Data Are Cool: Disseminating My Online Safety Act Compliance

The Online Safety Act is a piece of work, and not a good one either. Ofcom is not an excellent or communicative regulator. Because they are responsible for both setting the rules and components of enforcement they won’t provide advice which would prejudice their future enforcement. That said, there is a quick test to see whether a given website is in scope of the Online Safety Act:

1. Does the service have links with the United Kingdom?
2. Is the service a user-to-user-service?
3. Do you provide a search service?
4. Does your online service publish or display pornographic content?
5. Do any of the enumerated exemptions apply?

I’m going to cover these in turn, but the tl;dr is that I don’t believe Data Are Cool (DAC) is in scope of the Online Safety Act.

Does the service have links with the United Kingdom?

There are two components to this test, first is whether UK users are a target market, and second is whether the service has a significant number of UK users. If you hit either one of them you’re in scope of the Online Safety Act.

The UK as a target market test

From the first page of Ofcom’s Check if the regulations apply to your online service form has the following bullets which helps make a determination for whether the UK is a target market:

Your online service is likely to have links with the United Kingdom if:

• Is designed for UK users;
• Is promoted or marketed toward UK users;
• Generates revenue from UK users either:
  • directly (e.g. via subscriptions or sales); or
  • indirectly (e.g. through advertising to UK users, including people or organizations);
• Includes functionalities or content that is tailored for UK users; or
• Has a UK domain or provides a UK contact address and/or telephone contact number.

I don’t believe DAC is designed for UK users, it is not promoted or marketed, it generates no revenue, none of its content is tailored to UK users, and it doesn’t have a UK domain. It’s user base are my friends and family. There is no sign up capabilities.

The significant number of UK users test

The second component of this test is whether there are a significant number of UK users. Ofcom flat out refuse to define even by orders of mangitude what a significant number of UK users is.

Candidly, DAC has 10 user accounts. I would reckon a significant number of UK users is well in the thousands, if not hundreds of thousands.

UK links conclusion?

Ironically as I read this, DAC doesn’t demonstrate “links with the United Kingdom”. It neither has links to the United Kingdom, nor has a significant number of UK users. Using the Regulation Checker form, the answer immediately becomes “No, the Online Safety Act is not likely to apply to your online service.” This is a good start, but let’s check the remaining tabs anyways.

Is the service a user-to-user-service?

Ofcom defines a user-to-user service as “an online service that allows its users to interact with each other.”

DAC does this. It’s a social network. It’s a user-to-user service. Moving on.

Do you provide a search service?

Ofcom defines a search service as “online service which is, or includes, a search engine. A search engine is a feature which enables users to search more than one website and/or database.”

The nature of Mastodon/Fediverse is that it is a search service. It’s a federated social network. It’s a search service; but also one that requires people to log in to search the Fediverse.

Does your online service publish or display pornographic content?

DAC does not have any alts (aka pornographic focused accounts) on the service; however some of DAC’s adult users have subscribed to the feeds of users elsewhere in the Fediverse who do post pornographic content. So we don’t publish it, but we do display it to logged-in users.

Exemptions?

DAC isn’t exempt from the Online Safety Act in the form of their carve outs. Though there’s a small amount of snark from me because it exempts UK Parliament’s websites from the Online Safety Act. The UK Parliament’s petition website clearly would otherwise meet the threshold of a user-to-user service with UK targeting, and UK users in the millions. Sauce for the goose? Natch.

Anywho…

Conclusion

Going back through these tests, I don’t believe DAC is in scope of the Online Safety Act mainly because I don’t believe it meets the thresholds established as “links to the United Kingdom”. It feels weird to phrase it this way, but…

1. DAC isn’t designed for UK users (it isn’t designed beyond being a Mastodon instance);
2. DAC isn’t promoted or marketed to UK users (it’s not promoted or marketed at all);
3. DAC doesn’t generate revenue from UK users (I fund it out of my own pocket);
4. DAC doesn’t have content tailored to UK users (it’s a social network for my friends and family);
5. DAC doesn’t have a UK domain (it’s a vanity domain outside the country TLDs); and
6. DAC doesn’t have a significant number of UK users (it has 10 users and I suspect significant is in the order of hundreds of thousands).

If Ofcom comes knocking, I’ll engage in good faith with them. Especially since I still plan on doing the Extra-Illegal Content/Harms risk assessments they require; however I won’t be killing my service because of the Online Safety Act.

I’m not going to be complacent about this, but I’m not going to worry about it either.

Ofcom, if you’re reading this and want to get in touch, find all the details to contact me at Data Are Cool: about page.