A quick follow-up to this week’s magnum opus. Many of you who read that post, as well as the one which preceded it, will be wondering why your work falls into the scope of the Online Safety Bill’s likely compliance requirements. After all, you’re just you, and your team, doing your thing. You’re not a social media site, you’re not a major platform, you’re not doing anything wrong, and you’re not hurting anyone.
So why are you being treated like you are, and why are you facing compliance burdens and costs which punish you for the sins of others?
I can offer a little bit of insight, if not a definitive answer, into the thinking that has gone into the breathtaking sweep of this Bill’s scope. It doesn’t explain why things are the way they are. But it might help you to understand the logic behind it.
It’s just an anecdote, not a sound fact that could be referenced in law or policy. But it’s a packed one all the same.
At some point in the past three years – I couldn’t tell you exactly when, because the pandemic has eaten up my sense of time, folks – I was in a crowded meeting about the Bill which included one of its creators.
A question was put to that person, and it’s the same question you’ve asked yourself this week: why is the scope so broad? Why is there no threshold, such as a minimum turnover or number of users, before the Bill’s provisions kick in? And for the split that there is, between the Bill’s “Category 1” (meaning Big Tech) requirements and “everybody else” requirements, why is it “everybody else” in the first place?
The policymaker’s answer was firm and immediate, and what they said was, tl:dr:
we have to include all smaller businesses in scope because OnlyFans has less than thirty employees.
Now think about that for a minute.
Because in that instant response, that policymaker revealed three very clear facts about their thinking, and how that thinking has shaped this Bill.
The first is that this Bill, whatever DCMS and its ministers may claim, is not a “fixing” Bill, one which has been designed to be constructive and positive in order to fix problems. It is a “getting” Bill, once which has been designed to be vindictive and negative in order to get specific companies. OnlyFans in this particular example, the usual suspects in others.
The second is that this Bill has been designed by people who are so out of touch that OnlyFans is their idea of the average small digital business.
And the third is that this Bill has been designed by people who are so out of touch that they think the harms issues raised by OnlyFans are the harms issues in the average small digital business.
Is it possible for a business with less than thirty employees to cause severe online harms? Absolutely. (Cambridge Analytica, after all, had a fraction of that.)
Should smaller businesses have to take some common-sense and proportionate steps to prevent online harms from arising on their services? Absolutely.
Is that how this Bill approaches things? Absolutely not.
Because its scope, proportionality, and compliance requirements for “everyone else” have been shaped by using the most extreme outlier of a small digital business – specifically, a consensual adult marketplace – as the starting point.
That really is what they think you do, and what you get up to with your time, and what sort of damage you cause.
That really is what they think of you.
Meanwhile, you’re just trying to keep the lights on and your sanity intact and your users safe: not from the nonexistent online harms in your project, but from the sort of people who claim to be the solutions to them.
Now get back to work, you filthy smut peddlers.
Update, 8 PM, 13 July 2022, over three years after it entered my life:
The Bill has been dropped from the Parliamentary agenda, and just possibly, for good.