In July 2014, the House of Lords Communications Committee (the Committee) published a report to inform and stimulate discussion on how the law should respond to offences committed using social media (the Report). The Report is particularly relevant to companies who operate websites with user-generated content and which attract high-risk users of social media, such as children.
The Report argues that current laws are "generally appropriate for the prosecution of" social media offences. However, it suggests website operators should do more to facilitate the enforcement of such laws, particularly through self-regulation.

A tougher approach to online policing?

The Report is a response to a sharp rise in reported social media abuse and numerous high profile cases involving individuals being abused on social media sites. For example, journalist Caroline Criado-Perez received ferocious abuse on Twitter, including threats of death, following her successful campaign to have a woman represented on a Bank of England note. The volume and velocity of online attacks has led to calls for a much tougher approach to online policing.

The House of Lords appointed the Committee to assess the adequacy of the current approach. The Committee was asked to consider the following issues:

  • whether the current criminal law is capable of adapting to the way in which people communicate on social media, given the speed of changes in technology;
  • if there are areas of overlap or gaps in the legislation, which means that categorising the social media offence is not always clear;
  • whether the sentences handed out for social media offences are known, consistent and appropriate and whether other approaches might be more effective; and
  • how, in responding to these issues, reform to the current package of legislation can strike an effective balance between victim protection and freedom of expression.

Self-regulation: the Report argues that "harmful acts committed using social media...are [not] new acts, they are acts already prohibited by the criminal law but committed in the new forum of social media." The Committee decided it was unnecessary to create new criminal offences for social media acts, or to update current law to prevent overlap. Instead, the Committee believes that self-regulation and policy interventions are preferable to deal with harmful online behaviour. As such, the Committee encourages website operators to improve their systems for identifying, reporting and preventing offences; further, website operators are advised to provide users with the tools to protect themselves against social media abuse and offences. More controversially, the Committee recommends that website operators should be required to establish the identity of their online users.

Cooperating with the police and guidance on prosecutions: the Report recommends extending the investigation period, from six months to a year, for social media cases so the police can obtain evidence from websites abroad. More onerously, the Committee also states that it would help if website operators were required to capture and retain evidence of the traffic on their sites during the equivalent period. Website operators are also encouraged to gather statistics on the scope of online offending, monitoring and user self-help. Furthermore, the Director of Public Prosecutions guidance on prosecuting social media offences was found to "appropriately" take account of freedom of expression.

What should companies do to safeguard their websites?

It is essential that companies that encourage user-generated content on their websites have in place comprehensive social media policies that are enforced. This may include ensuring comments are moderated; creating a clear system for users to report abuses; identifying offences; collecting statistics on offences and responding to the negative reputational impact of social media offences on their websites. Companies should also consider whether users of their online forums have appropriate discretion to limit who sees and responds to their online presence — the vulnerability of children may require a greater degree of control on child-focused sites.

As noted above, the Committee recommends that website operators should verify and establish the identity of their online users. Naturally, if website operators implement this recommendation, they will need to ensure that their data protection policies are up to date.

Furthermore, companies should consider producing a separate policy for staff who may be at high risk of harassment and threats. Appropriate systems should be in place to support and protect staff in the face of menacing and demeaning online abuse.

Website operators can be grateful that the Committee did not recommend the enforcement of new statutory regulation upon them to deal with social media offences — and should be mindful that higher regulation of social media offences is less likely to occur if they comply with the recommendations of the Report.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.