Big Tech falls short on child protection claims

The Commissioner fined X (formerly Twitter) AUD $610,500. In addition, the Commissioner is threatening X with retrospective fines of $780,000 daily if it continues to fail to respond to the Commissioner’s reporting notice which it received in February this year.

X is not the only social platform in the firing line with several other platforms receiving a similar notice last February. 

Under section 56(2) of the Online Safety Act 2021 (the Act) the Commissioner has broad information gathering powers and can issue non-periodic reporting notices to compel a social media or electronic service provider to report on its compliance with the Online Safety (Basic Online Safety Expectations) Determination 2022 within 30 days.

Stemming from concerns that X had dismissed many of its content moderation staff^[1] The Commissioner’s notice contained 8 core questions requiring responses from X including:

• The extent X is deploying technology tools to identify child sexual exploitation and abuse content;
• Steps taken to prevent and detect the grooming and sexual extortion of children;
• Steps taken to prevent services that allow users to remain anonymous being used for child sexual exploitation and abuse;
• Steps taken to prevent banned or suspended users from creating new accounts (recidivism); and
• Availability of mechanisms for users to report child sexual exploitation and abuse material or activity.

The Commissioner found that X failed had failed to comply with its reporting obligations by refusing to respond to certain questions and providing inaccurate or incomplete answers, including in relation to the number of staff devoted to managing child sexual exploitation material, moderation and safety and the measures it employs to test and update its systems to improve the safety of its service.

X now has 28 days to pay or challenge the fine or risk further daily retrospective fines of up to $780,000.

The Commissioner was also critical of other platform’s responses to the reporting notice citing its failure to answer several questions sufficiently, providing only generic answers where specific information was sought.

Broadly the Commissioner found that each company issued with a notice in February had fallen short of their commitment to detect and address online child exploitation and abuse material. In comments to the media Commissioner Iman Grant said:

“…Companies that should have much more sophisticated and mature systems and resources didn’t seem willing or able to be able to provide that information that had been provided by other companies… Or in the case of Twitter, to leave things totally blank, to obfuscate [from providing] inaccurate information.”

So, what does this mean for service providers moving forward? These early notices are part of the Commission’s broader approach to monitoring compliance with the Basic Online Safety Expectations, moving forward the regulator has indicated that it will:

• Expand the use of non-periodic notices (like those issued to X);
• Issue the first periodic reporting notices to place ongoing reporting obligations on providers and enable the Commissioner to track key safety issues and progress (or lack of) against them; and
• The issuance of compliance and non-compliance statements in relation to the Basic Online Safety Expectations.