Safety by Design: bold & necessary steps to ensure user safety online

Safety by design 

 

Protecting and safeguarding citizens online is a global concern. The duty of keeping people safer online belongs not just to the regulators and educators — it belongs to all of us.

The eSafety Commissioner (eSafety) in Australia is the world’s only online safety regulator solely dedicated to leading and coordinating online safety efforts nationally, and to helping keep its citizens safer online. While we’ve been established for almost 4 years, other countries are following suit, with the Irish government planning to establish a digital safety commissioner based on our model and the UK Government indicating they are establishing an independent regulator to enforce a statutory duty of care on online services.

Another common movement in online safety that is gaining momentum globally, is Safety by Design.  eSafety is the global leader in SbD, with our initiative well underway. In 2018, we conducted a detailed consultation process with industry, trade bodies and organisations with responsibility for safeguarding users, as well as parents, carers and young people. The broad aim was to ensure that all aspects of user safety are considered in a meaningful and practical way.

This week the UK Government launched an Online Harms White Paper that included the development of a safety by design framework and support for innovation in safety technologies. eSafety will share our SbD Framework with the UK Government and other international partners in order to help develop a shared and consistent global pathway — so that together we can take greater strides to secure a safer online environment for all.  The Internet is global — therefore initiatives like SbD need to be global in application too.

As someone who spent 22 years in the high technology industry, and one who advocated for significant change from within these companies, I came to believe that the only way we could drive real online safety change was for these companies to build their services with safety considerations at the core of their design — baked in rather than bolted on.  I was at Microsoft in 2002 when Bill Gates launched the company’s Trustworthy Computing (TWC) Initiative, which saw the vast majority of Microsoft’s engineers pulled off other products and services to focus on weeding out the security vulnerabilities by re-coding millions of lines of Windows code.  Just think of how much safer and less toxic today’s social media and video hosting platforms might be if they took similarly bold moves with safety in mind?

Now, as eSafety Commissioner, I fervently believe that online services themselves play an incredibly important role in shaping online environments and enhancing user safety — and are now, more than ever, key players in the quest for a safer environment online.  That is why eSafety has been working to drive change in conjunction with the social media, technology, start-up and gaming industries.  And, we know meaningful change cannot be rushed.  Our SbD initiative recognises the need for all service providers to place user safety at the forefront of their development process, embedding it from the start, rather than retro-fitting protection safeguards after online harm emerges. We also recognise that different companies at different levels of maturity will have different interventions they may need to employ.

eSafety recognises the need to raise standards of user safety within the technology community and to encourage its consistent implementation. In order to create stronger, healthier and more positive communities online, developers, engineers and online service providers need to make user safety a core business objective. They are the change agents, and we see SbD as the catalyst for this change to occur.  The era of self-regulation is over, but change will not occur through legislation alone. Meaningful change will require us to work collaboratively and constructively, acknowledging that real change requires a pivot in approaches. The time for safety by design is now.

 

 

eSafety’s SbD consultation highlights

We received overwhelmingly positive affirmation about the importance of user safety and ensuring it is addressed adequately online, from all those consulted. The fact that the SbD principles are underpinned by international human rights standards, and set within an ethical framework, was considered both critical and one of the initiative’s core strengths. The feedback also clearly supported the need to address risks and harms upfront.

Specific category highlights include:

Industry

Industry representatives indicated that the SbD Framework was much-needed, particularly for smaller-sized ventures and start-ups. They felt that a tangible SbD Framework was useful in driving user safety considerations up the business agenda, giving them greater prominence and weight. Stakeholders could see that companies which embed a more value-centred and ethical approach to their products would stand the test of time.

Parents

Parents and carers were united in their view on the importance of online safety, and believed that more needs to be done by industry to safeguard and protect children and young people online. More than 46% of parents either agreed or strongly agreed that companies need to build safety features into their products and services, compared with 22% who thought that enough was being done. Parents were consistent in their ranking of ‘ensuring the highest privacy settings are in place by default’ as the top safety feature for technology companies to incorporate online.

Young people

Young people felt strongly that user safety is a shared responsibility, and while the onus is on industry to protect its users, they noted that end-users also have a significant role to play. Most importantly however, young people stated they want greater control over the platforms and services they use, and more transparency. They want to be made more aware of safety features that exist or are being developed. They want to manage their own safety more confidently. Ultimately, they want to be able to place their trust in industry.

SbD Principles and Framework

The input from this consultation process was used to create the SbD Principles — a model template and benchmark for online and digital interactive services. The Principles offer a universal and consistent set of realistic, actionable and achievable measures to better protect and safeguard citizens online.

Three overarching principles were highlighted through the consultation. These are:

  1. Service provider responsibilities
    The burden of safety should never fall solely upon the end-user. Platforms and services can take preventative steps to help ensure that known and anticipated harms have been evaluated in the design and provision of an online service, along with steps to make services less likely to facilitate, inflame or encourage illegal and inappropriate behaviours.

  2. User empowerment and autonomy
    The dignity of users online, and their best interests, are of central importance. Human agency and autonomy should be supported, amplified and strengthened in service design. It should allow users greater control, governance and regulation of their own experiences, particularly at times when their safety is, or is at risk of, being compromised.

  3. Transparency and accountability
    Transparency and accountability are the hallmarks of a robust approach to safety, providing users with assurance that the online services they use are operating according to their published safety objectives. It also assures users that the services are working to educate and empower them about steps they can take to address safety concerns.

Each of these overarching principles was drawn out to cover more specific sub-principles, with good practice notes added to each to clarify and assist services with implementation. All were refined with the support and feedback of service providers and industry.

In addition to creating SbD Principles, eSafety plans a SbD Framework — a broad program of resources and support which will help to guide organisations as they embed the rights and safety of users into the design and functionality of products and services. The framework, and all resources, have SbD Principles at their core.

 

Next steps

With the core SbD Principles established, we are now looking forward to the next stage of the program: creating the Framework of resources and working with industry to ensure user safety is embedded into the design, function and content of services. eSafety has received broad support for the Principles and Framework, a commitment from some of the major platforms to sign up to the initiative, and enthusiastic responses from a wide range of industry members. We are excited to begin developing the guidance and resources that will assist industry in adopting SbD. A number of key organisations are actively engaged and willing to embrace the SbD Principles, and have committed to collaborating with eSafety on our next steps. We look forward to sharing the Principles and Framework more widely when our Safety by Design Paper is published, in coming months.  

Online safety is a journey. We see Safety by Design as a clear path, paving the way toward stronger and more positive online communities.

 

For more about the Safety by Design initiative, please read:

Leading the way with Safety by Design

Safety by Design—embedding protection for users at the design stage


Sign up for eSafety News

Stay up to date with online
issues, new resources, events, and the latest research.