Riding the Peloton of Online Safety
The practice of online safety as a discipline in the technology sector has, until fairly recently, felt rather like an afterthought. In the early days of social media, speed to market was often prioritised in the race for people’s attention, driven by a ‘move fast and break things’ ethos. While this undoubtedly stimulated innovation and helped some be first to market, users’ wellbeing and welfare were rarely, if ever, a serious consideration. The result was an asymmetric relationship between users and platforms, where issues of trust and safety were handled unevenly and often at the companies’ sole discretion.
The dial is, finally, shifting. Online harms are being recognised as having a devastating impact on individuals whilst tearing at the fabric of democracy and society. Safety is now emerging as a ‘third pillar’ of digital trust, sitting alongside privacy and security. A global community of professionals, representing platforms, civil society groups, and public authorities is rapidly forming to place safety front and centre of efforts to minimise harms online. As a tech-industry veteran of more than 25 years, I can honestly say that such a reality was hard to imagine even a decade ago, while conceding there is still work to do.
We all have a responsibility here to ensure we are turning this concern for online safety into action – across all sectors of the economy and industry. It’s fitting to be in France when I think about the importance of the peloton in overcoming the drag of resistance, banding together to ride faster and more effectively towards a goal.
Australia’s eSafety Commissioner was the first public authority to focus on regulating online safety. We opened our doors in July 2015, built around a world-first scheme to address serious child cyberbullying. That scheme sat alongside Australia’s long-standing online content scheme, aimed at ensuring that Australia would never become a safe harbour for illegal content such as Child Sexual Exploitation Material. Since 2015, we have been granted additional responsibilities, such as powers to remediate the harms done by image-based abuse, and to notify services they are sharing violent terrorist propaganda.
Earlier this year, landmark Australian legislation commenced that addresses all these harms – and more. In addition to child cyberbullying, image-based abuse, and illegal online content, the Online Safety Act (OSA) gives eSafety the power to direct removal of seriously harmful adult cyber abuse material, such as calls for violence directed towards a person. eSafety now has a specific legislated power to order ISPs to block certain terrorist and violent extremist content during events such as the 2019 livestreamed terror attacks in Christchurch.
Through a set of Basic Online Safety Expectations, we can compel reporting from a variety of online services, including social media services. This reporting requires companies to ‘show their working’ about how they tackle specific safety concerns on their platforms. Eight sections of the digital industry will also be held to a higher standard than ever before, withs industry codes obligating services to prevent or limit Australians’ access to illegal and restricted content.
This evolution has not been without a certain learning curve. New legislation of the OSA’s scope and reach requires a commensurate degree of transparency, rigour, and accountability.
The OSA’s novel features and schemes create an interlocking framework for control of harm. This framework endows the eSafety Commissioner with considerable operational flexibility. Industry, as the target of the regulations, and the public as the beneficiaries, deserve to know how we will use our powers. To that end, we have published regulatory guidance setting out our approach to administering each scheme. Such transparency is crucial if we are to be seen as a responsive regulator, and we expect to be held to the measure we have set for ourselves.
I expect for our decisions to always be supported by the highest investigative standards. eSafety’s investigations teams are drawn from a wide variety of disciplines, including law enforcement, legal practice and client-focused frontline services. They are given operational support by in-house lawyers specialising in our regulatory context, and technical support via a team of dedicated developers. An internal Regulatory Action Committee scrutinises the most challenging and ‘grey area’ cases, providing a strong governance layer to ensure that ‘rigour’ is our watchword.
Finally, this evolution has required eSafety to be ready to be held accountable for our decisions. Those affected by an investigative outcome now have several avenues for review of that decision. An internal review process was legislated as the Online Safety Bill passed the Australian Senate – a measure I strongly welcomed at the time. A person can also seek formal review of the merits or legality of a decision through existing tribunal and judicial arrangements. Finally, the Commonwealth Ombudsman is available to assess a complaint about whether we have used our powers fairly and appropriately.
Ours has been a journey of maturation, as we move from being one of the most important agencies no-one has ever heard of to a trusted name – a bulwark against harms – known by a growing number of Australians and, increasingly, others around the globe.
We are at a watershed moment internationally. The OSA is now among several pieces of legislation around the world designed to protect citizens online and to hold providers of digital services to a set of enforceable standards. This includes the UK’s proposed Online Safety Bill, Ireland’s Online Safety and Media Regulation Bill, and online safety reform work underway in Canada.
That authorities are thinking about online harms and safety regulation in a similar way fills me with optimism. Of course, the recent political agreement between the European Parliament and EU Member States on the Digital Services Act deserves special mention. This is an inflection moment in Europe, and the world, and a milestone worth celebrating. We know that European rules can often serve as the de facto global standard and we remain committed to ensuring that the Commission, and others, can learn from both our successes – and mistakes.
I am most excited to see safety by design principles feature so heavily throughout the DSA. For those who have followed eSafety, you will know that I have long championed safety by design as an idea whose time has well and truly arrived. I often refer to this as the digital industry’s ‘seatbelt moment’, harkening back to the point in the auto industry’s history when regulation finally began to address systemic failures, so that cars were safe and roadworthy the instant they left the showroom. We should expect nothing less than virtual seatbelts from the owners of the platforms we and our children use every day.
Rather than as a postscript or awkward bolt-on, safety is finally being considered first. Not always and not by all, but by a growing number and sooner than has been the case. The fact that industry now supports such a large profession of trust and safety practitioners speaks volumes about this being a transition moment, a moment where industry moves from its awkward teens to young adulthood.
But there will always be a job for public authorities like the eSafety Commissioner to intervene and exercise remedial powers when things go wrong – as they inevitably will. Even so, we recognise that the successful practice of safety and trust requires a community, a global community – one in which we are proud to play a role. If we continue to work in tandem, whether uphill or on the flat, we can continue to be a growing and thriving network of professionals driving towards better online safety outcomes. Riding in the same direction, we can be the online safety peloton.
- Cyber industrial safety
- Security and Stability in Cyberspace
- Cyber risks
- Operational security
- Antifraud action
- Digital identity & KYC
- Digital Sovereignty
- Digital transition