Online Safety Bill

Written evidence submitted by the British Retail Consortium (BRC) (OSB72)

Note on the Online Safety Bill for the Parliamentary Committee

The BRC (British Retail Consortium)

1. The BRC’s purpose is to make a positive difference to the retail industry and the customers it serves, today and in the future. Retail is an exciting, dynamic and diverse industry which is going through a period of profound change, accelerated by the pandemic. Consumer expectations continue to evolve and technology is enabling retailers to respond, changing how people shop; costs are increasing; and growth in consumer spending is slowing.

2. The BRC is committed to ensuring the industry thrives through this period of transformation. We tell the story of retail, work with our members to drive positive change and use our expertise and influence to create an economic and policy environment that enables retail businesses to thrive and consumers to benefit.

3. Our membership comprises over 5,000 businesses, including physical retailers, online only and multi-channel retailers operating across both channels, and marketplaces, delivering £180bn of retail sales and employing over one and half million employees.

Why we are commenting

4. Our main interest in commenting on the Bill is to ensure clarity with regards to some common elements of retail business activity – specifically the inclusion of online marketplaces, use of customer reviews and business to business activity.

Summary

5. The BRC welcomes the thrust of the Bill and we appreciate how important this piece of legislation is. It has been developed since 2017 and we are keen to work with Parliament to make sure the Bill addresses the key issues and key harms. However, what started as protecting users from harmful activity on social media websites has turned into a Bill that will regulate 25,000 companies, including some retailers. This was not what the new legislation was originally proposing to do and we would urge Parliament to keep the Bill focused on activity taking place on social media websites. In particular it should treat like with like. Customer reviews on marketplace websites should be treated the same as those on retail websites wherever the reviewing process is the same.

Online safety and the retail sector

6. We fully support the aim of ensuring the safety and security of those online not least in that many more people have engaged in internet activity during the pandemic which has resulted in far greater exposure of young and older people, including the vulnerable, to the internet. More and more people have been shopping online and also browsing for entertainment and to stay connected with friends and family. As a result, the potential for harm has grown, especially among those who have been less accustomed to using the internet and to recognising more readily when things are not right. Our members take their obligations seriously and want to ensure their customers have a safe experience when they use their services.

The regime

7. The Online Safety Bill is only one recent addition to the regulation of internet services, following on from requirements such as the Age Appropriate Design Code and GDPR. We would urge Parliament to keep in mind other UK legislative developments (such as the forthcoming Digital Competition Bill) and global initiatives, such as the EU’s Digital Services Act to ensure co-ordination and consistency where possible.

8. The BRC supports a risk-based and proportionate approach and welcomed some recent changes to the Bill, including the creation of a tiered system. We believe adopting a risk and reach based approach to categorisation is the right approach and

9. would urge Parliament to ensure this criterion remains. We believe it will help Ofcom focus on the biggest issues and avoid this becoming disproportionate for services that were never really the intended focus of this measure.

Scope

10. When the Online Harms White Paper was launched, the then Home Secretary, Sajid Javid, said plainly that ‘we cannot turn a blind eye to the darker side of social media’. The focus of the Bill has been to combat content on social media companies so we were therefore surprised to see that due to definitions included in the Bill, it will place 25,000 companies in scope of the Bill, including some of our members.

11. The retail industry is already a heavily regulated industry such as observing the Consumer Rights Act and working with the Office for Product Safety and Standards and there are also live policy, regulatory and legislative debates looking at updating the regulation of the retail industry. We do not believe that any of our members should be caught under the Online Safety Bill for being retailers or marketplaces per se rather than by any other activities they may pursue and would urge the Committee to ensure that the retail sector per se is taken out of scope.

12. This is a brand new regime. To regulate 25,000 companies is a significant task and to help Ofcom prioritise high risk areas and keep this proportionate we would urge Parliament to ensure the Bill remains focused on combatting User Generated Content available on social media websites.

Reviews

13. The COVID pandemic has accelerated changes in the retail sector. An increasing number of retailers are now omni-channel and continue to innovate.

14. Customer reviews provide a useful benefit for consumers by providing feedback on a company, brand or product thereby increasing transparency and informed choice.

15. Many BRC members already have clear review guidelines in place and have mechanisms for addressing any attempted abuse of customer review features including through the opportunity to flag and directly report inappropriate content; through independent checks; or through proactive measures such as machine learning.

16. We welcome the recognition by the Government that customer reviews on retailers’ own websites are low risk and therefore included in the low-risk exemption.

17. Customers can of course review the same products on online marketplaces. However, it seems some of these customer reviews are in scope. These are exactly the same products yet are treated differently under this regime. We would urge the Committee to treat in the same way all customer review sites that operate in the same way and not by whether they are on a marketplace or on the website of a different type of retailer. We would therefore urge the Committee to amend the low-risk exemption so that it clearly applies to online marketplaces where they accept and publish reviews on the same basis as other retailers.

18. We are concerned what the Bill could mean for retailers who are innovating with different business models, such as a marketplace. As it stands customer reviews of a product that are sold by a third party to a customer via a marketplace are in scope. We strongly believe that all customer reviews that are posted on the same basis should be removed from the scope of the Bill regardless of whether they relate to third party sales or direct sales. Companies do not necessarily differentiate between different types of customer review so this could result in more retail companies coming under the scope of the Bill now and in the future.

19. If there are any concerns from policymakers about harm on retail websites then the BRC is ready to discuss how to update existing consumer protection regulation in the context of the proposed draft Consumer and Competition Draft Bill, rather than have some retailers subject to this Bill and others not when it is supposed to be designed to prevent major harms on social media type sites.

Economic crime

20. The BRC disagreed with including economic harm in the Bill. Our concern was that inclusion in this Bill would undermine the effective targeting and enforcement of this Bill to the sort of societal harms spelt out originally and at the same time potentially fail to deal with the economic harms which might not receive the resources and priority they should have from Government. Although some economic crime will be part of the Bill, we welcome the fact that this is limited. More general online scams and online fraud already come under a variety of industry schemes such as the online fraud steering group or by consumer protection or anti-fraud legislation where they can receive the attention and priority they deserve. We believe this is the right approach. Economic crime is indeed already covered by a wide variety of legislation and is best left to regulators with experience in those fields to enforce.

21. We believe the Bill should continue to focus on the biggest harms and are concerned any expansion in scope of the Bill could risk the dilution of focus on the priority issues such as terrorism and child sexual abuse exploitation. The boundaries between physical and digital world are becoming increasingly ambiguous. Almost any problem in the offline world has an online dimension. Just as we would not try and address every offline problem in one Bill, it is important we do not try and do the same for digital issues with the Online Safety Bill. For this to be workable, and enforceable by Ofcom, it needs to be focussed on the most important harms.

B2B

22. The current definition of User Generated Content in the draft Bill is incredibly broad. As it stands it reads:

23. "User-to-user service" means "means an internet service by means of which content that is generated directly on the service by a user of the service, or uploaded to or shared on the service by a user of the service, may be encountered by another user, or other users, of the service".

24. Content: "anything communicated by means of an internet service, whether publicly or privately, including written material or messages, oral communications, photographs, videos, visual images, music and data of any description."

25. This goes far beyond User Generated content associated with social media and could potentially cover professional services like online academic journals. The Committee should tighten the definition to ensure the Bill targets the most harmful content; and ensure there are no unintended consequences for other businesses using internet services.

26. Although the Government has stated that the Bill will not include Business to Business content, we would urge the Committee to add in an explicit exemption for professional or B2B User Generated Content on the face of the Bill, following on from low-risk exemptions for below the line media comments.

Certainty

27. In addition to the vague definitions included above creating uncertainty for businesses about whether or not they are in scope; a significant amount of detail is being deferred to secondary legislation. Companies will need to tackle a long list of harmful content, yet there is no clarity on what the harms will be exactly. With the Secretary of State imploring companies to already comply with the Bill – even before Royal Assent; and with some enforcement actions such as director liability coming into force within 3 months of the Bill passing into law, companies urgently need more clarity on the definitions of harmful content.

Regulation

28. The BRC never believes that duplication of rules and requirements to meet the same objectives is desirable or efficient. Where legislation already exists that should be the primary route for dealing with any problems – and if any evidence-based assessment shows that current legislation or regulation is not sufficiently effective, the aim should be to amend that legislation or improve its enforcement rather than trying to duplicate it in legislation primarily designed for other, mainly non-economic, purposes. The BRC does not believe that had the online safety regulations been in place they would have been necessary to deal with any issues arising from online reviews and nor would they have been any better than utilising current legislation if it were used effectively.

29. Online harms should thus remain focused on the priorities set out – tackling online terrorist content and tackling online child sexual exploitation and abuse and not diluted by attempts to wrap up other issues already covered elsewhere in regulations more targeted to dealing with those other issues enforced by agencies more experienced in dealing with those type of practices.

Compliance

30. The measures companies will have to comply with range from risk assessments to transparency reports. With 25,000 companies in scope, that will mean a variety of different

31. business models. Although the majority of in-scope companies will be deemed category 2B, compliance for lower-risk companies will still create significant burdens on businesses and result in considerable time and resource being spent. There must not be a one size fits all approach and metrics focused on holding social media companies to account will not necessarily apply to other companies or business models. There should be a proportionate and flexible approach to companies’ implementation of the requirements.

June 2022