LEGAL, REGULATORY & COMPLIANCE CONSULTANTS

Handley Gill Limited

Our expert consultants at Handley Gill share their knowledge and advice on emerging data protection, privacy, content regulation, reputation management, cyber security, and information access issues in our blog.

Online Safety. This looks like a job for...

… no, sadly not Superman, but perhaps a super-complainant.

The government has promised to make the UK the safest place in the world to be online and Ofcom needs to be appropriately resourced to deliver on that promise.
— Handley Gill Limited

One of the features of the Online Safety Act 2023 is that Part 8 Chapter 2 creates a concept of super-complaints, whereby organisations meeting eligibility criteria will be enabled to make complaints to the new online safety regulator, Ofcom, where one or more features of a regulated service or the conduct of a regulated entity, or a combination of these, “is, appears to be, or presents a material risk of” either “causing significant harm to users of the services or members of the public, or a particular group of such users or members of the public”, “significantly adversely affecting the right to freedom of expression within the law of users of the services or members of the public, or of a particular group of such users or members of the public”, or “otherwise having a significant adverse impact on users of the services or members of the public, or on a particular group of such users or members of the public”.

The concept is borrowed from the super-complaints system operating in relation to the Financial Conduct Authority (FCA) under the Financial Services and Markets Act 2000 (as amended) and the police super-complaints system, which has been in force since 2018.

Following the Online Safety Act 2023 receiving Royal Assent on 26 October 2023, and the super-complaint provisions contained in sections 169 - 170 Online Safety Act 2023 coming into force, Michelle Donelan, Secretary of State at the Department for Science, Innovation & Technology, issued a consultation, ‘Super-complaints: eligible entity criteria and procedural requirements’, on the proposed eligibility criteria for organisations wishing to act as super-complainants, what they will be required to demonstrate in order to satisfy the assessment criteria and the proposed procedure and timescales for the consideration of complaints. The consultation is open until 11 January 2024.

The consultation proposes that in order to act as a super-complainant, eligible entities must meet all of the following criteria:

  • That they must demonstrate integrity and impartiality, and must not represent the interests of regulated services

  • That they have considerable experience and competence in representing the interests of people of any description in, or within, the UK.

  • That they have expertise in, and experience of, issues relating to online safety covered by and in scope of the regulations.

  • That they are willing to cooperate, and work with OFCOM throughout the supercomplaints process. This includes that OFCOM will have no reason to believe that the relevant guidance it produces in relation to the handling of super-complaints will not be followed accordingly.

  • That they have a strong track record of publishing high quality research and analysis.

  • That they have a strong track record of working effectively and collaborating with other civil society groups.

We are concerned that all of these criteria are not necessary or appropriate and that their cumulative application in the context of the novel issues of online safety is likely to be overly restrictive and will exclude relevant organisations from eligibility, including potential new entrants.

The proposed requirements in respect of the substance of complaints, for the purposes of the admissibility assessment, are that:

  • Super-complaints must be in writing.

  • A complaint must set out the feature or conduct (or combination) to which the complaint relates.

  • A complaint must set out the regulated service(s) and provider(s) of such service(s) to which the complaint relates.

  • A complaint must outline why the eligible entity considers that either s.169 (1)(a),(b) or (c) has been met.

  • If a complaint is in relation to a particular provider, a complaint must outline why the eligible entity considers that either s.169 (2)(a) or (b) has been met.

  • A complaint must provide an explanation of how the super-complainant has assessed the current or potential harm caused to users or members of the public.

  • A complaint must give the name of an individual representing the eligible entity who may be contacted about the complaint.

  • Super-complaints must demonstrate that the super-complainant has consulted with a range of bodies, industry experts or academics on the matters concerned in the complaint.

  • Super-complaints must be supported by substantial high quality evidence, including documented facts and evidence.

While we agree that the first 6 of these proposed requirements are necessary, we have concerns regarding the remaining three proposed requirements. Where the process does not appear to implement a concept of umbrella complaints, then an obligation to consult with other entities appears to be unduly restrictive. While we agree that complaints must be evidence-based, regulated entities themselves and Ofcom - having regard to its extensive powers of compulsion under the Act in relation to information - will be best placed to gather evidence, notwithstanding the transparency provisions in the Online Safety Act, and therefore super-complainants should only be required to establish prima facie evidence in support of their complaint, which should then be for Ofcom to investigate further.

The proposed procedure in relation to complaints, and grounds for exclusion, include the following:

  • Complainants must pre-notify OFCOM of their intention to make a supercomplaint at least 30 days before making a complaint, except in exceptional circumstances.

  • A complaint that repeats the substance of a super-complaint that is already being assessed may not be eligible for consideration, if the regulator deems that it is merely duplicative of the existing complaint.

  • A complaint that merely repeats the substance of a complaint that has already been assessed by OFCOM is not eligible for consideration unless there has been a material change of circumstances since the previous complaint was made.

  • Super-complaints must not be under consideration by another UK regulator (statutory or self-regulatory) or by the courts.

  • The super-complainant should not have another active super-complaint under consideration by OFCOM (except under exceptional circumstances).

  • The super-complainant should not have submitted a super-complaint within the past six months (except under exceptional circumstances).

  • The super-complaint should not raise substantially similar concerns to supercomplaints or other investigations which OFCOM has considered in the previous 2 years (except under exceptional circumstances).

  • Where a super-complaint is submitted in line with requirements set out in OFCOM’s guidance, OFCOM must acknowledge receipt of the super-complaint.

  • If OFCOM decides that a complaint is eligible for consideration, they must inform the body in writing that the complaint will be investigated.

  • If OFCOM decides that the complaint is not eligible for consideration, they must inform the body in writing of that decision and the reasons for it.

  • The entirety of the super-complaints process should be completed within 120 days, potentially split between the eligibility assessment phase and other phases.

  • Where OFCOM is waiting for a response from a super-complainant, OFCOM may ‘stop-the-clock’ such that each day until they receive a response does not count towards the time-limit prescribed in regulations.

We are concerned that many of the proposed procedural measures are unnecessary and inappropriate and would serve to stymie legitimate attempts to bring matters of genuine concern to Ofcom’s attention and have them promptly resolved. While we support a requirement for Ofcom to act expeditiously, we are concerned that a 4 month period to assess eligibility (if this is not to be separated), conduct the admissibility assessment, exercise powers to gather relevant information and consider whether other regulated services are affected by the complaint, and then to adjudicate upon the complaint may be too short a period in some cases. We would welcome organisations being able to apply for a determination of their eligibility in the absence of a complaint, and provided that there was an obligation to act expeditiously we would not object to an extended period for resolving complaints of up to 180 days. We are concerned that other proposals appear intended to artificially extend the proposed timescales for the resolution of complaints and we would prefer a longer backstop, which would serve to maintain confidence in both super-complainants and Ofcom.

In relation to publicity regarding the process, it is proposed that:

  • OFCOM must publish its response to all super-complaints, and send a copy to the complainant body.

  • OFCOM may exclude information from the report if its inclusion would be contrary to the interests of national security, might jeopardise the safety of any person, may be commercially sensitive, or would be in conflict with any other legislation or rights (including, but not limited to, GDPR etc).

We welcome as much publicity regarding the process as possible, but are concerned that the proposed threshold for the withholding of information by Ofcom is too low.

You can read and download our response to DSIT’s consultation on ‘Super-complaints: eligible entity criteria and procedural requirements’.

We are currently preparing our response to Ofcom’s 1,728 page consultation on its new powers under the Online Safety Act 2023, including draft illegal content codes of practice and draft guidance on risk assessments, record-keeping and enforcement.

If your organisation is concerned as to whether and/or how the Online Safety Act 2023 applies to you, requires support in designing and/or implementing your online safety compliance framework and/or requires assistance in engaging with the ongoing consultations in relation to the implementation of the Act, contact us.

Find out more about our Online Safety, Online Harms, Content Moderation and Content Regulation services.

Our Online Safety & Online Harms Resources page has links to relevant documents regarding the passage and implementation of the Online Safety Act 2023.