The UK and Sri Lanka: A comparison of two online safety bills · Global Voices
GroundViews

Internet security padlock for VPN and online privacy. Image via Flickr by Mike MacKenzie (CC BY 2.0).
This article by Sajini Wickramasinghe was originally published on Groundviews, an award-winning citizen media website from Sri Lanka. An edited and shortened version is published here as part of a content-sharing agreement with Global Voices.
On September 18, the Sri Lankan government issued a gazette notification announcing a bill entitled “Online Safety” to establish the proposed Online Safety Commission and to regulate certain content from online spaces. Amid the heightened attention on, discourse around and criticism of the bill, it was tabled in parliament on October 3.
At this juncture, it is pertinent to compare and contrast the essence and purpose of the Sri Lankan bill with the Online Safety Bill of the UK passed by their parliament on September 19, and at the moment awaiting royal assent. As the UK bill is an extensive document, a few key features of it will be discussed in the article to embody how certain serious concerns highlighted in the Sri Lankan bill can be addressed and tackled.
From the outset, the UK bill is sponsored by the Department of Digital, Culture, Media and Sport while the line ministry for the Sri Lankan bill is the Public Security Ministry, although Sri Lanka has two separate ministries for mass media and digital technology. The removal of these two ministries from the picture is questionable, given that the bill claims to ensure online safety. In the current context of the Sri Lankan bill, tasks such as appointing experts on information technology to conduct investigations (Section 37), the retention and interception of data and information, including traffic data for investigations (Section 39 (2)) and overall making of regulations under the Act (Section 54), will be executed by the minister of public security without any involvement of the media and technology related ministries.
The Online Safety Bill is yet another Sri Lankan legislation which includes vagueness because of the lack of definitions. For instance, Section 3 (a) of the Lankan bill states that an objective shall be “to protect persons against damage caused by communication of false statements or threatening, alarming or distressing statements.” These terms are used again in Section 22, to define harassment, where it states:
Harassment means an act or behaviour which has the effect of threatening, alarming or distressing a person or violating a person’s dignity or creating an intimidating, degrading, hostile, humiliating or offensive environment or, which has all such effects.
The words “threatening,” “alarming” and “distressing” remain undefined, allowing for interpretation. Words such as “intimidating” and “offensive” are vague terms that cannot remain undefined in legislation. A statement that is hilarious to one could be distressing and offensive to another and, thereafter, in this case, to the Online Safety Commission. Aspects such as the context, intent and extent are paramount in determining whether certain online content should be prohibited and its publishers should be penalised.
Another example is in Section 36, which is on counteracting coordinated inauthentic behaviour and inauthentic online accounts. Coordinated inauthentic behaviour is defined to be “coordinated activity carried out using two or more online accounts, in order to mislead the end users in Sri Lanka of any internet intermediary service as to any matter but excludes any activity carried out using online accounts:
(a) that are controlled by the same person; and (b) none of which is an inauthentic online account or is controlled by a bot.
In this context, would using a filter to alter your appearance on Instagram and someone being distressed or offended by it fall under this provision? As such, the bill has several ambiguities that hinder the reasonable comprehension of the legislative intention or positive purpose of incorporating it.
The UK bill has been meticulous and precise in defining the terms used. Without using terms such as distressing, intimidating or offensive, the bill has included the “threatening communications offence” in Section 162. The threshold of threatening requires the message conveyed to be a threat of death or serious harm, and at the time of sending it, the person:
(i) intended an individual encountering the message to fear that the threat would be carried out, or (ii) was reckless as to whether an individual encountering the message would fear that the threat would be carried out.
Serious harm under this section is defined to be:
(a) serious injury amounting to grievous bodily harm within the meaning of the Offences against the Person Act 1861, (b) rape, (c) assault by penetration within the meaning of Section 2 of the Sexual Offences Act 2003, or (d) serious financial loss.
It is apparent that the definition has set out an overt and high threshold that cannot be misused in executing powers under the law. Thereby a commendable feature of the UK bill is that clear definitions are consistently provided to terms that can be deemed to be vague or overbroad, minimising the space for abuse of power.
Sri Lanka's Online Safety Bill is completely silent on protecting rights and democratic freedoms, particularly the freedom of expression when ensuring online safety. The very use of certain terminology such as “offensive,” “distressing,” and “intimidating,” and the lack of definitions inherently violate the freedom of speech and expression by conferring unfettered abilities on the commission, appointed by the executive president, to penalise publishers they define as violating the law.
The UK bill, on the other hand, consists of certain prominent and necessary features to balance freedom and safety. The Office of Communications (OFCOM) is the regulatory body under the bill, and defined types of service providers are assigned large sets of duties, including but not limited to duties about freedom of expression and privacy, duties to protect content of democratic importance, duties to protect news publisher content, and duties to protect journalistic content in order to accept and ensure that rights and freedoms are not threatened when regulating online spaces. Under Section 18, duties about freedom of expression and privacy are identified as cross-cutting duties where under this section, service providers are mandated to maintain impact assessments and publish them, noting the impact of their safety policy and measures on expression such as journalistic and news publisher content.
Several provisions direct the OFCOM to protect freedom of expression and privacy where, in Section 69, OFCOM must consult individuals that OFCOM consider to have expertise in equality issues and human rights, particularly freedom of expression and right to privacy, when producing a transparency report that guides the service providers to produce a report about their service. Under Section 144, OFCOM’s report for each financial year must contain a statement about the steps they have taken and the processes they operate to ensure that their online safety functions have been exercised in that year compatibly with freedom of expression and right to privacy. While the UK bill includes several other provisions to serve this purpose, it is daunting but unsurprising to see the Sri Lankan bill devoid of any imposing of duties and actively protecting democratic rights and freedoms.
Many entities have praised the Sri Lankan bill for its inclusion of child abuse through online means, including the Human Rights Commission of Sri Lanka. Section 22 of the Sri Lankan Bill has codified child abuse by any person in or outside Sri Lanka, in online spaces to be an offense liable to imprisonment for a term not exceeding 20 years or to a fine, or to both, such imprisonment and fine, and to compensate the children affected. However, the perusal of similar legislations, including the UK bill, indicates that the Sri Lankan bill has vast potential to enhance child protection, particularly to adopt preventative mechanisms.
The UK bill has catered to child protection with children’s risk assessments, safety duties to protect them, assessment how of services likely to be accessed by children can comply with their duties to undertake their children’s risk assessment, and provisions on reporting content that exploits child sexual abuse exploitation. These preventative measures, such as risk, access and safety assessments, are critically important in ensuring overall online safety, as tracking perpetrators in cyberspace is quite difficult.
The concentration of powers with the president, particularly regarding the Online Safety Commission and its appointments, depriving the commission of its independence is another key issue under the bill, that has been brought to the attention by of many entities repeatedly. It is evident that the proposed Online Safety Bill of Sri Lanka is miles from being an instrument truly aspiring to make online spaces safer. It has the potential to be predominantly a dangerous undemocratic tool that can hinder human rights, especially the freedom of expression, victimise individuals, and unleash hidden agendas.
This is not an attempt to praise the UK bill, as there are suggestions in place for this instrument, as well. However, being a contemporaneous legislation it is undeniably much more advanced and multifaceted in its comprehension and the mechanisms in place to ensure online safety both protectively and preventatively. Therefore, the Sri Lankan lawmakers should take all measures possible to provide a comprehensive and well-founded instrument focused on protecting the public and not another Trojan horse.