Ofcom and ICO to collaborate on Online Safety and Data Protection

The question

How are the data protection and broadcasting regulators collaborating to regulate online services from a safety and privacy perspective, and what does this mean for businesses and services regulated by both bodies?

The key takeaway

The Information Commissioner’s Office (ICO) and Ofcom have restated their shared intention to provide clearer, more coherent regulation of online services, focusing on overlapping issues that affect both online safety and data protection. This involves identifying common regulatory themes, sharing information and coordinating supervision efforts.

The background

The ICO and Ofcom published a joint statement in 2022 outlining a vision for regulatory coherence between online safety and data protection. The latest statement, published on 1 May 2024, details how they will collaborate on issues that cut across both data protection and online safety, aiming to promote compliance, support innovation, and reduce regulatory burdens on organisations. The ICO and Ofcom seek to streamline their regulatory processes, ultimately benefiting both businesses and online users.

The development

The ICO and Ofcom have laid out a detailed plan setting out their intention to collaborate in addressing overlapping issues in online safety and data protection. This plan, published as a joint statement from both bodies, involves several key developments aimed at improving regulatory clarity and efficiency.

The ICO and Ofcom have identified specific areas of mutual interest, described as “Collaboration Themes,” which include:

• ways to establish the age of a user
• systems that may use algorithms to recommend potentially harmful content to children
• use of “proactive technologies” governed by the Online Safety Act and associated AI tools
• deployment of default settings and disabling of geolocation for children
• privacy duties set out under the Online Safety Act
• publishing and upholding clear terms, policies and community standards.

The ICO and Ofcom will continually track the emergence of new “Collaboration Themes”. The intention is for both regulators to identify and focus on companies that fall under both online safety and data protection regulations. These “companies of mutual interest” will be subject to coordinated supervision by both bodies to ensure compliance with both sets of requirements.

The regulators will hold regular meetings to share information related to “Collaboration Themes” and companies of mutual interest. This includes:

• sharing generic information about requests made to companies, such as the dates and deadlines, without revealing detailed or confidential content
• sharing dates, relevant themes, and information about involved companies for meetings related to online safety, and
• sharing publicly available information about mutual interest companies.

Information shared between ICO and Ofcom will comply with legal frameworks to protect confidentiality, but will be done without prior notification to the concerned companies if necessary. Both regulators have stated their commitment to disclosing only what is necessary for their functions, considering the public interest and doing so in accordance with the law. Information sharing between ICO and Ofcom will adhere to statutory provisions.

The ICO and Ofcom will periodically evaluate the effectiveness of their collaborative methods and adjust their strategies as needed. The hope is that this will ensure their approach remains effective and relevant in the face of new challenges and legislative changes in this rapidly developing area.

Stakeholders, including affected businesses and services, will be regularly informed about updates to these collaborative methods to ensure transparency and continued regulatory clarity.

Why is this important?

This collaboration highlights the focus and priorities of the two key regulators in the online safety arena. It should also help ensure a more streamlined regulatory environment, reducing the complexity of complying with both online safety and data protection laws. By following the priorities of both regulators, businesses should find it easier to avoid potentially conflicting requirements and maintain trust in the digital marketplace.

Any practical tips?

If your business falls under the mutual interest of both the ICO and Ofcom, you need to prepare for their coordinated supervision by keeping informed about updates to the “Collaboration Themes” and any joint guidelines they publish and then engaging proactively with these to align your practices with their evolving standards.

Summer 2024