in 2021.

Censorship and fines

The headline issue in the legislation is undoubtedly plans to establish a statutory duty of care for online companies to their users. This means that online sites and social media providers like Facebook and Twitter will be legally required to identify, remove, and limit the spread of a variety of different types of online content.

This will include content depicting things like child sexual activity, terrorism activity, and suicide promotion. There will also be much stricter requirements over these sites protecting child users with requirements to control their ability to access harmful content and tools to deal with cyber-bullying and other anti-social behaviours.

Perhaps most controversial is the inclusion of misinformation in these new rules. This means that online platforms will be required to remove so-called ‘fake news’ content about things like the coronavirus vaccine and political content too.

The government intends to equip Ofcom with the powers to enforce these new laws. They will be the regulator and will be granted the power to fine companies up to up to £18m, or 10% of annual global turnover – whichever is higher.

They will also be handed sweeping new censorship powers, with the ability to require the blocking of any sites which refuse to comply with the new laws.

If these new powers don’t seem draconian enough, it has also been suggested that secondary legislation which could accompany the main bill may even give Ofcom the power to impose criminal sanctions against senior managers and executives at tech companies if they fail to comply with the new laws.

Support and opposition

There is no doubting that the new Online Harms law has the backing of the entire government. Culture Secretary Oliver Dowden, whose department will be taking the new laws through Parliament claimed that these proposed new laws meant Britain was “setting the global standard for safety online”.

Home Secretary Priti Patel, who is widely seen as being on the more libertarian side of the Conservative Party has also backed the plans. She has said that “tech companies must put public safety first or face the consequences.”

It will come as no surprise that Ofcom have also welcomed the planned new laws and the sweeping powers it will give them. Ofcom chief executive Melanie Dawes has said that there is a clear need for “sensible, balanced rules that protect users from serious harm”.

The big question is whether the new laws that are laid out in the Online Harms White Paper can really be described in that way. Certainly many online privacy and tech experts don’t agree, with Robin Wilton, Director of Internet Trust at the Internet Society describing the plans as “fatally flawed”.

Wilton’s concerns are those that have been expressed many times before in opposition to countless online security bills around the world. The UK Government’s plans are extremely vague about what content the new laws will cover and this leaves a lot of room for interpretation and abuse.

He highlights that the new laws are planned to penalise behaviour that is “legal but harmful”, while failing to define what a “harm” is. This, he explains, means internet users will be less secure online because they won’t know if what they are doing falls into this category and if it is being inspected.

In other words, the law risks undermining trust in the internet, from both businesses and individuals.

Competition and Encryption

There are also concerns about competition. The online marketplace is already dominated by the likes of Facebook, Google, Amazon, and Twitter, and laws like this will only serve to entrench their monopolies.

This is because the demands that are placed upon online companies to comply with laws like this are onerous and expensive. It is only tech behemoths like Facebook and Google that will truly be able to afford to comply.

This is why you won’t hear many objections to these new laws from them. Although they impose new costs on them, they also effectively eliminate the prospect of new internet companies rising up to challenge their market dominance.

The UK Government has included a token nod to this by creating two categories of companies, with the major internet players in category one and the rest in category two.

They claim this means that the majority of companies will fall into category two, and while this is good, it doesn’t remove the barriers to competition that these laws create.

Then there is the really big elephant in the room; encryption.

While it is not definitively stated in the law, the implication of the wording of the Online Harms white paper is that companies will be required to ensure all encrypted content complies with the new laws. This will mean they have to unlock encrypted data in order to view the content.

As Robin Wilton has explained, no way ‘to require companies to use technology to monitor, identify and remove’ content in end-to-end encrypted services without compromising the security of everyone using that service.

It remains to be seen how strongly this is enforced. It is worth noting that the Investigatory Powers Act 2016 technically gives the UK Government the power to demand access to encrypted communications, but they have not (as far as we know) used this so far.

That may be the case with this legislation as well but the fact remains that having the power to demand access to encrypted content poses a grave threat to online privacy and security as well as the wider security of the internet as well.

The inevitable loopholes

As it stands, there are plenty of loopholes in the law too. Things like encrypted emails appear to be exempt from the new laws and there is once again no mention of VPNs.

The best VPNs such as ExpressVPN and NordVPN are highly unlikely to comply with the new laws and their users will still be able to use a VPN to encrypt all of their online data so that neither Ofcom nor the UK Government can see what they are doing online.

The ultimate effect of this law, as it is with all legislation of this type, will not be to prevent so-called ‘online harms’ but to drive harmful content to more secure and deeper internet locations where they are far harder to monitor and act upon.

In the long-run, these laws are likely to make the situation worse rather than better. They still have to pass through Parliament and it remains to be seen if tech-savvy and privacy-conscious legislations can amend them in such a way as to make them both effective and user-friendly.

Given the government’s sizable majority, this appears to be highly unlikely.

Author: David Spencer

Cyber-security & Technology Reporter, David, monitors everything going on in the privacy world. Fighting for a less restricted internet as a member of the VPNCompare team for over 7 years.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.


  1. Many thanks, David – I appreciate you picking up my comments on the proposals. We have also commissioned research into the economic impact of measures like this (for instance, discouraging companies from developing or locating services in the UK), and hope to publish conclusions early in 2021.

    • Christopher Seward

      Hi Robin, thanks for the insights and taking the time to comment. It will be interesting to see the results of your study and will aim to get something written up when they’re published.

Leave a Reply

Your email address will not be published. Required fields are marked *