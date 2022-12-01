The Online Safety Bill now proposed by the UK Government will no longer define specific types of legal content that companies must address. The Bill is due to return to Parliament next week. The first amendments have been tabled to the Bill in the Commons for Report Stage on Monday, December 5. Further amendments will be made at later stages of the Bill’s passage, says the Department for Digital, Culture, Media & Sport (DCMS).

At the Digital Secretary Michelle Donelan said: “Unregulated social media has damaged our children for too long and it must end. I will bring a strengthened Online Safety Bill back to Parliament which will allow parents to see and act on the dangers sites pose to young people. It is also freed from any threat that tech firms or future governments could use the laws as a licence to censor legitimate views.

“Young people will be safeguarded, criminality stamped out and adults given control over what they see and engage with online. We now have a binary choice: to get these measures into law and improve things or squabble in the status quo and leave more young lives at risk.”

The DCMS says that the Government will no longer repeal elements of the Malicious Communications Act and Section 127 of the Communications Act offences; as used recently in a prosecution where a Yorkshireman was found guilty of sending an email to England football manager Gareth Southgate.

Comments

The charity the NSPCC has complained that the proposed new law was delayed from July – and delayed further after the appointment of the new Prime Ministers Liz Truss then Rishi Sunak. The charity among others has raised concerns that social media remains awash with dangerous material like that which contributed to the death of Molly Russell; Instagram and Pinterest were found to contribute to her death at an inquest in September. The NSPCC wants every platform to have to put measures in place to protect children from harmful and distressing content like that which contributed to Molly Russell’s death – not just those that have a ‘significant’ number of child users.

See also a blog on the UK Safer Internet Centre (UKSIC) website, about a seminar at platform Meta’s offices in London in mid-November. Kathryn Tremlett manages the Report Harmful Content helpline for the UKSIC. She said the Bill is not currently designed to help individuals: “It is fair to say the Bill itself is focused on high level strategy and policy and not on victims – and it is important that is addressed. I have a real concern over the removal of impartial dispute resolution, and it needs to be maintained within this legislation. Fundamentally, to make the UK the safest place in the world to go online, the welfare of victims needs to be at the heart of the incoming Bill.”

It’s anticipated that the telecoms regulator, Ofcom, will take on new duties in 2023 under the Bill. Hence its recent statement with the data protection regulator the ICO that sets out shared regulatory aims.

Meanwhile the EU-wide, pre-Brexit Network and Information Systems (NIS) Regulations will be updated so third-party firms providing IT services to businesses will be compelled to have cybersecurity in place to protect them and clients’ data, with fines for non-compliance.

Jordan Schroeder, managing CISO at Barrier Networks, said: “When any provider manages an organisation’s infrastructure, it must always deploy state of the art security as it has an even greater duty to keep it available and safe. Otherwise, if the provider was to suffer an attack, it could potentially bring all its customers down causing widespread chaos and significant disruptions and financial loss.

“Incidents like these were demonstrated when attackers successfully compromised the networks of Kaseya and SolarWinds, and the UK government clearly wants to avoid attacks like these happening again in the future. However, regulations should always be viewed as a baseline for good security, they are far from bulletproof.

“Responsible organisations will not only implement the NIS2 Directive requirements, but they will also implement more robust defences to improve their resilience against attackers.”

Yaron Kassner, co-founder and CTO at Silverfort, commented that MSPs present a ripe target for attackers. “As central points of cybersecurity management for lots of organisations – they provide a jumping off point for lateral movement inside a large number of environments. As we saw with Operation Cloudhopper – attackers were able to access MSP customers using seemingly legitimate credentials, before moving through the network to exfiltrate data. While controls such as MFA on internal resources could technically help address attacks like this, regulation provides a necessary impetus to ensure MSPs act according to best practice.”