An internet with a duty of care
The Minister for Communications, Michelle Rowland, has announced that the Australian government will introduce a ‘digital duty of care’. The duty of care approach was strongly advocated for in the CMT’s submission to the review of the Online Safety Act and forms a key recommendation of the review’s final report, which the government has received but not yet made public.
The announcement of a digital duty of care follows the government’s decision that it will push forward with banning all children under 16 from social media – a contentious proposal. Taken together, they represent a radical new approach to Australia regulating online spaces.
What is a digital duty of care?
A duty of care is a legal principle most clearly established in the 1932 negligence case of Donoghue v Stevenson, known to torts students across the common law world as the ‘snail in the bottle’ case. While we do not know exact details, the government will likely impose some anticipatory and preventative (‘ex-ante’) obligations on digital platforms to protect users from harm. For instance, platforms may be compelled to address and improve systems and processes by considering principles such as 'safety by design' or 'child rights by design'.
The potential for flexibility makes a duty of care appealing for online regulation. As noted in our submission, such an approach can be adapted to different platforms, circumstances and harms. It moves to prevent harm instead of redressing an ever-increasing number of specific harms after they occur. It also allows platforms to identify how to adapt the systems that they know best.
Such a duty is no magic bullet, and the specific form it takes will have wide-ranging implications. For example, the UK has adopted multiple overlapping duties of care in its Online Safety Act. While multiple duties might offer greater clarity for platforms in addressing specific harms, this approach risks harms falling through the cracks or new harms not being captured. How the duty is enforced and the transparency measures in place to monitor compliance are also crucial.
The duty of care also raises some questions when considered in conjunction with the social media age ban. For instance, to whom is the duty owed? With children effectively off social media, there would be less incentive to make these platforms child-friendly or child-safe. Indeed, a duty of care in its own right may require a platform to introduce age limits. A blanket age limit – which will effectively require all users to verify their age – seems a blunt approach unless there is some further motivation for age verification.
The government’s announcements triggered a re-read of Lawrence Lessig’s book Code Version 2.0. Lessig argued during the early days of the world wide web that cyberspace’s architecture - its code - created new dynamics, allowing for effective internet regulation through four regulatory ‘modalities’: law, social norms, market forces and code. In particular, his comments on the role of identity and traceability caught my eye:
‘Even if the government can’t force cyber citizens to carry IDs, it is not difficult to create strong incentives for individuals to carry IDs. There is no requirement that all citizens have a driver’s license, but you would find it very hard to get around without one, even if you do not drive … The point is obvious: Make the incentive to carry ID so strong that it tips the normal requirements of interacting on the Net. In the same way, the government could create incentives to enable digital IDs, not by regulating individuals directly but by regulating intermediaries. Intermediaries are fewer, their interests are usually commercial, and they are ordinarily pliant targets of regulation.’
It seems almost prophetic.
Kieran Lindsay, Research Officer
