As is often the case, I think there is a massive over-reaction and panic over this. The decision of Lobsters (small and based in the US) to block UK visitors was particularly over the top, IMHO.
Ultimately, if you are in the UK and let people post kiddie porn on your blog/site unchecked or if you don't remove such content in a timely manner you will be in trouble. Arguably if you do that you are already in trouble. You need strong moderation and, in general, small forums and blogs have that because most platforms have 'report' buttons and because the teams behind those forums often read everything that is posted, anyway.
The OSA goes way beyond CSAM detection. It also goes beyond report-and-takedown.
If there is the possibility of people posting anything that can be considered pornographic you must implement strong age verification. And you might have to do that age verification every time somebody logs in - though Ofcom won't say where that threshold is.
Ofcom themselves has said that it is "a huge amount of work to come into compliance" (direct quote from a webinar earlier in the week).
> If there is the possibility of people posting anything that can be considered pornographic you must implement strong age verification. And you might have to do that age verification every time somebody logs in - though Ofcom won't say where that threshold is.
This is the over-reaction and panic I am talking about. This is not what the Act or Ofcom say. It's only targeted services that need strong age verification not everything.
Basically, if you run a gardening forum in the UK you will not be required to implement strong age verification even if members can post pictures of their prized plants.
>A duty to operate a service using proportionate systems and processes designed to—
>(a) prevent children of any age from encountering, by means of the service, primary priority content that is harmful to children
Pornography is included in "primary priority content".
Subsection (4) then goes on to say
>The duty set out in subsection (3)(a) requires a provider to use age verification or age estimation (or both) to prevent children of any age from encountering primary priority content that is harmful to children which the provider identifies on the service.
Subsection (5):
>That requirement applies to a provider in relation to a particular kind of primary priority content that is harmful to children in every case except where—
>(a)a term of service indicates (in whatever words) that the presence of that kind of primary priority content that is harmful to children is prohibited on the service, and
>(b)that policy applies in relation to all users of the service.
Or, on other words, if there is the possibility of people posting anything that can be considered pornographic, you must implement strong age verification.
And it's also not only targeted services. Yes, Section 12 says only applies to services "likely to be accessed by children", but if you read Ofcom's guidance that is incredibly, ridiculously broad.
To quote from their "Children's access assessments guidance":
>Even if your service does not actively target children or seeks to limit access to children below a certain minimum age, it may still be of a kind likely to attract a significant number of children.
And some examples of content types from that document that suggests you might attract a significant number of children:
* Art, music, singing, photography, videography, drawing, painting, cooking,
drama and acting, crafts, creative writing, beauty and makeup and fashion.
"likely to be access by children", "proportionate systems", "or age estimation", "except where a term of service indicates (in whatever words) that the presence of that kind of primary priority content that is harmful to children is prohibited on the service", etc.
So, no, there is not requirement to implement strong age verification across the board. This is an over-reaction. My interpretation of the guidance is not to be too quick to discard likelihood, not to go over the top.
Again, you are not going to get into trouble because you don't ask your gardening forum's members to send you copies of their passports...
6 comments
[ 3.4 ms ] story [ 30.6 ms ] threadUltimately, if you are in the UK and let people post kiddie porn on your blog/site unchecked or if you don't remove such content in a timely manner you will be in trouble. Arguably if you do that you are already in trouble. You need strong moderation and, in general, small forums and blogs have that because most platforms have 'report' buttons and because the teams behind those forums often read everything that is posted, anyway.
If there is the possibility of people posting anything that can be considered pornographic you must implement strong age verification. And you might have to do that age verification every time somebody logs in - though Ofcom won't say where that threshold is.
Ofcom themselves has said that it is "a huge amount of work to come into compliance" (direct quote from a webinar earlier in the week).
This is the over-reaction and panic I am talking about. This is not what the Act or Ofcom say. It's only targeted services that need strong age verification not everything.
Basically, if you run a gardening forum in the UK you will not be required to implement strong age verification even if members can post pictures of their prized plants.
Subsection (3):
>A duty to operate a service using proportionate systems and processes designed to—
>(a) prevent children of any age from encountering, by means of the service, primary priority content that is harmful to children
Pornography is included in "primary priority content".
Subsection (4) then goes on to say
>The duty set out in subsection (3)(a) requires a provider to use age verification or age estimation (or both) to prevent children of any age from encountering primary priority content that is harmful to children which the provider identifies on the service.
Subsection (5):
>That requirement applies to a provider in relation to a particular kind of primary priority content that is harmful to children in every case except where—
>(a)a term of service indicates (in whatever words) that the presence of that kind of primary priority content that is harmful to children is prohibited on the service, and
>(b)that policy applies in relation to all users of the service.
Or, on other words, if there is the possibility of people posting anything that can be considered pornographic, you must implement strong age verification.
And it's also not only targeted services. Yes, Section 12 says only applies to services "likely to be accessed by children", but if you read Ofcom's guidance that is incredibly, ridiculously broad.
To quote from their "Children's access assessments guidance":
>Even if your service does not actively target children or seeks to limit access to children below a certain minimum age, it may still be of a kind likely to attract a significant number of children.
And some examples of content types from that document that suggests you might attract a significant number of children:
* Art, music, singing, photography, videography, drawing, painting, cooking, drama and acting, crafts, creative writing, beauty and makeup and fashion.
* Content about future careers and finance.
* Content about wellness, health and fitness
* Content enabling the development of new skills.
* Informal political commentary
So, no, there is not requirement to implement strong age verification across the board. This is an over-reaction. My interpretation of the guidance is not to be too quick to discard likelihood, not to go over the top.
Again, you are not going to get into trouble because you don't ask your gardening forum's members to send you copies of their passports...