Data Are Cool: Disseminating My Online Safety Act Compliance

tech
politics
fediverse
self-hosting
social-media
Published

February 23, 2025

The Online Safety Act is a piece of work, and not a good one either. Ofcom is not an excellent or communicative regulator. Because they are responsible for both setting the rules and components of enforcement they won’t provide advice which would prejudice their future enforcement. That said, there is a quick test to see whether a given website is in scope of the Online Safety Act:

  1. Does the service have links with the United Kingdom?
  2. Is the service a user-to-user-service?
  3. Do you provide a search service?
  4. Does your online service publish or display pornographic content?
  5. Do any of the enumerated exemptions apply?

I’m going to cover these in turn, but the tl;dr is that I don’t believe Data Are Cool (DAC) is in scope of the Online Safety Act.

Is the service a user-to-user-service?

Ofcom defines a user-to-user service as “an online service that allows its users to interact with each other.”

DAC does this. It’s a social network. It’s a user-to-user service. Moving on.

Do you provide a search service?

Ofcom defines a search service as “online service which is, or includes, a search engine. A search engine is a feature which enables users to search more than one website and/or database.”

The nature of Mastodon/Fediverse is that it is a search service. It’s a federated social network. It’s a search service; but also one that requires people to log in to search the Fediverse.

Does your online service publish or display pornographic content?

DAC does not have any alts (aka pornographic focused accounts) on the service; however some of DAC’s adult users have subscribed to the feeds of users elsewhere in the Fediverse who do post pornographic content. So we don’t publish it, but we do display it to logged-in users.

Exemptions?

DAC isn’t exempt from the Online Safety Act in the form of their carve outs. Though there’s a small amount of snark from me because it exempts UK Parliament’s websites from the Online Safety Act. The UK Parliament’s petition website clearly would otherwise meet the threshold of a user-to-user service with UK targeting, and UK users in the millions. Sauce for the goose? Natch.

Anywho…

Conclusion

Going back through these tests, I don’t believe DAC is in scope of the Online Safety Act mainly because I don’t believe it meets the thresholds established as “links to the United Kingdom”. It feels weird to phrase it this way, but…

  1. DAC isn’t designed for UK users (it isn’t designed beyond being a Mastodon instance);
  2. DAC isn’t promoted or marketed to UK users (it’s not promoted or marketed at all);
  3. DAC doesn’t generate revenue from UK users (I fund it out of my own pocket);
  4. DAC doesn’t have content tailored to UK users (it’s a social network for my friends and family);
  5. DAC doesn’t have a UK domain (it’s a vanity domain outside the country TLDs); and
  6. DAC doesn’t have a significant number of UK users (it has 10 users and I suspect significant is in the order of hundreds of thousands).

If Ofcom comes knocking, I’ll engage in good faith with them. Especially since I still plan on doing the Extra-Illegal Content/Harms risk assessments they require; however I won’t be killing my service because of the Online Safety Act.

I’m not going to be complacent about this, but I’m not going to worry about it either.

Ofcom, if you’re reading this and want to get in touch, find all the details to contact me at Data Are Cool: about page.