What do online companies need to know about the Online Safety Act?

The online environment offers a wealth of opportunities, but it is also an increasingly treacherous place, where cyber bullying, abuse, and explicit content are all too common.

Since 2015, eSafety has dealt with more than 61,000 complaints concerning illegal or restricted content and, last year alone, 29.1 million reports of materials involving child sexual exploitation were made to the US-based National Centre for Missing and Exploited Children.

Experts say these statistics may be just the tip of the iceberg, with countless more incidents going under the radar.

In January this year, the new Online Safety Act 2021 came into effect in Australia, giving more powers to the eSafety Commissioner to help tackle these and other online safety issues.

But what do the new laws mean for online companies?

We spoke with the eSafety Commissioner’s Executive Manager for Legal, Marcomms and Research, Morag Bond, ahead of her keynote at the Australian Privacy Forum, to find out.

Why the need for new legislation?

Our laws need to keep pace with advances in technology and the threats we face online from harmful behaviour and toxic content.

A trend towards end-to-end encrypted messaging services and livestreaming, for example, can enable horrific material to spread unchecked on online platforms.

The new Online Safety Act which came into effect in January 2021 makes Australia’s existing laws for online safety stronger and more expansive.

Many of the amendments are world-first. For example, no other jurisdiction in the world has the powers we have to take down content involving serious adult online abuse, cyber bullying of children, and image based abuse (the sharing of someone’s intimate images without consent, sometimes referred to as ‘revenge porn’).

These expanded powers, combined with mandatory industry codes and the Basic Online Safety Expectations, aim to create an umbrella of online protections for Australians of all ages.

What are your current online safety priorities?

We want to make the online world safer for all people, but especially young people, who are the biggest – and most vulnerable – users of the internet.

Today 97 percent of teenagers use the internet daily and many of these are not under parental supervision or restricted access when browsing the web.

A particular concern is the ability of adults to contact children via online platforms. This gives rise to grooming, extortion and coerced, self-produced sexual exploitation material.

What do companies need to be aware of?

Firstly, the Government has set out the reasonable steps it expects social media, messaging, gaming service providers, and other apps and websites will take to keep Australians safe. These are known as the ‘Basic Online Safety Expectations’. eSafety has powers to compel online service providers to report to eSafety on how they are meeting these expectations.

Some of the most harmful material online today involving the sexual exploitation of children is prevalent on mainstream platforms – not confined to the dark web – and eSafety’s first set of legal notices required the recipients to report on specific steps they are taking to address this illegal content.

Secondly, eSafety received draft codes of practice developed by industry covering 8 sections of the online industry in November 2022, and is currently considering whether these codes should be registered. If registered, a wide range of online businesses will be subject to obligations contained in the code of practice in relation to the most serious of online harms. If codes are not registered, eSafety may determine industry standards.

The obligations contained in the codes or standards will be enforceable. If companies do not comply with their legal obligations, they may be subject to hefty civil penalties of up to $555,000. Our new information-gathering powers will also allow us to investigate complaints surrounding abusive content on online platforms in more depth than was previously permitted under the former legislative framework.

What can companies do now to improve the safety of their own platforms

eSafety expects industry to comply with the Basic Online Safety Expectations. In addition, the Safety by Design principles and practical, interactive assessment tools – which eSafety developed in close consultation with industry – assist industry to improve user safety on their platforms.

These tools suggest ways technology companies can minimise online threats by anticipating, detecting and eliminating online harms before they occur. An enterprise set of tools for both mid-tier and top tier companies and a start up tool is available on our website.

How much of an impact have the laws made so far?

Previously, eSafety couldn’t do anything about the serious online abuse suffered by Australian adults. Now, following the introduction of the adult cyber abuse scheme, we can get such abuse taken down. Since the introduction of the Online Safety Act, eSafety has made 212 notifications to platforms for breaches of their own terms of service and 82 per cent of that content was removed.

Our other complaints/reports-based schemes have seen significant increases in the number of reports to eSafety and we have been able to achieve the removal of thousands of instances of image based abuse, child sexual abuse material and cyber bullying this year.

Our new powers under the Online Safety Act that require material to be removed more quickly than it was previously (24 hours as opposed to 48 hours) are important. However, we still have a significant amount of work to do reduce the risk and prevalence of online harm and our focus is on prevention and proactive change as well as protection for victim-survivors.

What else is your agency doing to combat online harm now and in the near future?

eSafety and other regulators from across the world are joining forces to help make the online world a safer place. In November 2022, we and our partners formally launched the new Global Online Safety Regulators Network at the Family Online Safety Institute Conference in Washington DC.

At present we are working with regulators from Fiji, Ireland and the United Kingdom – but this is just the start of our global coordination. The network will pave the way for a coherent international approach to online safety regulation allowing all parties to share information and best practice.

Within Australia, eSafety is also working closely with our colleagues at the Office of the Australian Information Commissioner (OAIC) and the other members of Digital Platform Regulators Forum (DP-REG) – the Australian Competition and Consumer Commission (the ACCC) and the Australian Media and Communications Agency (the ACMA).

We are collaborating on a number of major projects that marry together the important work of eSafety and other aspects of digital regulation like online privacy.

Hear more from Morag Bond, Executive Manager eSafety at the Australian Privacy Forum on February 16, 2023 at the Radisson Blu Plaza Sydney.

Joining Ms Bond on the stage is the NSW Privacy Commissioner Samantha Gavel, Chief Data and Technology Officer from Consumer Advocacy Choice Ashwin Shridar, and Australia’s leading cyber lawyers.

Learn more and register your place here.