(1)This section sets out the duties about freedom of expression and privacy which apply in relation to regulated user-to-user services (as indicated by the headings).
(2)When deciding on, and implementing, safety measures and policies, a duty to have particular regard to the importance of protecting users’ right to freedom of expression within the law.
(3)When deciding on, and implementing, safety measures and policies, a duty to have particular regard to the importance of protecting users from a breach of any statutory provision or rule of law concerning privacy that is relevant to the use or operation of a user-to-user service (including, but not limited to, any such provision or rule concerning the processing of personal data).
(4)A duty—
(a)when deciding on safety measures and policies, to carry out an assessment of the impact that such measures or policies would have on—
(i)users’ right to freedom of expression within the law, and
(ii)the privacy of users; and
(b)to carry out an assessment of the impact of adopted safety measures and policies on the matters mentioned in paragraph (a)(i) and (ii).
(5)An impact assessment relating to a service must include a section which considers the impact of the safety measures and policies on the availability and treatment on the service of content which is news publisher content or journalistic content in relation to the service.
(6)A duty to—
(a)keep an impact assessment up to date, and
(b)publish impact assessments.
(7)A duty to specify in a publicly available statement the positive steps that the provider has taken in response to an impact assessment to—
(a)protect users’ right to freedom of expression within the law, and
(b)protect the privacy of users.
(8)In this section—
“impact assessment” means an impact assessment under subsection (4);
“safety measures and policies” means measures and policies designed to secure compliance with any of the duties set out in—
section 10 (illegal content),
section 12 (children’s online safety),
section 15 (user empowerment),
section 20 (content reporting), or
section 21 (complaints procedures).
(9)Any reference in this section to the privacy of users or steps taken to protect the privacy of users is to be construed in accordance with subsection (3).
(10)See—
section 19 for the meaning of “journalistic content”;
section 55 for the meaning of “news publisher content”.
Commencement Information
I1S. 22 not in force at Royal Assent, see s. 240(1)
I2S. 22 in force at 10.1.2024 by S.I. 2023/1420, reg. 2(h)
(1)This section sets out the record-keeping and review duties which apply in relation to regulated user-to-user services (as indicated by the headings).
(2)A duty to make and keep a written record, in an easily understandable form, of all aspects of every risk assessment under section 9 or 11, including details about how the assessment was carried out and its findings.
(3)A duty to make and keep a written record of any measures taken or in use to comply with a relevant duty which—
(a)are described in a code of practice and recommended for the purpose of compliance with the duty in question, and
(b)apply in relation to the provider and the service in question.
In this section such measures are referred to as “applicable measures in a code of practice”.
(4)If alternative measures have been taken or are in use to comply with a relevant duty, a duty to make and keep a written record containing the following information—
(a)the applicable measures in a code of practice that have not been taken or are not in use,
(b)the alternative measures that have been taken or are in use,
(c)how those alternative measures amount to compliance with the duty in question, and
(d)how the provider has complied with section 49(5) (freedom of expression and privacy).
(5)If alternative measures have been taken or are in use to comply with a duty set out in section 10(2) or (3) or 12(2) or (3), the record required under subsection (4) of this section must also indicate whether such measures have been taken or are in use in every area listed in section 10(4) or 12(8) (as the case may be) in relation to which there are applicable measures in a code of practice.
(6)A duty to review compliance with the relevant duties in relation to a service—
(a)regularly, and
(b)as soon as reasonably practicable after making any significant change to any aspect of the design or operation of the service.
(7)OFCOM may provide that particular descriptions of providers of user-to-user services are exempt from any or all of the duties set out in this section, and may revoke such an exemption.
(8)OFCOM must publish details of any exemption or revocation under subsection (7), including reasons for the revocation of an exemption.
(9)A duty to make and keep a written record, in an easily understandable form, of all aspects of every assessment under section 14 (assessments related to the adult user empowerment duty set out in section 15(2)), including details about how the assessment was carried out and its findings.
(10)As soon as reasonably practicable after making a record of an assessment as required by subsection (2) or (9), or revising such a record, a duty to supply OFCOM with a copy of the record (in full).
(11)In this section—
“alternative measures” means measures other than measures which are (in relation to the provider and the service in question) applicable measures in a code of practice;
“code of practice” means a code of practice published under section 46;
“relevant duties” means the duties set out in—
section 10 (illegal content),
section 12 (children’s online safety),
section 15 (user empowerment),
section 17 (content of democratic importance),
section 19 (journalistic content),
section 20 (content reporting), and
section 21 (complaints procedures),
and for the purposes of subsection (6), also includes the duties set out in sections 18 (news publisher content), 71 and 72 (duties about terms of service), and 75 (deceased child users).
Commencement Information
I3S. 23 not in force at Royal Assent, see s. 240(1)
I4S. 23(1)-(10) in force at 10.1.2024 by S.I. 2023/1420, reg. 2(i)
I5S. 23(11) in force at 10.1.2024 for specified purposes by S.I. 2023/1420, reg. 2(i)