Looking for help with the Online Safety Act  - Ofcom consultation & guidelines? Please get in touch. 

Online Safety Bill debate in the House of Commons  - Westminster Parliament

Image: an empty House of Commons debating the Online Safety Bill on 12 September 2023.

TL:DR On the same day as the UK Parliament approved the Online Safety Bill (soon to be Online Safety Act), a US court  blocked a law to protect children when they access the Internet on grounds that it violates the First Amendment of the US Constitution which protects free speech.

When you run the Online Safety Bill  through the mirror of this US court ruling, you get a remarkable set of findings. Whilst US free speech law operates differently from UK law, it is very likely that the Online Safety Bill will also be in breach of freedom of expression under the Human Rights Act which enshrines the European Convention on Human Rights. This article takes a comparative look.

The Online Safety Bill is the UK's attempt to regulate big tech platforms by imposing a series of duties with regard to the content posted by their users. A key aim of the new law is to keep children safe online, but its requirements raise many technical and legal questions that have not been answered. It passed the final stage in the Westminster Parliament on 19 September and is currently awaiting Royal Assent when it will officially become law. 

The US case concerned the California Age-Appropriate Design Code Act (CAADCA). The Californian judge granted an in junction which effectively prevents the State from enforcing law, on the basis that the law is unenforceable because of the probable 1st Amendment violation, and therefore would not "pass constitutional muster". This is interesting in the context of the UK Online Safety Bill because it too, contains measures that are likely to violate free speech laws.

The Californian law primarily addresses concerns around the protection of children's data collected by online platforms when children seek to access content. It introduces a mandatory age estimation for all child users, and requires platforms to apply a default high privacy setting for children. If they don't wish to do that, the would have to implement a high default privacy setting for all users.

The ruling considered how the application of age estimation would breach of free speech rights, and would most likely result in a reduction in available content for users. Online platforms would have to implement onerous age estimation technologies to determine for each user, their age and the appropriateness of the content for them.

If platforms did not want to do this, their alternative option would be to apply a broad set of rules to all users, and effectively sanitise their offer. The US ruling comments that the inevitable effect will be to "reduce the adult population ... to reading only what is fit for children". There would be less content available to adults even if it was lawful and not harmful.

Although the technical methods in the Online Safety Bill (Act) centre around blocking of content rather than privacy settings, the likely outcome would be similar.

The plaintiffs in the Californian case, a group of tech companies which included Google, and TikTok, argued that the law was an instance of prior restraint and that it is unconstitutionally overbroad and vague. Much the same may be applied to the Online Safety Bill (Act), which also contains measures that would impose prior restraint. 

And there's more. The US court ruling highlighted concerns about the increased collection of personal data, especially biometrics, that would be entailed. On this point, the ruling has something interesting to say. It notes that the process of age estimation involves invasive collection of children's data. It would ask them to divulge additional personal data that is not currently collected.

In the UK, the collection of data, including biometric data, has been downplayed. However, the US ruling confirms that age estimation means either "automated estimation based on facial recognition" or documentary evidence of age (such as passport), which will have implications for data protection and privacy laws. 

It all raises many question marks around the (soon to be) UK Online Safety Act that the regulator Ofcom will be tasked with resolving. 


 I provide independent advice on policy issues related to online content. A specialism is interpreting amendments to laws. It was a core element of my PhD methodology and I’ve been doing it ever since. 

If you need help with the Online Safety Bill please get in touch.   You are free to cite from this article. Kindly acknowledge Dr Monica Horten as the author and provide a link back. 

You may also like this article, co-authored by me and Jason Kelley of EFF: UK Online Safety Bill Will Mandate Dangerous Age Verification for Much of the Web

Find me on LinkedIn

About Iptegrity

Iptegrity.com is the website of Dr Monica Horten. I am an  independent policy advisor, with expertise in online safety, technology and human rights. I am a published author, and post-doctoral scholar. I hold a PhD from the University of Westminster, and a DipM from the Chartered Institute of Marketing. I cover the UK and EU. I'm a former tech journalist, and an experienced panelist and Chair. My media credits include the BBC, iNews, Times, Guardian and Politico.

Iptegrity.com is made available free of charge for non-commercial use. Please link back and attribute Dr Monica Horten.  Contact me to use any of my content for commercial purposes.