Is the era of self-regulation for Big Tech truly over?

In May, Coimisiún na Meán, Ireland’s media regulator, published an updated draft of the Online Safety Code. Once approved by the European Commission, this legally binding code will come into effect later this year and will apply to designated video-sharing platforms (known as VSPs) based in the EU, including Facebook, Instagram, YouTube, TikTok, and X, among others, all of which could face fines of up to €20 million for breaching the rules.

The first of its kind in Ireland, it’s important to acknowledge the Online Safety Code as a landmark development. While we and other online safety advocates may be quick to criticise the code’s shortcomings, we are also relieved that we are finally one step further towards ending the era of self-regulation. For too long, these VSPs have functioned in an unregulated environment, with no meaningful accountability for the online harms or age-inappropriate content their younger users have been subjected to. This code finally puts the onus on social media companies to implement effective safeguarding measures.

We welcome the fact that under this code, social media companies are obliged to actively protect children online from various types of harmful content by prohibiting users from uploading or sharing content that promotes self-harm or suicide, eating or feeding disorders, and cyberbullying. VSPs will need to prevent the circulation of illegal content such as incitement to hatred or violence, terrorism, child sex abuse material, racism, and xenophobia. They will also have to implement some form of age verification measures to prevent children from accessing and/or encountering pornography or gratuitous violence, with self-declaration of age long being proven to be completely inadequate. Parental controls must also be made available and visible on all platforms.

There are, however, elements of the code that are simply not specific enough, and we are concerned that it ​allows VSPs to continue to largely self-regulate. We know historically that this simply won’t work. For example, in relation to complaints, the VSPs are required to respond to user complaints on a case-by-case basis in a “timely, diligent, and objective manner’. These terms lack the specific parameters we believe are necessary. Who and what adjudicates a “timely” or “objective manner”? If we are not specific at the outset in relation to the obligations of VSPs to respond and remove in a timely fashion, within a defined timeframe, then what difference will it make? The code also disallows companies from processing children’s data for commercial gain. We know from the setting of the Digital Age of Consent in 2018 that VSPs will find ways to circumvent this if possible. In the case of consent, a different legal basis on which to collect that data was used instead. 

We acknowledge that there is no silver bullet to this issue, but effective and far-reaching regulation of Big Tech is certainly part of the solution. They’ve had years to make their online services safer for children but the will to do so simply hasn’t been there. For the first time VSPs will have a code to which they must adhere and are obliged to put measures and reporting requirements in place, namely parental controls which must be clearly visible and clearly explained to all users, including children. They must introduce content ratings whereby anyone who uploads videos can rate the content as not being suitable for children. They will also be required to publish an annual action plan outlining how they’ll promote media literacy and they must provide regular reports on how they are handling users’ complaints to Coimisiún na Meán.

It’s apparent now, as much as ever, that education is vital. It would be absurd to think we can rely on Big Tech alone to educate families and children on parental controls and digital literacy. Whilst parental engagement is also crucial, we can’t leave this up to parents alone, who need support and upskilling as a matter of urgency. Digital literacy should be a core part of our education system, alongside reading, writing, and arithmetic. Not doing so would amount to a grave injustice to children growing up in the digital age. We need to equip and educate our children to thrive in the digital world. 

It remains to be seen how Ireland’s first Online Safety Code will be enforced and how well it will work in practice. What will it effectively change? We can only hope it will make a radical difference to our children’s experiences and their safety online. We need to do everything in our power to protect children and young people online. The clock is ticking.

Alex Cooney is co-founder and CEO of CyberSafeKids

Published 2nd June, 2024 in The Irish Sun on Sunday