The Online Safety Act 2023 had been heralded by the Government as being "world-leading". It was supposed to "make the UK the safest place in the world to be online." The Act gained Royal Assent on 26 October 2023. Some parts of the Act are already in force, with other parts gradually coming into force in the coming months.
Aside from the regulatory duties placed on service providers and social media companies which we have commented upon here, a significant feature of the legislation when it passed through Parliament was the creation of new offences which are designed to punish individuals who deliberately target other individuals online. The former Home Secretary, Suella Braverman, remarked that at the time that: "This landmark law sends a clear message to criminals – whether it’s on our streets, behind closed doors or in far flung corners of the internet, there will be no hiding place for their vile crimes." However, during its lengthy passage through the legislative chambers, the Bill changed in its scope and nature. As a consequence, the final form of the Act is somewhat different to the hyperbole. The new offences are as follows:
Sending or posting a false communication
Section 179(1) creates an offence of sending or posting a false communication that a person knows is false with the intention of causing non-trivial psychological or physical harm to a likely audience, and with no reasonable excuse.
Sending a threatening communication
Section 181(1) creates an offence of sending a threatening communication while intending or being reckless as to whether the object of the threat would fear that the threat would be carried out.
Sending or showing flashing images electronically
Section 183 creates offences of sending or showing flashing images electronically. These offences are designed to safeguard those who suffer from epilepsy:
- It is an offence to (without reasonable excuse) send or show flashing images electronically where it is reasonably foreseeable that an individual with epilepsy would be among the individuals that will view it and the sender intends that the individual will suffer harm because of the flashing images (Section 183(1)).
- It is also an offence to (without reasonable excuse) send or show flashing images electronically to a person whom the sender knows to be an individual with epilepsy, or whom the sender suspects to be an individual with epilepsy, will, or might, view it (Section 183(8)).
Encouraging or assisting serious self-harm
Section 184 creates an offence of encouraging or assisting serious self-harm. Under this provision a person commits an offence if they do a relevant act capable of encouraging or assisting the serious self-harm of another person. A relevant act includes where an individual communicates in person, sends, transmits or publishes a communication by electronic means and showing a person such a communication.
"Cyber Flashing" - Sending a photograph or film of genitals
Section 187 creates a cyberflashing offence of sending a photograph or film of genitals (to be inserted as Section 66A into the Sexual Offences Act 2003). A person (A) who intentionally sends or gives a photograph or film of a person's genitals to another person (B) commits an offence if they intend B to see the film or photograph and be caused alarm, distress or humiliation; or if A sent the film or photograph for the purpose of obtaining sexual gratification and is reckless as to whether B will be caused alarm, distress or humiliation. Sending a photograph or film includes sending by any electronic means, showing it to another person or placing it for another person to find. This is an either way offence. The prevalence of "sexting" amongst young people may make them particularly susceptible to this offence.
Additional "Revenge Porn Offences" - sharing or threatening to share an intimate photograph or film
Section 188 of the Act broadens the circumstances in which sharing or threatening to share an intimate photograph or film can amount to an offence. These amendments were designed to close potential lacunas in the previous legislation.
The new communications offences coincide with the repeal of existing communications offences pursuant to Section 127(2)(a) and (b) of the Communications Act (false messages) and Section 1 of the Malicious Communications Act 1988.
Arguably the new offences require more serious conduct and have a higher mens rea threshold than the predecessor offences, so they are less likely to be engaged by problematic online behaviour than before the Act was introduced.
It is also worth noting that some of the offences listed above can be committed by a corporate body. If it is established that the offence was committed with the consent or connivance of an officer of the body corporate or is attributable to any neglect on the part of an officer of the body corporate, the officer (as well as the body corporate) commits the offence and liable to prosecution.
These new offences are part of a concerted effort to ensure greater online safety for children and other vulnerable groups. It is also clear that the onus is on corporates that are in the scope of the new offences to ensure that they have the appropriate systems and controls in place to comply with these requirements. Qualifying corporates must ensure that they take proactive action to put the appropriate measures in place in order to avoid investigation or censure by a further empowered regulator in the form of Ofcom.
It had been anticipated that the Act would close perceived gaps in the legislation and would criminalise cyber bullying or malicious messaging. However, the black letters of the legislation have not delivered upon this expectation.