We want Britain to be the world’s most advanced digital society. But that won’t happen unless the digital world is a world of trust.

So: How do we create online spaces where citizens feel safe, especially children?  And how do we build online trust through strong data protection and proper content regulation?

A digital Britain can create more new businesses and new, better paid jobs; it can be a place where we bring people closer together; and enable them to lead better, more fulfilled lives.

But there are risks.  An unsafe internet leaves people – especially children – vulnerable to new forms of crime and new forms of abuse. Failing to provide the right environment for the digital economy to thrive leaves Britain’s economy at risk of being left behind.

That means creating effective data protection and proper content regulation. So what needs to change?

Where we want to be

We need to put trust at the heart of a new data protection system. The new General Data Protection Regulation (GDPR) is a good first step but we need to go further.  So we would like views on how to do that.  For instance:

  1. Creating a new ‘Bill of Digital Rights’ that sets out clearly legally-enforceable rights for people and corresponding obligations for those using their data.
  2. A stronger enforcement framework that provides for collective redress and representative action, making it easier for people to enforce their rights whilst maintaining their anonymity.
  3. A public body to help regulate this area that is transparent, empowered, well-resourced – and capable of helping keep reform of regulation up to speed with technology changes.

Some say we do not need more regulation; they argue the market will adjust to meet the demands of their users. We disagree. A recent survey by Edelman UK has found:

  • 64 per cent of the public worry that social media is not regulated enough;
  • 69 per cent agree that social media companies do not do enough to tackle bullying on their platforms; and
  • 70 per cent agree that there is insufficient action to stop illegal and unethical behaviour.

Where we are today

1. Trust in the online world is weak

Cybercrime is rising.  Action Fraud says that 70 per cent of all fraud is now cyber-enabled.  More and more people are being affected by data breaches, with companies failing to safeguard their information so that it risks falling into the hands of criminals.

Public services like the NHS, which hold vast quantities of highly sensitive personal data, have been hit by malware, raising concerns about the UK's resilience.  The National Audit Office says the NHS and the Department of Health must “get their act together” or suffer “far worse” than the chaos of 2017.

The recent Edelman UK survey shows that less than a quarter of the UK population trusts social media – compare that to the 61 per cent who trust traditional media. The rise of ‘fake news’ and its unknown influence has raised concerns about online bullying and the spread of extremist propaganda – 53 per cent of Brits worry about being exposed to it online. 

Children represent one in five of all internet users in the UK and one in three in the world as whole – they are not a small or marginal group of internet users. Countless reports warn of the negative impacts of social media on them; the NSPCC cites social media as a major cause of the increase in children being admitted to hospital after self-harming.

Even those in the tech industry do not have trust in their colleagues: Apple CEO Tim Cook has said that he does not want his nephew on social media and former Facebook Vice-President Chamath Palihapitiya has said, “God knows what it’s doing to our children’s brains.”

2. Children are at a huge disadvantage

In the past, too many companies would say that they did not know and could not know the age of their users.  Because there was no legal obligation to age verify users, children across the UK and millions across the world use online services that were never designed or intended for them. 

The Information Commissioner now urges the adoption of a cautious approach to data that might belong to children, including implementing up-front age verification systems. This is welcome as it means those who collect and use data can no longer plead ignorance as an excuse.

Children – and their parents – do not have a proper choice of what content is available and what data is collected when children are online. Currently, it is an all-or-nothing situation for children: they can have access to the internet and to social media with minimal control over content and data, or strong control over both but which often means all content, whether it is appropriate or not, being blocked. 

3. The Government is reluctant to act

The Government appears to recognise some of these concerns – the Prime Minister has spoken of the “additional concerns and challenges” posed to young people by the internet – but its actions have fallen short.

The Government’s proposed ‘Digital Charter’ is a good idea but it will only be voluntary.

The Data Protection Bill is now before Parliament.  It will be an essential part of any internet safety regime. However, the Bill is another example of the piecemeal, ad hoc way in which internet regulation evolves. We think it is time to go back to first principles.

Thoughts for the future


1. A ‘Bill of Digital Rights’

A ‘Digital Charter’ could offer progress but it does not and will not offer citizens meaningful and enforceable rights.

A ‘Bill of Digital Rights’ would be much more ambitious. It would offer a statutory code of enforceable rights – not mere vagaries. The Bill could include rights like the right of the individual to access all their data held or controlled by organisations and technologies but ultimately it would aim to empower people and offer each proper control of their data.

Children must be put at the heart of any internet safety regime. The Data Protection Bill has been criticised precisely because it fails to include the special interests of children.  Children must have a status.

Rights specific to children have already been proposed, most notably by 5Rights. These are:

  1. The Right to Remove – children should be able to remove content they have uploaded themselves
  2. The Right to Know – children should be able to learn easily who and what and why and for what purposes, their data is being exchanged
  3. The Right to Safety and Support – much of what upsets young people online is not illegal and support is sparse, fragmented and largely invisible to those children and young people when they need it most
  4. The Right to Informed and Conscious Use – it is undemocratic that young people are looped in to technology that is deliberately designed to keep them attached, based on the same principles as casino slot machines
  5. The Right to Digital Literacy – understanding the purposes of the technology that children use

Children’s data requires a higher level of protection because they are not mature enough to make (some) decisions in the same way as adults but also because of the distinction between different ages and their capacity; different age limits could be applied depending on the service being accessed or action being done online.

2. Better, more effective regulators

We also need to be ambitious for the institutions that enforce new rights. The Information Commissioner’s Office is the existing enforcement agency but it is not properly resourced.

Proposed new institutions, like the Centre for Data Ethics and Innovation, risk the same flaws. From what little we know about the Centre, it would lack any power to compel answers to reasonable questions, would have a budget of less than £10 million and would have an unknown membership with an unknown remit.

These proposals risk creating something that fails to inspire faith or trust. Any public body tasked with leading reform needs to be empowered, well-resourced and transparent.  Only then can it get down to the task of helping to build digital trust.

3. Conclusion 

Data is the lifeblood of today’s economy. 

The Data Protection Bill offers the perfect opportunity to consider how we want internet regulation to evolve and, more broadly, what sort of society we want to live in. If we get data protection and content regulation right, the UK could create an internet safety regime that becomes the envy of the world.