A Safety-By-Design Code of Practice

We've partnered with the Online Safety Act Network, 5Rights Foundation, the End Violence Against Women Coalition, FlippGen, Internet Watch Foundation, Molly Rose Foundation, the NSPCC and Refuge, with expert input from Professor Lorna Woods OBE, to publish a draft code of practice on safety-by-design. 

In it, we detail what could be put into practice by Ofcom and what expectations it should set for tech platforms under the Online Safety Act. The Code is supported by over 30 more organisations, campaigners and experts.

We’ve drafted this Code in the spirit of one of the Online Safety Act’s main purposes: to ‘secure that services regulated by this Act are safe by design’ (1). But to date, what safety-by-design looks like in practice is being determined by the same tech companies who have consistently made decisions that increase the risk of harms their users face (2). 

When platforms have attempted to implement safety-by-design, they’ve focused too much on ex post measures, rather than genuinely building in safety across the whole of the product lifecycle. 

And Ofcom’s own expectations fall short: we recently argued in our response to Ofcom’s VAWG Guidance that the Guidance does not go far enough to secure safety-by-design. And so, since there is not enough direction from the Government or from Ofcom, we’ve drafted our own Code of Practice. It aims to provide an overview of safety by design set within the framework of the Online Safety Act and Ofcom’s existing codes and guidance. It takes a more ambitious approach than Ofcom has: but could be adopted swiftly by Ofcom, and Parliament could move to mandate that Ofcom have such a code in place. 

What is safety-by-design?

At its core, the principle of ‘safety-by-design’ is that safety considerations should be incorporated into the design of the product, rather than bolted on afterwards. 

Consider the ‘Walkie Talkie’ skyscraper in London, designed with an aesthetically pleasing concave shape, which reflected the sun’s rays to dangerously hot levels, melting car parts and damaging shops. This safety problem had to be remedied by adding a sunshade onto the building (3) – the need for which could have been avoided by designing (4) the shape of the building in a way that wouldn’t have given rise to these risks in the first place. 

So at the highest level, safety-by-design seems fairly intuitive to understand – designing things with safety in mind to minimise risks. But in practice, ‘safety’ can mean very different things to different people: safety of whom, and safety from what? Without clear definitions and expectations, the term can easily be co-opted by tech platforms to describe whatever measures they decide they want to take. 

In the Code, we set out that for a product or service to be safe-by-design, it should be designed in accordance with design justice principles (5), and ensure the ongoing protection of human rights. There are always going to have to be balancing decisions made - protecting one group from certain harms may increase the risks to another group. But design justice gives us a framework for considering how to apportion risks and benefits that emerge from design. To avoid reproducing the ‘matrix of domination’, systems should design to minimise the risks to marginalised or vulnerable communities (who already face the greatest risks) (6). And design justice means the active involvement of and co-design with people who have experience of being harmed by the systems in question – not merely tokenistic attempts at consultation. 

A challenge of demanding safety-by-design when it comes to social media platforms is that these platforms, much like the Walkie Talkie, are already built. There is thus going to be an inherent tendency to ‘add on’ safety measures, tweak things round the edges with improved reporting systems or new ways to monitor content – and for industry to lobby for that to be sufficient for them to meet their ‘safety-by-design’ obligations. 

But If a platform’s fundamental architecture is such that it poses ongoing and serious risks to the safety and rights of UK users, should it be allowed access to the market? If the way a platform is able to keep increasing its revenues carries profound safety risks, should this continue? Are we going to accept the modus operandi, whereby serving technological innovation requires releasing products which immediately put Black women in greater danger of violence? If a Big Tech company tells us that being safe-by-design and implementing design justice principles is too hard, too expensive, not profitable enough: are we going to water down our expectations as a result? 

These are politically hard questions for the regulator to ask: but they should be asking – and answering – them. 

Read the code of practice here.

Endnotes

1. Introduction, Online Safety Act, https://www.legislation.gov.uk/ukpga/2023/50 

2. https://www.bbc.co.uk/news/articles/cqj9kgxqjwjo

3. https://www.bbc.co.uk/news/uk-england-london-27425560 

4. https://www.channel4.com/news/walkie-talkie-melt-car-london-skyscraper-building 

5. https://designjustice.mitpress.mit.edu/ 

6. https://glitchcharity.co.uk/blog/illegal-content