Let’s talk about the Online Safety Act (the Act) – it’s a big deal for everyone operating in the UK’s digital space, and that includes law firms. Think of it as a landmark piece of legislation designed to create a safer online environment.
Netflix’s Adolescence starkly portrays the vulnerability of young people to online manipulation and the erosion of their sense of self through excessive social media engagement, highlighting the very issues the Online Safety Act aims to address. The story is based around the family of a 13 year old boy and the fall out of a crime against a classmate that he commits. It’s just made viewing history with the stats of views still climbing.
Ofcom’s “Enforcing the Online Safety Act” can be read HERE. The ICO has some guidance on this topic around online safety and GDPR too, which you can read HERE (10 step guide to sharing information to safeguard children), and another piece of guidance HERE (Children’s Code Strategy).
Our blog here will go over the UK’s Online Safety Act and its implications for law firms. The Act places responsibility on businesses, including law firms, to protect users from harmful and illegal content, especially children.
Did you know that the Act lists over 130 ‘priority offences’, and tech firms “must assess and mitigate the risk of these occurring on their platforms”?
The priority offences can be split into 17 categories including fraud and financial offices, together with proceeds of crime.
Essentially, the Act puts the onus on businesses, and that includes the business of running a law firm, to protect users from harmful and illegal content, with a particularly strong emphasis on safeguarding children.
Of course the Act is inherently targeted at larger tech platforms.
Platforms must now act quickly to come into compliance with their legal duties, and our codes are designed to help them do that. But, make no mistake, any provider who fails to introduce the necessary protections can expect to face the full force of our enforcement action.
The Act introduces a whole raft of legal requirements, especially for those services that allow users to interact or offer search functions. We’ll go into that in more detail later in the blog.
As you will no doubt be aware, the Act received Royal Assent back in October 2023, and various provisions are already in effect. So, this isn’t something on the horizon; it’s happening now. For us in the legal profession, we know non-compliance can lead to hefty fines. So, it’s absolutely crucial that you, as a law firm, understand the Act inside and out, and get to grips with your specific responsibilities under the new law.
You’ll know that this Act is primarily to protect children online, but there has been a new Category 1 that’s been added since 2023, to protect adults too (self harm and suicide).
The definition of ‘appropriate measures’ for removing illegal content will really depend on the online service in question – what’s right for a social media platform with millions of users, won’t be the same for a small community forum.
We’d say to all readers of this article that their websites and social media platforms might need a look at, which we’ll highlight further down.
In the meantime, we suggest you look at your law firm for data protection, privacy, and risk management in any event. When was the last time you did this? Further to SRA’s ever evolving fining powers, and latest highlights such as this from Legal Futures “Director and law firm fined £50,000 for multiple compliance failures” it’s more important than ever to protect your clients and your reputation.
Data Protection and Privacy
The Act interacts with existing data protection laws, such as the UK GDPR. Law firms, which handle sensitive client data, must ensure their online practices comply with both sets of regulations.
What does this mean for you? Time now to review and update privacy policies to reflect the Act’s requirements.
It’s also time to implement robust security measures to protect client data online, if you haven’t already.
The Act introduces new risks related to online content and conduct. This means that as a law firm, you’ll need to assess these risks and implement appropriate mitigation strategies.
What might this look like for your firm? Depending on your readership and clientele, you may need to develop policies and procedures for handling online safety issues.
Again, depending on the size of your practice, you might have to provide training to staff on online safety best practices. We think this is a good idea in any event, so that you and your colleagues are aware of the Act in private lives too.
It’s recommended that there is ongoing monitoring of online activity for any potential risks.
It’s worth noting that Ofcom, the regulator in this regard, isn’t suggesting small businesses will be negatively affected, but essentially its regulatory requirements create a broader online safety environment that law firms must be aware of. While you’re not directly regulated by Ofcom, you must still ensure your online activities align with the Act’s goals and principles.
Law firms that offer employment law, contract law, regulatory compliance and criminal law will want to proactively guide and advise their clients with updates.
Our Data Protection Compliance service is designed to make sure law firms can clearly identify the risk to the data they process and put in policies, procedures, and controls to protect it. You can build on the Act to this work thereafter.
Talking of the Act, law firms could do a risk assessment that implements any changes you think your firm need to look into:
- Identifying Potential Risks: review the types of content hosted or shared on your website and social media (e.g., user-generated content, comments, videos).
- Analyse the likelihood of illegal or harmful content being present or shared on the platform.
- Assess existing content moderation practices and their effectiveness.
- Review policies for user reporting and complaint handling.
- Evaluate any automated tools used for detecting and removing harmful content.
- Analyse Potential Gaps: identify areas where current measures may fall short, such as detecting newer forms of harmful content. Consider emerging risks as the online landscape evolves.
- Compliance with Ofcom Guidance: ensure that your policies align with Ofcom’s codes of practice and that necessary reporting mechanisms are in place. Verify that terms and conditions are user-friendly and transparent.
- Action Plan: develop a strategy to address gaps, such as improving moderation systems, updating user guidelines, or enhancing staff training.
- Set measurable goals to regularly review and update the risk assessment.
- Regular Review Process: create a process for periodic reassessment of risks, particularly after platform updates or regulatory changes.
Teal Compliance Risk Assessment is the perfect starting block for dovetailing to your firm’s requirements under the Act.
Websites and Social Media Platforms
We live and work in a digital age and your law firm’s website and social media could possibly need tweaking or monitoring.
Does your law firm’s website have interactive features like blog comment sections, forums, or user-generated content, they may need policies written for content moderation? The processes would incorporate removing illegal content (e.g., hate speech). Of course law firm websites won’t be the click of choice for children, but if there is a potential for moderate harmful content on the site, you need to think carefully. Also, do have clear terms of use that outline acceptable and unacceptable content.
It’s worth taking the time to conduct your firm’s risk assessment for AML compliance at this time too.
Our website audit service provides a full and comprehensive review of your website, making sure it adheres to the SRA Regulations, so you could take advantage of aligning your website’s policies for these regulations as well as Ofcom’s.
We all need to look at our own social media channels to monitor any engagement for potentially harmful or illegal content. By this we mean you should:
- monitor comments and interactions on any of your posts (and check with the scheduling tool provider of their policies if you use one); and
- have processes in place to remove or report inappropriate content;
- Add to your terms of use or social media policies an outline about acceptable behaviour on your digital channels. This will back you up as a business and potentially protect you as you’ll be able to manage expectations and provide a basis for removing inappropriate content.
Teal Compliance Recommendations
Reviewing Online Policies: Law firms should review their online policies and procedures to ensure they align with the Act’s requirements.
Staff Training: Providing staff with training on online safety best practices is essential.
Monitoring Online Activity: Law firms should monitor their online activity for potential risks and take appropriate action.
Staying Informed: Staying up-to-date on the Act’s implementation and Ofcom’s guidance is crucial.
In essence, the Online Safety Act reinforces the need for law firms to take their online responsibilities seriously. They must ensure their online activities are conducted in a safe and responsible manner, and that they comply with the evolving regulatory landscape.
As pillars of our society, the legal profession simply has to adhere and align to regulations and rules to uphold the sanctity of our reputation.
Thanks for reading and do get in touch with us if we can support your form with its AML compliance and risk management undertakings.
Team Teal
