eSafety Commissioner continues to take a tough stance in Australia

Key Points

Since the Online Safety Act 2021 (Cth) (the Act) came into force in January 2022, Australia’s eSafety Commissioner (Commissioner) has:

• issued two sets of transparency notices to large technology multinationals;
• published two transparency reports regarding child sexual exploitation and abuse (CSEA) material, a particularly high risk and highly harmful issue that has seen sustained growth in Australia and globally;
• issued a fine to X (formerly Twitter) in respect of its response to a transparency notice;
• indicated that the eSafety Commission will continue to take a tough stance against CSEA material in Australia;
• registered 5 industry codes which regulate class 1 material with obligations commencing on 16 December 2023 or 12 March 2024 depending on the type of online service; and
• refused to register the draft industry codes regulating class 1 material for relevant electronic services and designated internet services because that they did not provide appropriate community safeguards for users in Australia.

The Commissioner’s proactive regulatory approach indicates that social media services, relevant electronic services and designated internet services must be ready to respond to questions from the eSafety Commissioner (particularly given that notices will likely include tight deadlines for responses) and, should a notice be issued, provide sufficiently detailed and specific (as opposed to generic) responses.

Our detailed update is below.

Background

The Act empowers Australia’s Minister for Communications to set ‘basic online safety expectations’ for social media services (Defined in s 13A of the Act), relevant electronic services and designated internet services (Defined in s 14 of the Act) (the Services) by way of a determination. As at the date of writing, only the Online Safety (Basic Online Safety Expectations) Determination 2022 (Expectations) is in force, which applies to each of the Services.

The Expectations require, for example, providers of the Services to have in place:

• clear and readily identifiable mechanisms that enable end users of the Service as well as any person ordinarily resident in Australia to report, and make complaints about certain material;
• terms of use;
• policies and procedures in relation to the safety of end-users;
• policies and procedures for dealing with reports and complaints; and
• standards of conduct for end-users (including in relation to material that may be posted using the Service by end-users, if applicable), and policies and procedures in relation to the moderation of conduct and enforcement of those standards.

Such terms, policies and standards are required to be readily accessible, regularly reviewed and updated and set out in plain language.

Service providers are also required to take reasonable steps to:

• ensure end-users are able to use the relevant Service in a safe manner;
• proactively minimise the extent to which material or activity on the Service is unlawful or harmful;
• minimise the extent to which certain material is provided on the Service, including a non-consensual intimate image of a person, cyber-bullying material targeted at Australian children and cyber-abuse material targeted at an Australian adult; and
• ensure that penalties for breaches of its terms of use are enforced against all accounts held or created by the end-user who breached the terms of use of the Service.

Under the Act (The Act, ss 49, 56), the Commissioner can require the provider of the Services to report (whether periodically or on a one-off basis) on the extent to which the provider complied with applicable or specified Expectations during a period determined by the Commissioner. Civil penalties apply in relation to a failure to comply with a notice or determination from the Commissioner requiring the provision of a periodic report (Ibid, s 50).

The Commissioner is permitted to publish summaries of the information received through the notices and has indicated that the purpose of doing so is ‘to improve transparency and accountability of providers by providing better information about what they are actually doing – or not doing – to keep Australians safe, and to incentivise services to improve their safety standards' (First Transparency Report: ‘Basic Online Safety Expectations: Summary of industry responses to the first mandatory transparency…