As we both went through the process of trying to wrap our heads around the 1700-page Ofcom consultation on the Online Safety Act, which we both must do for our respective clients, geek tech lawyer par excellence Neil Brown did exactly what I did, which was procrastinate the task by blogging about it. He wrote:
How can anyone possibly think that the long tail of companies which are going to be impacted adversely by the Online Safety Act are going to manage to get on this? Frankly, I’m wondering how I could manage to do so, and I’ve been a lawyer working in this area for, well, quite a long time now.
Reading this alone is a task of many days. Understanding it will take even longer. Working out what, if any, response needs to go to Ofcom? Longer still. Part of me can only surmise that this is a shot across the bows by Ofcom, using this as an opportunity to showcase just what a mess a handful of lobbyists and politicians have created. To show unworkable it is going to be in practice. But that doesn’t make me feel any better that I cannot come up with a way to review this, let alone one which makes any sort of commercial sense.
If understanding the Act, and its obligations, and the requirements of Ofcom, is the preserve of massive law firms, who can throw loads of people at the task (££££?!), small companies have no chance.Neil Brown of Decoded Legal, who is an Actual Lawyer.
There’s no doubt that Neil is right about the message Ofcom is sending. As anyone who has ever provided services for a difficult client knows, sometimes all you can do is give the client exactly what they asked for. And to be clear, every word in those 1700 pages is just that, cited and footnoted. Your move, UK Gov.
But as I worked through the why and hows of this particular task, another possibility occurred to me about another message that Ofcom might be sending. It’s one that I heard before – that, in fact, a lot of people heard before – the last time we went through this.
And by this, I meant getting to grips with a regulation which was devised to “rein in the tech giants” – and very specific ones at that – but was drafted in a way that swept in virtually anyone with an online presence of any size in its wake.
That botched regulation resulted in massive public anger, crowdfunded advocacy campaigns, awkward government backtracking, and eventual concessions and climbdowns: an admission that the policymakers in question had indeed got the whole thing very, very wrong. The drama distracted those policymakers from their objective of “taming the tech giants” they legislated for in the first place, but even worse for them, it poured fuel on an existing fire of anti-government sentiment which was the absolute last thing they needed.
Remember that one? Yep.
It was VATMOSS.
For those who missed that joy – and Sweet Baby Cheeses, I will not be rehashing the whole story here – this was the drama that happened in 2014-2015, when the EU enacted a reform of how VAT taxes were accounted for in online digital purchases. The regulation was built entirely to target Apple and Amazon, and the way they routed all their e-commerce structures through Ireland or Luxembourg, in ways that saved them billions in taxes by depriving dozens of European countries of billions in tax revenue.
But, as I said, the problem was that the way the regulation was drafted, it swept in anyone doing any ecommerce of any kind in Europe. Not “big tech”. Not “tech giants”. Anyone. Small businesses, sole traders, even hobbyists selling the odd creative digital download on the side for fun. Everyone fell into this system. And as it was drafted, everyone was expected to comply as if they were Apple and Amazon.
If you want a recap of how it all went down, and how a scrappy band of unpaid small traders had to become Brussels lobbyists out of their own pockets in order to get the eventual concessions put in, here’s a talk I gave way back in 2016. (I need to state for the record that this was the second worst trip I ever had in my life, to the worst project I ever encountered in my life. The actual worst trip I ever had in my life was also with them several years later. Because of that, I’m reluctant to share the talk; and I’ll be clear that it is not an endorsement of that project.) There’s also a resource page here.
The cover image on this post is one of the advocacy campaign’s slides.
Now, the tl;dr on their initial achievement is that the EC was legitimately astonished to learn about this entire other world beyond “big tech” and the “tech giants”. They genuinely had no clue: not about small businesses, not about sole traders, not about hobbyists, and worst of all,
not about one particular community that got swept into the scope of the regulation.
That’s the one community you do not want to cross, ever, at the price of your own life.
Because if you think you’ve dealt with cutthroat political enemies, or intra-party backstabbing, or online troll mobs, I regret to inform you that you don’t even have a clue about the agony that awaits you if you piss off the online knitting community. That will be your final mistake. They will come for you. They will find you. They take no prisoners. They show no mercy. They will leave your head impaled on a giant knitting needle. They will knit tapestries depicting their final victory in battle, with your broken body depicted on a field of flowers.
Ladies and gentlemen, the EC pissed off the knitters.
And a lot of other people too.
And while they were admitting that they didn’t have a clue about independent e-commerce, they did admit one thing:
they just assumed that anyone trading online went through a platform.
They really did. They assumed that everyone used a third party provider, and a “tech giant” to boot. Which is why they assumed compliance would be simple, and free at that. They assumed someone else would take care of it.
So before the independent action campaign could advocate for their own businesses, which they put aside to run the campaign, they had to explain some absolutely astonishing basics about how the internet works to people who made digital policy for a living.
And let’s be clear: it took months for the EC to even consider that they’d made a mistake. Before they did that, they threw in a lot of attacks against the campaigners, the advocates, and anyone who had a problem with a law meant to “rein in the tech giants” but which slapped them in the face instead.
Campaigners were initially told by the EC “now now, dear, this is all quite simple and you just haven’t read it closely enough.” Advocates were accused of making trouble for its own sake. Advocates from the UK, as most of them were, were accused of stirring up anti-EU sentiment ahead of the referendum. Impacted businesses were accused of making overdramatic gestures.
And there was one other criticism thrown in, which finally brings us back to Neil’s post about the 1700 pages of reading that we are both procrastinating on by blogging.
A lot of policymakers and professional accountants – in other words, people who had been heavily involved with the crafting of the VATMOSS regulation years before any real-life trader had ever heard of it – responded to the controversy by hissing a particular criticism at the protesters and advocates:
You’re a professional and it was your responsibility to know about this.
In other words, all of those small enterprises and hobbyists were somehow supposed to have been keeping abreast of an EU tax law that was conceived, built, and promoted as being for Apple and Amazon. Just like accountants did!
Well that’s just silly.
So what was that line of criticism really about, then?
It was about gatekeeping.
It was about implying that people who didn’t monitor a law promoted entirely around Big Tech, and who thereby failed to resource the compliance work for it, were somehow being unprofessional.
It was about implying that those were the new rules of the road and anyone who didn’t monitor them was behaving irresponsibly.
And so it was about implying that people who were not capable of bringing small enterprises into compliance structures built entirely around Big Tech perhaps shouldn’t be trading at all.
In fact, I vividly recall one prominent Twitter lawyer saying that small enterprises should have been welcoming the VATMOSS compliance burden, as the formative experience meant to toughen them up into major players. Which is an interesting spin on the fact that the overwhelming majority of businesses in scope had no desire to be major players. They were happy as they were.
And for that, they were told you’re a professional and it was your responsibility to know about this.
That, I think, is part of what’s happening with Ofcom’s 1700 page consultation on the Online Safety Act.
(And FWIW, I suspect that’s the result of government pressure on them, not something they came up with on their own.)
Like VATMOSS, this is a law drafted to target “Big Tech” but which sweeps up everyone else in its scope. Because it’s been drafted to target Big Tech, it presumes Big Tech-sized legal and compliance teams. It assumes armies of these people.
And so the policymakers’ implication here is: if you don’t have a Big Tech sized legal and compliance team to eat into these 1700 pages, or if all you’ve got is a Neil or a me, well, then, perhaps you’re not professional enough to be online at all, hmmm?
For this is the UK, the most world-leading of world-leading nations, creating a world-leading internet of world-leadingness. So the implication here is: these 1700 pages are the rules of OUR road and if you don’t like that, get off it and go drive somewhere else.
Releasing a 1700 page consultation – the first of multiple tranches of this – is, in itself, a form of gatekeeping.
It sends a message which small enterprises can understand, loud and clear, without reading a single word of it. That message is: you don’t belong here.
The problem is that a lot of businesses are going to get the message and pull out.
And that’s not conjecture. That, thanks to VATMOSS, is a fact we learned the first time around.