Ofcom Issues Final Guidance On Protecting Women And Girls Online – Health & Safety

Laura Harper’s articles from Lewis Silkin are most popular:

• with Inhouse Counsel
• in United Kingdom
• in United Kingdom
• with readers working within the Accounting & Consultancy, Pharmaceuticals & BioTech and Construction & Engineering industries

25 November is International Day for the Elimination of Violence
against Women. So it was timely, that, following consultation, Ofcom published its final guidance about protecting women and
girls online. It deals with content and activity where service
providers have duties under the Online Safety Act 2023 and where
the content disproportionately affects women and girls. The
guidance focuses on four key areas of harm and sets out various
measures for tech companies. There have been some changes based on
feedback.

What does a tech company have to do?

Ofcom says that tech companies should make sure that governance
and accountability processes address online gender-based harms,
that they conduct risk assessments that focus on harms to women and
girls; and they should be transparent about women and girls’
online safety.

They also need to conduct abusability evaluations and product
testing, set safer default settings and reduce the circulation of
content depicting, promoting or encouraging online gender-based
harms.

The final three actions are giving users better control over
their experiences, enabling users who experience online
gender-based harms to make reports, and responding appropriately
when online gender-based harms happen.

For each action, Ofcom sets out what a baseline of safety looks
like (foundational steps) for service providers to meet their
duties to protect UK users. It also highlights additional good
practice steps to illustrate how providers can build on the
foundational steps to create safer experiences for women and girls,
give their users more autonomy, and provide assurance that users
can seek appropriate redress for any harm that does occur.

The four areas of harm and what measures to employ

Misogynistic abuse and sexual violence

Tech firms should consider:

• introducing “prompts” asking users to reconsider
  before posting harmful content;




• imposing ‘timeouts’ for users who repeatedly attempt to
  abuse a platform or functionality to target victims;




• promoting diverse content and perspectives through their
  recommender “for you” systems to help prevent toxic echo
  chambers; and




• de-monetising posts or videos which promote misogynistic abuse
  and sexual violence.

Pile-ons and coordinated harassment

Tech firms should consider:

• setting volume limits on posts (“rate limiting”) to
  help prevent mass-posting of abuse in pile-ons;




• allowing users to quickly block or mute multiple accounts at
  once; and




• introducing more sophisticated tools for users to make multiple
  reports and track their progress.

Stalking and coercive control

The guidance suggests that tech firms should consider:

• bundling safety features to make it easier to set accounts to
  private;




• introducing enhanced visibility restrictions to control who can
  see past and present content;




• ensuring stronger account security; and




• removing geolocation by default.

Image-based sexual abuse

Under the guidance, tech firms should consider:

• using automated technology (hash-matching) to detect and remove
  non-consensual intimate images;




• blurring nudity, giving adults the option to override;




• signposting users to supportive information including how to
  report a potential crime.

More broadly, Ofcom expects tech firms to subject new services
or features to ‘”abusability” testing before they
roll them out, to identify from the outset how they might be
misused by perpetrators. Moderation teams should also receive
specialised training on online gender-based harms. It also says
that companies should consult with experts about design policies
and safety features that work effectively for women and girls,
while continually listening and learning from survivors’ and
victims’ real-life experiences, for example, by running user
surveys.

Tech and harms evolve rapidly, and Ofcom expects providers to
regularly look at what they may need to do to respond to changing
threats and risks from online gender-based harms. Ofcom also
expects services with the highest risk and largest reach to do more
to make sure that they achieve safer experiences for women and
girls.

Ofcom has set out five areas of action for itself, and among
other things, will report in summer 2027 on progress. If progress
is inadequate, it will consider making formal recommendations to
the government about where the Online Safety Act may need to be
strengthened. It will also be enforcing and updating its guidance on illegal harms to
cover the new priority offence of cyberflashing and to
introduce hash-matching measures. It has also written an open
letter to tech companies setting out its expectations that they
will comply with the guidance. It will also continue to enforce the
Online Safety Act more broadly, as well as continuing with its
research and engagement programme.

Commentators have expressed disappointment that the guidance
isn’t binding and pointed out that whether it works will depend
on the attitude of the platform concerned. Others have suggested
that the government should put the guidance on a statutory footing.
However, as Ofcom will not move to make recommendations to the
government for new laws until and unless it deems progress is
inadequate following its report in 2027, additional legislation to
protect women and girls is unlikely for another two years.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.