The UK duty of care for online harms: Does the model fit?

The UK duty of care for online harms: Does the model fit?Owen BennettFollow6 min read·Aug 15, 2019 --

Listen

Share

In my last blogpost I sought to unpack the content of the UK government’s proposed duty of care for online harms, with a focus on the scope of online companies covered, the types of speech

and activity implicated, and the role of the proposed sectoral regulator. Evidently, each of these pillars of the proposal is worthy of further scrutiny, particularly with respect to their

impact on fundamental rights and the existing regulatory paradigm for online content.

Yet before we embark on that substantive assessment, it is first worth exploring how well the UK government’s proposal maps onto traditional understandings of duty of care in the common law

tradition. Is the extension of a duty of care to ‘online harms’ a legitimate move on the part of the UK’s executive branch? The objective of this post is to answer that question.

Facebook the theme park; Twitter the bar

As I lamented last time around, the UK government’s Online Harms white paper is unfortunately lacking in a substantive rationale for why the duty of care model is the best candidate for the

next generation of online content regulation laws. Thankfully, as they did with explaining how the duty of care model would practically work online, William Perrin and Lorna Woods provide an

argument for why it could work online, by referencing ‘offline’ analogies.

In their testimony to the UK Parliament, Perrin and Woods argue inter alia that social media services should be understood as ‘quasi-public spaces’, similar in nature to an office, bar, or

theme park. In the ‘offline world’ operators of public spaces are regulated by duties of care to their ‘users’, and in the interest of regulatory consistency a similar regime should apply to

‘public spaces’ where they exist online. As such, that the duty of care model is considered to be the optimum approach to regulating ‘offline’ public spaces is reason to apply the model to

these ‘online’ counterparts too.

The annals of internet law and policy are riddled with arguments from analogy. As policymakers and lawyers have attempted over the years to mould emerging internet issues into more familiar

conceptual frameworks, the internet’s apparent likeness to the public square, the bookshop, and the newspaper (amongst other stalwarts of the analogue era) have been invoked to advance an

argument for regulating online content in this or that way. Yet, the experience of 25 years of internet lawmaking and jurisprudence should make us wary of regulating by analogy. Indeed, to

do justice to the unique technical architecture of the internet and the role it plays in economic and social life, a more thorough self-standing policy rationale is required for advancing

any regulatory model. In my mind, there are two crucial reasons that undermine any such self-standing policy rationale for the duty of care model.

An empty analogy?

Firstly, we must acknowledge serious doubts as to whether, at the conceptual level, a duty of care is properly applicable to the internet intermediaries and ‘online harms’. For while one

could argue at length about the intricacies of the tort of negligence, there is basic agreement in the literature that duties of care are outcome-orientated — compliance with a duty (or lack

thereof) is assessed through the metric of harm or injury arising to individuals to whom the duty is owed. However, in the context of the internet sector this is not an appropriate metric.

The nature of online services and the harms that arise through them are radically distinct from the ‘offline spaces’ that are traditionally subject to a duty of care. Indeed, to demand that

the operator of an internet intermediary service ‘protect’ its users from ‘harm’ in the traditional negligence sense is an impossible task, lest the internet architecture be radically

altered and fundamental rights protections be radically diminished. Indeed, the risk of some content-related harms is an inherent trade off in the provision and consumption of UGC services,

and the best we can aim at as a policy objective is to sufficiently minimise them. Interestingly, it appears that the UK government is implicitly conscious of this problem, in that its white

paper focuses extensively on the measures duty-bound intermediaries should undertake, rather than the typical outcome-oriented objective of a duty of care (effectively, to protect all users

from all harm). It raises the question then as to why the UK government chose the duty of care approach to begin with, and not a dedicated procedural accountability framework.

Secondly, we are fortunate to be able to draw upon a useful heuristic for assessing the existence — actual or normative — of a duty of care, namely the three-step test established by the UK

House of Lords in Caparo Industries PLC v Dickman. In Caparo, the court established that for a duty of care to exist: 1) harm must be reasonably foreseeable as a result of the defendant’s

conduct; 2) the parties must be in a relationship of proximity; and 3) it must be fair, just, and reasonable to impose a liability. While the Caparo test has been superseded in some respects

by subsequent court rulings, it remains a crucial touchstone for assessing the suitability of the duty of care approach, and for interrogating arguments from analogy used to advocate for an

extension of the model to new domains.

In my view, the proposed duty of care would, at a minimum, fail the second Caparo test. This arises from the fact that a crucial feature of the so-called ‘online harms’ is the fact that they

typically arise as a result of what users say (or in the case of ‘activities’, do) to one another. Unlike the situation for ‘offline’ spaces subject to a duty of care, it is rarely the case

that the operator’s act or omission is the direct cause of harm accruing to a user — harm is almost always grounded in another user’s actions. In that context, it is difficult to see how an

online intermediary could be said to hold a relationship of sufficient proximity with the affected party, at least if we wish to maintain some consistency with how proximity is understood

in the body of negligence statute and case law. To turn the analogy on its head, it would be highly unusual for a court to consider a theme park operator to have a duty of care to protect

its patrons from insulting each other in the roller-coaster queue.

In my view, to be confident that internet intermediaries meet the proximity test we would be obliged to ascribe to the view that the online intermediary heavily contributes to and compounds

the arising harm through its actions and omissions. For me, this is simply too divorced from how the overwhelming majority of online intermediary services actually function. After all, there

is a reason why the law purposely limits their liability and refrains from defining them as publishers of third party content. While I am nonetheless sympathetic to the argument that

certain content recommendation engines satisfy the second Caparo test on the basis of their aggressive micro-targeting and algorithmic curation, the scope of the government proposal is far

broader than simply content recommendation engines, and so should be critiqued as such. Moreover, even if one accepts that content recommendation engines satisfy the Caparo tests, there are

still compelling reasons why a duty of care is not the appropriate policy instrument to achieve the regulator’s aims with respect to those services (an issue that I will take up in later

posts).

Looking forward

Ultimately then, I believe the theoretical conditions for establishing a duty of care for online intermediaries vis-à-vis their users is not met. To do so would twist the law of negligence

in a wholly new direction; an extremely risky endeavour given the context and precedent-dependent nature of negligence and the fact that the ‘harms’ under consideration are so qualitatively

different than those subject to ‘traditional’ duties. Yet, since it is likely that the UK government will nonetheless proceed with a statutory duty of care, it is prudent to explore how the

model would intersect with, and potentially undermine, individuals’ rights and the existing regulatory paradigm.

With that in mind, my next post will advance a rights-based critique of the duty of care model, in view of the jurisprudence around the EU Court of Justice and the European Court of Human

Rights.