UK Online Safety Regulations and impact on Forums
- Thread starter lazy llama
- Start date
-
- Tags
- regulation
.Interesting article here:
"...... So perhaps spare a thought for those who are getting to grips with core and enhanced inputs, puzzling over what amounts to a ‘significant’ number of users, learning that a few risk factors may constitute ‘many’ (footnote 74 to Ofcom’s General Risk Level Table), or wondering whether their service can be ‘low risk’ if they allow users to post hyperlinks. (Ofcom has determined that hyperlinks are a risk factor for six of the 17 kinds of priority offence designated by the Act: terrorism, CSEA, fraud and financial services, drugs and psychoactive substances, encouraging or assisting suicide and foreign interference offences).
Grumbles from whichever quarter will come as no great surprise to those (this author included) who have argued from the start that the legislation is an ill-conceived, unworkable mess which was always destined to end in tears. Even so, and making due allowance for the well-nigh impossible task with which Ofcom has been landed, there is an abiding impression that Ofcom’s efforts to flesh out the service provider duties - risk assessment in particular – could have been made easier to understand.
www.cyberleagle.com
"...... So perhaps spare a thought for those who are getting to grips with core and enhanced inputs, puzzling over what amounts to a ‘significant’ number of users, learning that a few risk factors may constitute ‘many’ (footnote 74 to Ofcom’s General Risk Level Table), or wondering whether their service can be ‘low risk’ if they allow users to post hyperlinks. (Ofcom has determined that hyperlinks are a risk factor for six of the 17 kinds of priority offence designated by the Act: terrorism, CSEA, fraud and financial services, drugs and psychoactive substances, encouraging or assisting suicide and foreign interference offences).
Grumbles from whichever quarter will come as no great surprise to those (this author included) who have argued from the start that the legislation is an ill-conceived, unworkable mess which was always destined to end in tears. Even so, and making due allowance for the well-nigh impossible task with which Ofcom has been landed, there is an abiding impression that Ofcom’s efforts to flesh out the service provider duties - risk assessment in particular – could have been made easier to understand.
The Online Safety Act grumbles on
Policymakers sometimes comfort themselves that if no-one is completely satisfied, they have probably got it about right. On that basis, Ofc...
Just going back to this - I think the guidance is clear that you have to assume you have children registered on your site if you don't have age verification software. Because otherwise there is no way of proving that you haven't (even though, admittedly, they are not likely to register for an automative service). The wording is in the first bit of the second box "Are there a significant number of children who are users of this service". How many people do you have registered who don't post? How can you show none of those are children? According to Ofcom, you can't know unless you have age verification software (and that doesn't work retrospectively even if installed now) so they are basically saying everyone should assume children can access the site if you don't have age verification software - which means everyone needs to do a child risk assessment.
Ok my conclusions so far.
If no age verification software, then to mitigate for a child risk assessment I would need:
1) No DM's
2) No embedded youtube videos (or any other video option due to server overload)
3) Any hyperlinks posted to go for manual moderation
4) Wide ranging key word auto moderation set up
5) New registrations prevented from posting links
6) An additional moderator or two.
Which would dumb down the site a lot.
To avoid all this and to have age verification software I would need:
1) $500 to $2000 to pay a developer to integrate the API into Xenforo
2) Charge 50p on registration to cover the 35p per age verification check
3) Everything else could stay as it is now except maybe one more part-time moderator
4) No DM's (not a great loss on this particular site).
One thought I had. If enough people wanted Age Verification, couldn't we make a group and all contribute towards paying a developer to develop a plugin we could all use? Which would only be for the verifymy option though.
If no age verification software, then to mitigate for a child risk assessment I would need:
1) No DM's
2) No embedded youtube videos (or any other video option due to server overload)
3) Any hyperlinks posted to go for manual moderation
4) Wide ranging key word auto moderation set up
5) New registrations prevented from posting links
6) An additional moderator or two.
Which would dumb down the site a lot.
To avoid all this and to have age verification software I would need:
1) $500 to $2000 to pay a developer to integrate the API into Xenforo
2) Charge 50p on registration to cover the 35p per age verification check
3) Everything else could stay as it is now except maybe one more part-time moderator
4) No DM's (not a great loss on this particular site).
One thought I had. If enough people wanted Age Verification, couldn't we make a group and all contribute towards paying a developer to develop a plugin we could all use? Which would only be for the verifymy option though.
Mr Lucky
Well-known member
Wed
This years profit of about £4k would have gone to a local school for mostly autistic kids and is no being held back just in case.
You could argue that lurkers would have the same ratio of children/adults as active users.
Ideally to cover international relevant time zones
Yes that might be possible. Such a thing may turn my non-profit into all/loss and given that any (otherwise) profit is mostly donated to charities that help special needs children it is rather ironic. (To date probably over £100,000)
This years profit of about £4k would have gone to a local school for mostly autistic kids and is no being held back just in case.
benFF
Well-known member
If you look at the case studies at the bottom of that document, it's very clear that's not the case
It also doesn't say no children are registered, just that a significant number are registered / make up the userbase.
Mr Lucky
Well-known member
Those case studies are useful in that for one of my forums, a residents association is targeted at property owners with a small minority of renters, so not targeting children.
The saxophone forum though is a different kettle of fish. Children have been very rare and but I’m sure when there are we can tell as they might ask questions about their high school band director being a ••••
But i can think of two examples in 15 years and we also had an age poll:
Last edited:
That was a good idea. Kind of indirect age questioning.
Fair enough. If your forum falls into a case study like one of those. The whole guidance is contradictory in places.If you look at the case studies at the bottom of that document, it's very clear that's not the case
It also doesn't say no children are registered, just that a significant number are registered / make up the userbase.
I would have great difficulty stopping 13 to 17 year olds joining up without age verification software - with the type of topic it is. Child's pet. Younger kids it tends to be parents who join up but many teens have their own pet.
Mitigating for a child risk assessment would be added work and pressure. An additional moderator would be hard to achieve - people have busy lives. I did have a second one previously but they left for health reasons and it wasn't too busy so fine with just one.
While the only real "risks" are spam links (which is very low risk with good spam prevention), I think I would not be in a very relaxed state wondering if someone was going to say something or post something that might upset a child or someone might complain. So age verification would give me peace of mind. No doubt the 16 and 17 year olds would get a parent to sign up and let them know the login .........
The Child Risk assessment stuff is very in depth though. Even talking about photos having exif data that could lead to communication between two people - what?!
I just don't want the pressure and responsibility of being solely responsible for child safety, with such an intricate legal act in the background, or risking complaints or reports.
Mitigating for a child risk assessment would be added work and pressure. An additional moderator would be hard to achieve - people have busy lives. I did have a second one previously but they left for health reasons and it wasn't too busy so fine with just one.
While the only real "risks" are spam links (which is very low risk with good spam prevention), I think I would not be in a very relaxed state wondering if someone was going to say something or post something that might upset a child or someone might complain. So age verification would give me peace of mind. No doubt the 16 and 17 year olds would get a parent to sign up and let them know the login .........
The Child Risk assessment stuff is very in depth though. Even talking about photos having exif data that could lead to communication between two people - what?!
I just don't want the pressure and responsibility of being solely responsible for child safety, with such an intricate legal act in the background, or risking complaints or reports.
Last edited:
chillibear
Well-known member
We do periodically have that woe - since people use phones a lot more now and there is GPS data in the EXIF I know of a few occasions when I've had to remind people to remove the EXIF data for privacy rather than essentially telling the world where they are.
That's disappointing I was just ploughing thorough their docs and pondering how you'd do the flow in XF
webbouk
Well-known member
Just throwing this into the mix - Is anyone qualified to carry out a Risk Assessment?
If you do carry out your own RA, what happens if that RA is challenged, or omissions found?
This has to be one of the most ill-conceived ideas I've yet to come across.
As for setting the age of a child as anyone under 18 -> you can get married in the UK at 16, legally give birth at 16 (+9months), you can even drive a car and join the Army at 16. Some would even have you believe that you can change your gender.
Another question - what about Facebook Groups, how do you control the use of them when FB themselves cannot?
If you do carry out your own RA, what happens if that RA is challenged, or omissions found?
This has to be one of the most ill-conceived ideas I've yet to come across.
As for setting the age of a child as anyone under 18 -> you can get married in the UK at 16, legally give birth at 16 (+9months), you can even drive a car and join the Army at 16. Some would even have you believe that you can change your gender.
Another question - what about Facebook Groups, how do you control the use of them when FB themselves cannot?
You can't get married until 18 now - the law changed (although it might be different in Scotland). 17 to drive. The 18 and over age limit is just related to "online harms".
And that is an issue. We aren't compliance lawyers. But Ofcom did produce this guide for small sites. They make it sound simple enough - until you come to the children aspect and separate child risk assessments which this guide doesn't go into. It's just for the initial, basic risk assessment.
"If organisations have carried out a suitable and sufficient risk assessment and determined, with good reason, that the risks they face are low, they will only be expected to have basic but important measures to remove illegal content when they become aware of it. These include:
www.ofcom.org.uk
And that is an issue. We aren't compliance lawyers. But Ofcom did produce this guide for small sites. They make it sound simple enough - until you come to the children aspect and separate child risk assessments which this guide doesn't go into. It's just for the initial, basic risk assessment.
"If organisations have carried out a suitable and sufficient risk assessment and determined, with good reason, that the risks they face are low, they will only be expected to have basic but important measures to remove illegal content when they become aware of it. These include:
- easy-to-find, understandable terms and conditions;
- a complaints tool that allows users to report illegal or harmful material when they see it, backed up by a process to deal with those complaints;
- the ability to review content and take it down quickly if they have reason to believe it is illegal; and
- a specific individual responsible for compliance, who we can contact if we need to."
Helping small services navigate the Online Safety Act
As the UK’s regulator for online safety, Ofcom makes sure organisations that provide online services are carrying out their duties to comply with new rules, to help protect their users from harmful content.
Mr Lucky
Well-known member
That would depend where you live, in the UK and most states in the US I think it’s 18. I’m not sure about other countries or states but we are talking about legal requirements not beliefs.
webbouk
Well-known member
Any unqualified attempt at a risk assessment is instantly failed when you read this:
The demographics of your user base, including users’ protected characteristics, media literacy levels, and mental health, may influence the risk of illegal harm. Vulnerable users, particularly those with multiple protected characteristics, are more likely to experience harm from illegal content and are impacted differently by it. We would expect you to consider these dynamics when you assess the risk of each type of illegal harm.
These dynamics are highly complex and context-specific, and evidence is provided in the Register of Risks (PDF, 4.65 MB) on user base demographics for each kind of illegal harm. This can help you assess this risk factor even if you do not have any service-specific information on the demographic of your user base.
User base demographics
The demographics of your user base, including users’ protected characteristics, media literacy levels, and mental health, may influence the risk of illegal harm. Vulnerable users, particularly those with multiple protected characteristics, are more likely to experience harm from illegal content and are impacted differently by it. We would expect you to consider these dynamics when you assess the risk of each type of illegal harm.
These dynamics are highly complex and context-specific, and evidence is provided in the Register of Risks (PDF, 4.65 MB) on user base demographics for each kind of illegal harm. This can help you assess this risk factor even if you do not have any service-specific information on the demographic of your user base.
Mr Lucky
Well-known member
Maybe we all need to give up then, hamsters or no hamsters
The sticking point for me, even with that simplified version is "taking it down quickly". Without 24/7 moderation.You can't get married until 18 now - the law changed (although it might be different in Scotland). 17 to drive. The 18 and over age limit is just related to "online harms".
And that is an issue. We aren't compliance lawyers. But Ofcom did produce this guide for small sites. They make it sound simple enough - until you come to the children aspect and separate child risk assessments which this guide doesn't go into. It's just for the initial, basic risk assessment.
"If organisations have carried out a suitable and sufficient risk assessment and determined, with good reason, that the risks they face are low, they will only be expected to have basic but important measures to remove illegal content when they become aware of it. These include:
- easy-to-find, understandable terms and conditions;
- a complaints tool that allows users to report illegal or harmful material when they see it, backed up by a process to deal with those complaints;
- the ability to review content and take it down quickly if they have reason to believe it is illegal; and
- a specific individual responsible for compliance, who we can contact if we need to."
Helping small services navigate the Online Safety Act
As the UK’s regulator for online safety, Ofcom makes sure organisations that provide online services are carrying out their duties to comply with new rules, to help protect their users from harmful content.